Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
It's funny.  Laugh. Security IT

More than 38,000 People Will Stand in Line this Week To Get a New Password (zdnet.com) 46

A non-standard and somewhat weird password reset operation is currently underway at a German university, where more than 38,000 students and staff were asked this week to stand in line with their ID card and a piece of paper to receive new passwords for their email accounts. From a report: All of this is going on at the Justus Liebig University (JLU) in Gieben, a town north of Frankfurt, Germany. The university suffered a malware infection last week. While the name or the nature of the malware strain was not disclosed, the university's IT staff considered the infection severe enough to take down its entire IT and server infrastructure. The university's network has been down since December 8, and all computers have been isolated and disconnected from each other. For the past days, IT staff have used antivirus scanners loaded on more than 1,200 USB flash drives to scan each JLU computer for malware.
This discussion has been archived. No new comments can be posted.

More than 38,000 People Will Stand in Line this Week To Get a New Password

Comments Filter:
  • Gieben != Giessen (Score:3, Informative)

    by Anonymous Coward on Wednesday December 18, 2019 @04:31PM (#59533852)

    Wish they would spell German cities correctly. That funky symbol is not a "B"...

    • I blame the submitter, but a better question is why ZDNet used "Gießen" in the story. Most Americans aren't accustomed to German typography (and many will assume it's a Greek beta, rather than a ligatured double-S), and "Giessen" is just as understandable to Germans as the original, if not as elegant. Like replacing an umlaut with an "e" after the vowel that's modified by it, it's an adaptation to alphabets that don't properly represent the sound. The long S no longer exists in English, just like the c
      • I was under the impression from my college German classes a decade ago that "ss" was turning into the main form anyway.

        • I was under the impression from my college German classes a decade ago that "ss" was turning into the main form anyway.

          Maybe so in terms of actual use. But as for dictionary form, in 1996 the use of Eszett (the B-looking character) was standardized so that now it follows long vowels and dipthongs, whereas ss follows short vowels. My impression is that prior to this standardization, the use of one or the other had become largely conventional, so you just had to know the right spelling by tradition. The change made the distinction between Eszett and ss more pronounced and useful. But this does also mean that many words that h

  • Let us pretend there is some sort of link to tech in this article. So, it's a test of queuing theory.
  • I thought Germans were smart and efficient.
    • Re:That's funny (Score:4, Interesting)

      by magarity ( 164372 ) on Wednesday December 18, 2019 @05:01PM (#59533974)

      I thought Germans were smart and efficient.

      The correct stereotype ought to be that Germans are excessively methodical. This has the effect of "making the trains run on time" and it often overlaps efficient in terms of the end users' experience but sometimes it is spectacularly the opposite.

      • by account_deleted ( 4530225 ) on Wednesday December 18, 2019 @05:19PM (#59534040)
        Comment removed based on user account deletion
        • This thread is just begging to be Godwinned.

        • The German comedian Henning Wehn tells a joke about a British couple who adopt a German baby, who doesn’t talk. After several tests they find nothing wrong with the baby, but when he is five he is served apple strudel, and the child says: "This strudel is cold." The astonished parents ask the child why he’d not said anything for all this time and the child says: "Up until now everything had been satisfactory."

      • by hermi ( 809034 )

        This has the effect of "making the trains run on time"

        The German trains don't run on time. In fact, they are the ridiculed for not being on time.

        Internationally so: japan times [japantimes.co.jp]

        Deutsche Bahn, which used to be famous for its punctuality, has come under fire in recent years for delays, last-minute train cancellations and expensive ticket fares.

        (The JP times story is about something else entirely, that is about Deutsche Bahn being bad, but not being late)

    • This is a smart and efficient way to get people to submit themselves for identification and capture of biometric data.

  • do they not have an alternative contact method ?
    do they not know about schemas ?
    are they planning on a 2FA from now on ?

    WTF

    • do they not have an alternative contact method ?

      Mail, I guess. And probably a phone number. They could probably setup a robot caller, and send mail to those who were not successfully contacted.

    • by redback ( 15527 )

      If you had read the article you would know why they couldn't do that.

      • by tepples ( 727027 )

        If you had read the article you would know

        Half the time, lately, the featured article is on a subscription website that's not part of my current subscription package. Or it has the "Admiral Engage" script that confuses tracking blockers with ad blockers rather than falling back to privacy-respecting ads.

    • Re:alternative ? (Score:5, Insightful)

      by nicolaiplum ( 169077 ) on Wednesday December 18, 2019 @04:57PM (#59533958)

      Think about this a bit. If the email systems have been compromised, how do you email people? How do you know you're phone the right number if you phone them? Even if you are 2FAing people in future, how do you have a trust anchor for the 2FA?

      Yes, showing up in person with the ID card (which all Germans have, and which any foreigner entering Germany legitimatley would also have, or be issued in case of refugees) is the best way to bootstrap strong authentication of people when your internal trust anchors are entirely broken.

    • They might, but as stated in the article (and not in the summary of course), German law prevents them from giving out passwords if not done in person.

    • New phone attacks allow a call to be redirected for up to 3 minutes after you "hang up", making 2FA useless.

      In person is the only way.

      • by bn-7bc ( 909819 )
        wow the phone system realy needs some serious bug fixing, A call shuld be permanently terminated on hang up unless the called party initiates a transfer (or other action that requiers the call to stay connected), why has this not benn standard for years?
        • A lot of calls now go over the internet instead of fixed wire, especially office phones or the ones you get in "bundles" with other service

  • by nicolaiplum ( 169077 ) on Wednesday December 18, 2019 @04:54PM (#59533948)

    Years ago, perhaps 20 or 25 years ago, the University of Cambridge central Computing Service required all users to change their passwords on one occasion due to a security issue, and all users (except those with a physical reason - Stephen Hawking, for example, was exempt) had to come to the Computing Service helpdesk in person to receive their password. Academic rank did not excuse you and there was one line no matter who you were.

    It was, a friend in the CS told me, quite interesting and amusing to see full Professors (UK professor, i.e. the highest academic rank not just a person who teaches), Heads of Department and similar queuing up next to undergraduate students and actually talking to them while waiting. This was likely the first time for a long time that they had interacted with the lower ranks.

    • >This was likely the first time for a long time that they had interacted with the lower ranks.

      Is this really a thing? At the university I work at, full professors, assorted staff, graduate and undergraduate students alike stand in line together for stuff on campus like to buy food or get coffee from Starbucks.

    • Interesting. I was there from 1998 to 2002 and I don't recall any such event, so I guess it was more than 21 years ago.
  • How else will you verify a checksum / digital signature? (E.g. a la Signal Messenger or PGP.) ... or can be certain to install the right root certificate?

    Unless you do it in person, there ALWAYS is the possibility of a MITM attack.
    No, sorry, your browser's pre-configured TLS CAs are security theater, and nothing else. You never met those CAs. They are not trustworthy. And proven not to be, in the past!

    Of course ⦠all this is only true if they actually did that.

  • Have you gotten your password ration for today comrade?

  • by Laxator2 ( 973549 ) on Wednesday December 18, 2019 @05:06PM (#59533994)

    Or are all passwords going to be identical ?
    I imagine one guy with a rubber stamp, impressing the same password on each piece of paper.

    • Comment removed based on user account deletion
      • ,,Dein neue Passwort ist PasswortEinsZweiDrei``.

        Das ist die Kombination meines Koffers!

      • Seriously though, does anyone remember when some people looked at computers and everything to do with computing while shaking their heads slowly, saying, “It’s just a fad... it’ll never catch on.” Or maybe, “I’ll NEVER buy a computer,” and today everyone’s got like, 3. At least. But as this kind of thing gets worse and worse, I can’t help but wonder... what if all the naysayers were right, ultimately, but for the wrong reason, and in like, 20 years, hardly anyone has a computer?

        I don’t mean for like, reasons connected to the end of the world, the collapse of civilization, or anything. Just like, what if humanity just goes, “okay, fuck it, let’s all just go back to paper.”

        Then slowly, bit by bit, people have fewer and fewer computers.

        I can kind of see it happening.

        May I present to you the Butlerian Jihad [wikipedia.org]

  • Hey everybody let's jump on the Internet train! WooWoo!
  • The malware has already been identified as Emotet. Good luck with "cleaning" that. They'll be reinfected in no time if they don't format and reinstall.
  • Liebe und Tod

    Nobody will ever guess those

  • âFor the past days, IT staff have used antivirus scanners loaded on more than 1,200 USB flash drives to scan each JLU computer for malware.â

    Is what either dangerous ignorance or reckless desperation looks like. If your systems donâ(TM)t suck it should take only a little longer(and the difference just unattended data copying, not man hours) to nuke and reimage a system than it does to boot from an external medium and grovel over the system with an AV scanner. When you consider that you woul
    • by guruevi ( 827432 )

      You're assuming various things:
      - IT at the University is competent (it is not)
      - There is a method for imaging the computers through the network (doesn't exist)
      - There are backups (most likely none)
      - They have cheap storage available (the cheapest Universities can often buy is Dell Isilon with a street price of $2k/TB)

      • Oh, I don't disagree with the suspicion that they are doing the wrong thing because they aren't adequately prepared to do the right thing; and if you aren't already ready getting up to speed and solving the problem will be considerably slower and more difficult than just slapping together a load of flash drives and making the rounds.

        My reaction was more just spurred by horror at watching a not-all-that-much harder, and vastly better, response not happen for want of preparation or prior planning and resou
  • Let's look this headline again.
    "More than 38,000 People Will Stand in Line this Week To Get a New Password "

    I learned in middle school that when conveying information there needs to be who, what, when, where, and why. How many were satisfied? Two. We know people will be standing in line for new passwords, that's what, and it happens this week, that's when.

    Let's see if we can fit all five pieces of information in a headline with the same number of words.
    "Malware Attack Forces 38000 German University Stude

  • All of this is going on at the Justus Liebig University (JLU) in Gieben, a town north of Frankfurt, Germany. The university suffered a malware infection last week. While the name or the nature of the malware strain was not disclosed, the university's IT staff considered the infection severe enough to take down its entire IT and server infrastructure.”

    Computer usage [uni-giessen.de]: ‘Can I currently use my device (notebook/tablet etc.)?’

    ‘According to current knowledge, employees' Windows

The truth of a proposition has nothing to do with its credibility. And vice versa.

Working...