LinkedIn password database compromised

• Previous message (by thread): LinkedIn password database compromised
• Next message (by thread): LinkedIn password database compromised
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In a message written on Wed, Jun 20, 2012 at 06:37:50PM -0400, valdis.kletnieks at vt.edu wrote:
> I have to agree with Leo on this one.  Key management *is* hard - especially
> the part about doing secure key management in a world where Vint Cerf
> says there's 140M pwned boxes.  It's all nice and sugary and GUI-fied and
> pretty and Joe Sixpack can do it - till his computer becomes part of the 140M
> and then he's *really* screwed.

I'm glad you agree with me. :)  

That's no different than today.  Today Joe Sixpack keeps all his
passwords in his browsers cache.  When his computer becomes part of the
botnet the bot owner downloads that file, and also starts a keylogger to
get more passwords from him.

In the world I propose when his computer becomes part of the botnet
they will download the private key material, same as before.

My proposal neither helps, nor hurts, the problem of Joe Sixpack's
machine being broken into is orthoganal and not addressed.  It needs to
be, but not by what I am proposing.

-- 
       Leo Bicknell - bicknell at ufp.org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 826 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20120620/fcda9224/attachment.sig>

• Previous message (by thread): LinkedIn password database compromised
• Next message (by thread): LinkedIn password database compromised
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]