Overclock.net › Forums › Industry News › Software News › [Neowin] Mozilla inadvertently leaks 44,000 users' passwords
New Posts  All Forums:Forum Nav:

[Neowin] Mozilla inadvertently leaks 44,000 users' passwords - Page 4

post #31 of 45
I did the same thing for years. One password for sensitive things, another general-use pass for almost everything else. Both were 12 digits and a combination of numbers and letters.

While that way is better than what many people do, it still doesn't compare to every site having a totally randomized combo of upper and lowercase letters, numbers, and special characters. Not only is it more secure, but one-click log in is sweet.
Edited by Kaldari - 12/30/10 at 8:40pm
Bueller
(15 items)
 
  
CPUMotherboardGraphicsRAM
i7 3770K 4.7Ghz @ 1.36v Asus Sabertooth Z77 Gigabyte Windforce 780 Ti 3GB 16GB Corsair Vengeance 1866 9-10-9-27 
Hard DriveOptical DriveCoolingOS
256GB Samsung 840 Pro + RAID1 2TB 7200 Hitachis LG 6X Blu-ray Burner Corsair H100i Windows 7 x64 
MonitorKeyboardPowerCase
Asus VG236HE XArmor U9BL-S Enermax Galaxy Evo 1250W Corsair 600T 
MouseMouse PadAudio
Logitech G500 SteelSeries 5L O2DAC -> Corsair SP2500 (or O2 amp and Beyerdyn... 
  hide details  
Reply
Bueller
(15 items)
 
  
CPUMotherboardGraphicsRAM
i7 3770K 4.7Ghz @ 1.36v Asus Sabertooth Z77 Gigabyte Windforce 780 Ti 3GB 16GB Corsair Vengeance 1866 9-10-9-27 
Hard DriveOptical DriveCoolingOS
256GB Samsung 840 Pro + RAID1 2TB 7200 Hitachis LG 6X Blu-ray Burner Corsair H100i Windows 7 x64 
MonitorKeyboardPowerCase
Asus VG236HE XArmor U9BL-S Enermax Galaxy Evo 1250W Corsair 600T 
MouseMouse PadAudio
Logitech G500 SteelSeries 5L O2DAC -> Corsair SP2500 (or O2 amp and Beyerdyn... 
  hide details  
Reply
post #32 of 45
Quote:
Originally Posted by Kaldari View Post
I did the same thing for years. One password for sensitive things, another general-use pass for almost everything else. Both were 12 digits and a combination of numbers and letters.

While that way is better than what many people do, it still doesn't compare to every site having a totally randomized combo of upper and lowercase letters, numbers, and special characters. Not only is it more secure, but one-click log in is sweet.
I love your avatar. I'll check out RoboForm. I use 1Password personally and don't even know the password to most of my user accounts anymore. God forbid I lost access to 1Password or someone figured out the master password that let's them see all the other passwords... There's always a flaw in every system.
Edited by PoopaScoopa - 12/31/10 at 4:53pm
post #33 of 45
Quote:
Originally Posted by blupupher View Post
My point is that some FF users can't seem to acknowledge it has it's problems, just like every other browser.
What on earth does this have to do with browsers?
    
CPUMotherboardGraphicsRAM
i7 920 D0 MSI X58 Pro-E GTX 560 Ti 448 3x2GB G.Skill DDR3-1333 9-9-9-24 
Hard DriveHard DriveOptical DriveOS
840 Pro Caviar Black LG BD-ROM Windows 8.1 Pro x64 
MonitorMonitorKeyboardPower
Dell U2713HM Dell U2311H Turbo-Trak (Google it :D) Corsair HX-520 
CaseMouseMouse PadAudio
CM690 Mionix Avior 7000 Everglide Titan AKG K 242 HD 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
i7 920 D0 MSI X58 Pro-E GTX 560 Ti 448 3x2GB G.Skill DDR3-1333 9-9-9-24 
Hard DriveHard DriveOptical DriveOS
840 Pro Caviar Black LG BD-ROM Windows 8.1 Pro x64 
MonitorMonitorKeyboardPower
Dell U2713HM Dell U2311H Turbo-Trak (Google it :D) Corsair HX-520 
CaseMouseMouse PadAudio
CM690 Mionix Avior 7000 Everglide Titan AKG K 242 HD 
  hide details  
Reply
post #34 of 45
Quote:
Originally Posted by randomizer View Post
What on earth does this have to do with browsers?
This.
Mirage
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 950 EVGA X58 SLI LE MSI HD6870 6GB Mushkin Blackline DDR3 1600 
Hard DriveOptical DriveOSMonitor
OS on a 30GB SSD, Everything else on a 250GB HDD 2x DVD-RW Windows 7 x64 3x21.5" Acer in Eyefinity @5760x1080 
KeyboardPowerCaseMouse
G15 OCZ Fatal1ty Modular 700W HAF932 MX518 
  hide details  
Reply
Mirage
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 950 EVGA X58 SLI LE MSI HD6870 6GB Mushkin Blackline DDR3 1600 
Hard DriveOptical DriveOSMonitor
OS on a 30GB SSD, Everything else on a 250GB HDD 2x DVD-RW Windows 7 x64 3x21.5" Acer in Eyefinity @5760x1080 
KeyboardPowerCaseMouse
G15 OCZ Fatal1ty Modular 700W HAF932 MX518 
  hide details  
Reply
post #35 of 45
This is the email mozilla sent:

Quote:
Dear addons.mozilla.org user,

The purpose of this email is to notify you about a possible disclosure of your information which occurred on December 17th. On this date, we were informed by a 3rd party who discovered a file with individual user records on a public portion of one of our servers. We immediately took the file off the server and investigated all downloads. We have identified all the downloads and with the exception of the 3rd party, who reported this issue, the file has been download by only Mozilla staff. This file was placed on this server by mistake and was a partial representation of the users database from addons.mozilla.org. The file included email addresses, first and last names, and an md5 hash representation of your password. The reason we are disclosing this event is because we have removed your existing password from the addons site and are asking you to reset it by going back to the addons site and clicking forgot password. We are also asking you to change your password on other sites in which you use the same password. Since we have effectively erased your password, you don't need to do anything if you do not want to use your account. It is disabled until you perform the password recovery.

We have identified the process which allowed this file to be posted publicly and have taken steps to prevent this in the future. We are also evaluating other processes to ensure your information is safe and secure.

Should you have any questions, please feel free to contact the infrastructure security team directly at infrasec@mozilla.com. If you are having issues resetting your account, please contact amo-admins@mozilla.org.

We apologize for any inconvenience this has caused.

Chris Lyon
Director of Infrastructure Security
This would be extremely important had a black hat hacker taken the data and began using it for their own nefarious ends, but considering noone actually downloaded the data apart from the white hat hacker, I think it's fair to say that noone should be worried about their data in this instance. Mozilla has a pretty good record in general, and provided nothing like this happens again I'm pretty much ok with it. Mozilla seem to have made the appropriate response, unlike Banking firms
Current PC
(17 items)
 
  
CPUMotherboardGraphicsGraphics
i5 2500k Asus Maximus IV Extreme KFA2 GTX 580 Point of View GTX 580 
RAMHard DriveOptical DriveCooling
Corsair Vengeance LP Crucial M4 Some Samsung Custom Water Cooling 
OSMonitorKeyboardPower
Windows 7 Home Premium 64 bit NEC 30 inch Razer Black Widow Corsair AX850W 
CaseMouseMouse PadAudio
Silverstone TJ07-S Steelseries Xai Razer Destructor Sennheiser HD 800 
Audio
Asus Xonar STX 
  hide details  
Reply
Current PC
(17 items)
 
  
CPUMotherboardGraphicsGraphics
i5 2500k Asus Maximus IV Extreme KFA2 GTX 580 Point of View GTX 580 
RAMHard DriveOptical DriveCooling
Corsair Vengeance LP Crucial M4 Some Samsung Custom Water Cooling 
OSMonitorKeyboardPower
Windows 7 Home Premium 64 bit NEC 30 inch Razer Black Widow Corsair AX850W 
CaseMouseMouse PadAudio
Silverstone TJ07-S Steelseries Xai Razer Destructor Sennheiser HD 800 
Audio
Asus Xonar STX 
  hide details  
Reply
post #36 of 45
This is the most hilarious thread about a subject that almost pissed me off, ever.
post #37 of 45
Quote:
Originally Posted by blackbuilder View Post
well thats not the point, but anyways this is why I use lastpass.
right on!
Bravo One
(15 items)
 
   
CPUMotherboardGraphicsRAM
Intel Core i7 6700k Gigabyte Z170X-UD3 EVGA GTX1070 SC ACX3.0 16GB EVGA DDR4-2400mhz (2x8GB) 
Hard DriveHard DriveHard DriveHard Drive
Samsung 840 Evo 120GB WD 1TB WD 500GB WD 250GB 
CoolingOSMonitorMonitor
Cooler Master Hyper TX3 Windows 10 x64 24" Asus 24" Samsung  
KeyboardPowerCase
OCN/Ducky Mechanical Corsair HX520 Fractal Design Define R5 
CPUMotherboardGraphicsRAM
i5 4200M HP Probook 650 G1 Intel IGP 8GB DDR3 
Hard DriveOptical DriveOSMonitor
500GB DVD/RW Windows 7 Pro 64 bit 15" 
  hide details  
Reply
Bravo One
(15 items)
 
   
CPUMotherboardGraphicsRAM
Intel Core i7 6700k Gigabyte Z170X-UD3 EVGA GTX1070 SC ACX3.0 16GB EVGA DDR4-2400mhz (2x8GB) 
Hard DriveHard DriveHard DriveHard Drive
Samsung 840 Evo 120GB WD 1TB WD 500GB WD 250GB 
CoolingOSMonitorMonitor
Cooler Master Hyper TX3 Windows 10 x64 24" Asus 24" Samsung  
KeyboardPowerCase
OCN/Ducky Mechanical Corsair HX520 Fractal Design Define R5 
CPUMotherboardGraphicsRAM
i5 4200M HP Probook 650 G1 Intel IGP 8GB DDR3 
Hard DriveOptical DriveOSMonitor
500GB DVD/RW Windows 7 Pro 64 bit 15" 
  hide details  
Reply
post #38 of 45
Quote:
Originally Posted by blupupher View Post
Yet if Microsoft had done the exact same thing everyone would be trashing them.
You don't think Microsoft has a higher responsibility to protect their customers' passwords than a non-profit organisation like Mozilla?
post #39 of 45
In before everyone that uses Chrome says something stupid.

Quote:
Originally Posted by blupupher View Post

My point is that some FF users can't seem to acknowledge it has it's problems, just like every other browser.
Ah, too late.
post #40 of 45
<3 SRWare Iron.
Hexa-potens
(0 items)
  
Reply
Hexa-potens
(0 items)
  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [Neowin] Mozilla inadvertently leaks 44,000 users' passwords