[Discuss] Ubuntu forums hacked; 1.82M logins, email addresses stolen

Kent Borg kentborg at borg.org
Tue Jul 23 12:54:50 EDT 2013 

On 07/23/2013 12:08 PM, Greg Rundlett (freephile) wrote:
> Yep.  A quick search through my KeePassX database and my login for 
> Ubuntu forums was cryptographically strong, and (for me) unique to 
> that website.  *Every* login I have is unique.  I have a simple tool 
> (KeePassX) to mind them all.  And I have Dropbox to share the 
> (encrypted) database, and I have KeePassDroid to use the database on 
> the road.

Crazy, to think there are a few such fellow freaks in the world.

But, to quote Edward Snowden: "endpoint security is so terrifically weak".

Running a computer so as to not be the weak link is hard (ranging to 
impossible if on MS Windows). I hope I am doing a decent job, and I hope 
Linux is pretty secure--and obscure enough to not be a juicy target.

As for my portable access to passwords...phones are *the* hot target 
these days...so I have a dedicated Android phone that I have never let 
connect to the internet, nor have I let it see a SIM. I have it loaded 
with, I think only 3 apps, just enough to do encrypted passwords, let me 
sync with my Linux computer, and set the clock from GPS. And nothing more.


-kb



P.S. A few minutes ago I saw an NTSB photo of the Southwest 345 voice 
recorder being examined in DC, and I was so dismayed to see a big MS 
Windows display behind it. It is to be expected, but still sad to be 
confronted with it.

P.P.S.  I hope Snowden is not decrypting any of his data while on the 
run. Once he was in the sights of the Chinese and Russians, maintaining 
"endpoint security" on the laptops he has with him becomes extremely 
damn difficult.  I am intrigued that he has 4 (?) laptops with him.  I 
am thinking that there might be some cooperation practices that could be 
followed on multiple computers to thwart most surreptitious bugging of 
his hardware.  Providing the foe doesn't know what these procedures are 
and can't simply record everything...if Snowden can work in private, on 
a lot of data, and also limit the amount of data that leaks through any 
surreptitious bugging, he could make life much more difficult for 
snoops.  But still, endpoint security is hard.  I hope he knows how hard.

More information about the Discuss mailing list