Re: LinkedIn password database compromised

[Owen DeLong <owen () delong com>]

On Jun 7, 2012, at 9:29 AM, Bruch, Mark wrote:

> I rarely reply to threads. However the point of interest that is missed is "Not supported anymore because Microsoft 
> says so". So Microsoft starts putting out systems at one per year and not supporting old ones because they "Have you 
> over a barrel"? 
>
> Tell your daughter she can't get married? You haven't bought your new operating system this year, and "backward 
> compatible" is a thing of the past?
>
> Then it is $119.00 per year on top of that (maybe)? 
>
> Let's say Microsoft promised business to the PC building companies and decides that an operating system per year is 
> only supported on new equipment? The cost to vote could be thousands per year. Only the rich can afford to vote?
>
> The point is that you have to be careful about where you go with technology and who controls it. I am sure there are 
> people who would love to see voting as a "can you afford it" right.

Nah... They've obviated the need with superPACs and other mechanisms for purchasing the politicians we vote for much 
more cost effectively than purchasing the elections themselves.

Owen

> -----Original Message-----
> From: Aaron C. de Bruyn [mailto:aaron () heyaaron com] 
> Sent: Thursday, June 07, 2012 11:10 AM
> To: Jared Mauch
> Cc: Nanog
> Subject: Re: LinkedIn password database compromised
>
> On Thu, Jun 7, 2012 at 8:58 AM, Jared Mauch <jared () puck nether net> wrote:
> > I'm imagining my mother trying this, or trying to help her change it after the hard drive dies and the media in the 
> > safe deposit box doesn't read anymore.
>
> I would think it's fairly simple.
> What if she forgot her existing password?  Most sites have a 'reset password' link they e-mail you.
> A browser extension 'helper' would simply generate a new key and let you reset your password.  Maybe the helper could 
> be dumbed down enough to automatically handle the password reset screen and automatically POST the new key to the 
> reset page.
>
> I'm sure it could be done transparently enough that our mothers wouldn't need to think twice about it.
>
> Heck--the 'helper' could probably even back up your SSH key off-site sorta like LastPass does.  And if your private 
> key is actually password protected, it's slightly less useless if the off-site backup company were compromised.
>
> The only downfall is how do you get access to your e-mail account?
> (Google already calls my cell and/or home phone if I request access without using my password.)
>
> I agree there are stumbling blocks, and it wouldn't be perfect--but it seems like it would be much better than the 
> alternative we have now.
> People using the same password on multiple sites, passwords written down, dumb website operators not salting their 
> hashes, etc...
>
> Also, thanks for the great secondary DNS service.  ;)
>
> -A