nanog mailing list archives
Re: LinkedIn password database compromised
From: Leo Bicknell <bicknell () ufp org>
Date: Wed, 20 Jun 2012 15:52:23 -0700
In a message written on Wed, Jun 20, 2012 at 06:37:50PM -0400, valdis.kletnieks () vt edu wrote:
I have to agree with Leo on this one. Key management *is* hard - especially the part about doing secure key management in a world where Vint Cerf says there's 140M pwned boxes. It's all nice and sugary and GUI-fied and pretty and Joe Sixpack can do it - till his computer becomes part of the 140M and then he's *really* screwed.
I'm glad you agree with me. :) That's no different than today. Today Joe Sixpack keeps all his passwords in his browsers cache. When his computer becomes part of the botnet the bot owner downloads that file, and also starts a keylogger to get more passwords from him. In the world I propose when his computer becomes part of the botnet they will download the private key material, same as before. My proposal neither helps, nor hurts, the problem of Joe Sixpack's machine being broken into is orthoganal and not addressed. It needs to be, but not by what I am proposing. -- Leo Bicknell - bicknell () ufp org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
Attachment:
_bin
Description:
Current thread:
- Re: LinkedIn password database compromised, (continued)
- Re: LinkedIn password database compromised Aaron C. de Bruyn (Jun 20)
- Re: LinkedIn password database compromised Leo Bicknell (Jun 20)
- Re: LinkedIn password database compromised AP NANOG (Jun 21)
- Re: LinkedIn password database compromised Tei (Jun 21)
- Re: LinkedIn password database compromised Jay Ashworth (Jun 21)
- Re: LinkedIn password database compromised Leo Bicknell (Jun 21)
- Re: LinkedIn password database compromised AP NANOG (Jun 21)
- Re: LinkedIn password database compromised Matthew Kaufman (Jun 20)
- Re: LinkedIn password database compromised Jared Mauch (Jun 20)
- Re: LinkedIn password database compromised valdis . kletnieks (Jun 20)
- Re: LinkedIn password database compromised Leo Bicknell (Jun 20)
- Re: LinkedIn password database compromised Randy Bush (Jun 20)
- Re: LinkedIn password database compromised Leo Bicknell (Jun 20)
- Re: LinkedIn password database compromised Randy Bush (Jun 20)
- Re: LinkedIn password database compromised Tei (Jun 21)
- Re: LinkedIn password database compromised Tony Finch (Jun 21)
- Re: LinkedIn password database compromised Rich Kulawiec (Jun 21)
- RE: LinkedIn password database compromised Keith Medcalf (Jun 23)
- Re: LinkedIn password database compromised Michael Thomas (Jun 23)
- Re: LinkedIn password database compromised AP NANOG (Jun 20)
- How to fix authentication (was LinkedIn) Jay Ashworth (Jun 20)