More than 38,000 People Will Stand in Line this Week To Get a New Password (zdnet.com) 46
A non-standard and somewhat weird password reset operation is currently underway at a German university, where more than 38,000 students and staff were asked this week to stand in line with their ID card and a piece of paper to receive new passwords for their email accounts. From a report: All of this is going on at the Justus Liebig University (JLU) in Gieben, a town north of Frankfurt, Germany. The university suffered a malware infection last week. While the name or the nature of the malware strain was not disclosed, the university's IT staff considered the infection severe enough to take down its entire IT and server infrastructure. The university's network has been down since December 8, and all computers have been isolated and disconnected from each other. For the past days, IT staff have used antivirus scanners loaded on more than 1,200 USB flash drives to scan each JLU computer for malware.
Gieben != Giessen (Score:3, Informative)
Wish they would spell German cities correctly. That funky symbol is not a "B"...
Re: (Score:3)
Re: Gieben != Giessen (Score:2)
I was under the impression from my college German classes a decade ago that "ss" was turning into the main form anyway.
Re: (Score:2)
I was under the impression from my college German classes a decade ago that "ss" was turning into the main form anyway.
Maybe so in terms of actual use. But as for dictionary form, in 1996 the use of Eszett (the B-looking character) was standardized so that now it follows long vowels and dipthongs, whereas ss follows short vowels. My impression is that prior to this standardization, the use of one or the other had become largely conventional, so you just had to know the right spelling by tradition. The change made the distinction between Eszett and ss more pronounced and useful. But this does also mean that many words that h
Queue not line (Score:1)
That's funny (Score:2)
Re:That's funny (Score:4, Interesting)
I thought Germans were smart and efficient.
The correct stereotype ought to be that Germans are excessively methodical. This has the effect of "making the trains run on time" and it often overlaps efficient in terms of the end users' experience but sometimes it is spectacularly the opposite.
Comment removed (Score:5, Funny)
Re: (Score:2)
This thread is just begging to be Godwinned.
Re: (Score:3)
Re: (Score:2)
The German comedian Henning Wehn tells a joke about a British couple who adopt a German baby, who doesn’t talk. After several tests they find nothing wrong with the baby, but when he is five he is served apple strudel, and the child says: "This strudel is cold." The astonished parents ask the child why he’d not said anything for all this time and the child says: "Up until now everything had been satisfactory."
Re: (Score:1)
The German trains don't run on time. In fact, they are the ridiculed for not being on time.
Internationally so: japan times [japantimes.co.jp]
(The JP times story is about something else entirely, that is about Deutsche Bahn being bad, but not being late)
Re: (Score:2)
This is a smart and efficient way to get people to submit themselves for identification and capture of biometric data.
alternative ? (Score:2)
do they not have an alternative contact method ?
do they not know about schemas ?
are they planning on a 2FA from now on ?
WTF
Re: (Score:2)
do they not have an alternative contact method ?
Mail, I guess. And probably a phone number. They could probably setup a robot caller, and send mail to those who were not successfully contacted.
Re: (Score:2)
If you had read the article you would know why they couldn't do that.
Re: (Score:3)
If you had read the article you would know
Half the time, lately, the featured article is on a subscription website that's not part of my current subscription package. Or it has the "Admiral Engage" script that confuses tracking blockers with ad blockers rather than falling back to privacy-respecting ads.
Re:alternative ? (Score:5, Insightful)
Think about this a bit. If the email systems have been compromised, how do you email people? How do you know you're phone the right number if you phone them? Even if you are 2FAing people in future, how do you have a trust anchor for the 2FA?
Yes, showing up in person with the ID card (which all Germans have, and which any foreigner entering Germany legitimatley would also have, or be issued in case of refugees) is the best way to bootstrap strong authentication of people when your internal trust anchors are entirely broken.
Re: alternative ? (Score:3)
They might, but as stated in the article (and not in the summary of course), German law prevents them from giving out passwords if not done in person.
Re: (Score:2)
New phone attacks allow a call to be redirected for up to 3 minutes after you "hang up", making 2FA useless.
In person is the only way.
Re: (Score:1)
Re: (Score:2)
A lot of calls now go over the internet instead of fixed wire, especially office phones or the ones you get in "bundles" with other service
Similar to years ago at Cambridge University (Score:5, Interesting)
Years ago, perhaps 20 or 25 years ago, the University of Cambridge central Computing Service required all users to change their passwords on one occasion due to a security issue, and all users (except those with a physical reason - Stephen Hawking, for example, was exempt) had to come to the Computing Service helpdesk in person to receive their password. Academic rank did not excuse you and there was one line no matter who you were.
It was, a friend in the CS told me, quite interesting and amusing to see full Professors (UK professor, i.e. the highest academic rank not just a person who teaches), Heads of Department and similar queuing up next to undergraduate students and actually talking to them while waiting. This was likely the first time for a long time that they had interacted with the lower ranks.
Re: (Score:2)
>This was likely the first time for a long time that they had interacted with the lower ranks.
Is this really a thing? At the university I work at, full professors, assorted staff, graduate and undergraduate students alike stand in line together for stuff on campus like to buy food or get coffee from Starbucks.
Re: (Score:2)
Well, duh. Proper security requires that! (Score:2)
How else will you verify a checksum / digital signature? (E.g. a la Signal Messenger or PGP.) ... or can be certain to install the right root certificate?
Unless you do it in person, there ALWAYS is the possibility of a MITM attack.
No, sorry, your browser's pre-configured TLS CAs are security theater, and nothing else. You never met those CAs. They are not trustworthy. And proven not to be, in the past!
Of course ⦠all this is only true if they actually did that.
Is this like bread lines? (Score:1)
Have you gotten your password ration for today comrade?
Will they receive different passwords ? (Score:3)
Or are all passwords going to be identical ?
I imagine one guy with a rubber stamp, impressing the same password on each piece of paper.
Re: (Score:2)
Re: (Score:2)
,,Dein neue Passwort ist PasswortEinsZweiDrei``.
Das ist die Kombination meines Koffers!
Re: (Score:2)
Seriously though, does anyone remember when some people looked at computers and everything to do with computing while shaking their heads slowly, saying, “It’s just a fad... it’ll never catch on.” Or maybe, “I’ll NEVER buy a computer,” and today everyone’s got like, 3. At least. But as this kind of thing gets worse and worse, I can’t help but wonder... what if all the naysayers were right, ultimately, but for the wrong reason, and in like, 20 years, hardly anyone has a computer?
I don’t mean for like, reasons connected to the end of the world, the collapse of civilization, or anything. Just like, what if humanity just goes, “okay, fuck it, let’s all just go back to paper.”
Then slowly, bit by bit, people have fewer and fewer computers.
I can kind of see it happening.
May I present to you the Butlerian Jihad [wikipedia.org]
Re: (Score:3)
I love Dune ...
It is the best SF book ever written.
WooWoo! (Score:2)
Already identified as Emotet (Score:1)
My new passwords are (Score:2)
Liebe und Tod
Nobody will ever guess those
Somebody needs a clue... (Score:2)
Is what either dangerous ignorance or reckless desperation looks like. If your systems donâ(TM)t suck it should take only a little longer(and the difference just unattended data copying, not man hours) to nuke and reimage a system than it does to boot from an external medium and grovel over the system with an AV scanner. When you consider that you woul
Re: (Score:2)
You're assuming various things:
- IT at the University is competent (it is not)
- There is a method for imaging the computers through the network (doesn't exist)
- There are backups (most likely none)
- They have cheap storage available (the cheapest Universities can often buy is Dell Isilon with a street price of $2k/TB)
Re: (Score:2)
My reaction was more just spurred by horror at watching a not-all-that-much harder, and vastly better, response not happen for want of preparation or prior planning and resou
More click bait! (Score:2)
Let's look this headline again.
"More than 38,000 People Will Stand in Line this Week To Get a New Password "
I learned in middle school that when conveying information there needs to be who, what, when, where, and why. How many were satisfied? Two. We know people will be standing in line for new passwords, that's what, and it happens this week, that's when.
Let's see if we can fit all five pieces of information in a headline with the same number of words.
"Malware Attack Forces 38000 German University Stude
MICROS~1 Windows strikes again (Score:2)
Computer usage [uni-giessen.de]: ‘Can I currently use my device (notebook/tablet etc.)?’
‘According to current knowledge, employees' Windows