[153499] in North American Network Operators' Group
Re: LinkedIn password database compromised
daemon@ATHENA.MIT.EDU (Owen DeLong)
Thu Jun 7 16:01:11 2012
From: Owen DeLong <owen@delong.com>
In-Reply-To: <5E50AC3B0F1FA9408A82DC0DEB965E4AF02E6E@APMMAIL02.global.nmhg.corp>
Date: Thu, 7 Jun 2012 12:57:48 -0700
To: "Bruch, Mark" <cdmbruch@nmhg.com>
Cc: Nanog <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jun 7, 2012, at 9:29 AM, Bruch, Mark wrote:
> I rarely reply to threads. However the point of interest that is =
missed is "Not supported anymore because Microsoft says so". So =
Microsoft starts putting out systems at one per year and not supporting =
old ones because they "Have you over a barrel"?=20
>=20
> Tell your daughter she can't get married? You haven't bought your new =
operating system this year, and "backward compatible" is a thing of the =
past?
>=20
> Then it is $119.00 per year on top of that (maybe)?=20
>=20
> Let's say Microsoft promised business to the PC building companies and =
decides that an operating system per year is only supported on new =
equipment? The cost to vote could be thousands per year. Only the rich =
can afford to vote?
>=20
> The point is that you have to be careful about where you go with =
technology and who controls it. I am sure there are people who would =
love to see voting as a "can you afford it" right.
Nah... They've obviated the need with superPACs and other mechanisms for =
purchasing the politicians we vote for much more cost effectively than =
purchasing the elections themselves.
Owen
>=20
> -----Original Message-----
> From: Aaron C. de Bruyn [mailto:aaron@heyaaron.com]=20
> Sent: Thursday, June 07, 2012 11:10 AM
> To: Jared Mauch
> Cc: Nanog
> Subject: Re: LinkedIn password database compromised
>=20
> On Thu, Jun 7, 2012 at 8:58 AM, Jared Mauch <jared@puck.nether.net> =
wrote:
>> I'm imagining my mother trying this, or trying to help her change it =
after the hard drive dies and the media in the safe deposit box doesn't =
read anymore.
>=20
> I would think it's fairly simple.
> What if she forgot her existing password? Most sites have a 'reset =
password' link they e-mail you.
> A browser extension 'helper' would simply generate a new key and let =
you reset your password. Maybe the helper could be dumbed down enough =
to automatically handle the password reset screen and automatically POST =
the new key to the reset page.
>=20
> I'm sure it could be done transparently enough that our mothers =
wouldn't need to think twice about it.
>=20
> Heck--the 'helper' could probably even back up your SSH key off-site =
sorta like LastPass does. And if your private key is actually password =
protected, it's slightly less useless if the off-site backup company =
were compromised.
>=20
> The only downfall is how do you get access to your e-mail account?
> (Google already calls my cell and/or home phone if I request access =
without using my password.)
>=20
> I agree there are stumbling blocks, and it wouldn't be perfect--but it =
seems like it would be much better than the alternative we have now.
> People using the same password on multiple sites, passwords written =
down, dumb website operators not salting their hashes, etc...
>=20
> Also, thanks for the great secondary DNS service. ;)
>=20
> -A
>=20
