On Fri, Jun 11, 2021 at 12:48 PM Matthew Petach
wrote:
>
> That's the part that would leave me concerned.
> Having my email password compromised?
> That's a bit of a "meh" moment.
> Suddenly discovering that one password now gave access to
> potentially all my financial accounts as well?
>
I only just now found this thread, so I'm sorry I'm late to the party, but
here, I put it on Medium.
https://gushi.medium.com/the-worst-day-ever-at-my-day-job-beff7f4170aa
> On Mar 12, 2021, at 10:07 PM, Mark Tinka wrote:
>
> Hardly famous and not service-affecting in the end, but figured I'd
-- Forwarded message -
From: William Herrin
Date: Fri, 11 Jun 2021, 17:04
Subject: Google uploading your plain text passwords
To: nanog@nanog.org
Howdy,
My gmail account prompted me today to change a compromised password.
It wasn't compromised; it was an offline system where I
On Fri, Jun 11, 2021 at 1:05 PM César de Tassis Filho
wrote:
> Google uses your Google Account's password to encrypt passwords synced to the
> cloud. That is why passwords saved on Android and synced to the cloud can be
> read elsewhere (including passwords.google.com).
>
> As I mentioned
On Fri, Jun 11, 2021 at 12:01 PM William Herrin wrote:
> On Fri, Jun 11, 2021 at 10:27 AM Michael Thomas wrote:
> > Isn't that what lots of password managers do? I understand that one of
> them syncs point to point, but that has the downside that it probably needs
> to be on the same subnet.
>
Google uses your Google Account's password to encrypt passwords synced to
the cloud. That is why passwords saved on Android and synced to the cloud
can be read elsewhere (including passwords.google.com).
As I mentioned before, if you want to avoid this behavior Google offers you
a way to use a
Hi, folks,
After almost 7+ years of working on this topic, our internet-draft
entitled Operational Implications of IPv6 Packets with Extension
Headers¨
(
https://datatracker.ietf.org/doc/html/draft-ietf-v6ops-ipv6-ehs-packet-drops-08
), has been approved for publication as an IETF RFC.
I
>> i am sure there are more things to do; and hope that wiser folk will
>> expand, comment, and correct.
>
> Stay far away from AS0...
one of 42 ways, invented by clever people, to shoot yourself in the foot
randy
On Fri, Jun 11, 2021 at 12:32 PM Peter Beckman wrote:
> On Fri, 11 Jun 2021, William Herrin wrote:
>
> > On Fri, Jun 11, 2021 at 9:42 AM César de Tassis Filho
> > wrote:
> >> Google does not have access to your plain-text passwords in either case.
> >
> > If they can display the plain text
Like Seth, i haven’t gotten anything from them.
-Mike
> On Jun 11, 2021, at 12:08, Bryan Holloway wrote:
>
>
>
>> On 6/11/21 8:25 PM, Seth Mattinen wrote:
>>> On 6/11/21 11:18 AM, Bryan Holloway wrote:
>>> This is what I got from those guys ...
>>>
>>> --
>>>
>>> CoreSite Incident
On Fri, 11 Jun 2021, William Herrin wrote:
On Fri, Jun 11, 2021 at 9:42 AM César de Tassis Filho
wrote:
Google does not have access to your plain-text passwords in either case.
If they can display the plain text passwords to me on my screen in a
non-Google web browser then they have access
On 6/11/21 8:25 PM, Seth Mattinen wrote:
On 6/11/21 11:18 AM, Bryan Holloway wrote:
This is what I got from those guys ...
--
CoreSite Incident Notification
Description: During a planned maintenance event to integrate new
hardware into our MPLS core an extreme dip in Any2 traffic was
On Fri, Jun 11, 2021 at 10:27 AM Michael Thomas wrote:
> Isn't that what lots of password managers do? I understand that one of them
> syncs point to point, but that has the downside that it probably needs to be
> on the same subnet.
It's exactly what lots of password managers with browser
This issue now seems resolved. If anyone here was directly responsible
for the resolution, thank you.
-Vinny
Vinny Abello via NANOG wrote on 6/11/2021 11:17 AM:
Hello,
Please excuse the noise. If there are any network engineers from
Cogent and Altice on the list, could you please email me
On 6/11/21 11:18 AM, Bryan Holloway wrote:
This is what I got from those guys ...
--
CoreSite Incident Notification
Description: During a planned maintenance event to integrate new
hardware into our MPLS core an extreme dip in Any2 traffic was observed.
After about 4 hours running in a
This is what I got from those guys ...
--
CoreSite Incident Notification
Description: During a planned maintenance event to integrate new
hardware into our MPLS core an extreme dip in Any2 traffic was observed.
After about 4 hours running in a degraded state, an emergency case was
opened
Also saw a major traffic drop. There is a Root Cause to be issued early in
the week I'm told.
-jim
On Fri, Jun 11, 2021 at 2:42 PM Siyuan Miao wrote:
> Yea, it was down but both RS are online and feeding us unreachable
> nexthops during the outage .
>
> On Sat, Jun 12, 2021 at 1:27 AM Seth
This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.
The posting is sent to APOPS, NANOG, AfNOG, SANOG, PacNOG, SAFNOG
TZNOG, MENOG, BJNOG, SDNOG, CMNOG, LACNOG and the RIPE Routing WG.
Daily listings are sent to
I think you have only found the tip of the iceberg of things that Chrome
and Google does without your express consent.
On Fri, Jun 11, 2021 at 9:48 AM William Herrin wrote:
> On Fri, Jun 11, 2021 at 9:38 AM Jan Schaumann via NANOG
> wrote:
> > William Herrin wrote:
> > > It turns out that
Yea, it was down but both RS are online and feeding us unreachable nexthops
during the outage .
On Sat, Jun 12, 2021 at 1:27 AM Seth Mattinen wrote:
> On 6/11/21 10:16 AM, Jon Lewis wrote:
> > On Fri, 11 Jun 2021, Seth Mattinen wrote:
> >
> >> Did Any2 LAX barf last night between about 1am and
[sorry meant to send this to the list]
Isn't that what lots of password managers do? I understand that one of them
syncs point to point, but that has the downside that it probably needs to
be on the same subnet.
The actual problem here is that sites only allow a single password. if you
could
On 6/11/21 10:16 AM, Jon Lewis wrote:
On Fri, 11 Jun 2021, Seth Mattinen wrote:
Did Any2 LAX barf last night between about 1am and 8am Pacific time?
More like 00:00-7:45 (Pacific time).
Anyone know what broke, and why the IX was dead for nearly 8 hours?
This is our second recent issue with
It appears that Tom Ivar Helbekkmo via NANOG said:
>John Levine writes:
>
>> I have signed all 300 zones on my DNS servers, but only about half of
>> them have working DNSSEC because there is no practical way to install
>> the DS records.
>
>Sounds like ICANN, having told us for a very long time
It appears that William Herrin said:
>On Fri, Jun 11, 2021 at 9:42 AM César de Tassis Filho
> wrote:
>> Google does not have access to your plain-text passwords in either case.
>
>If they can display the plain text passwords to me on my screen in a
>non-Google web browser then they have access to
On Fri, 11 Jun 2021, Seth Mattinen wrote:
Did Any2 LAX barf last night between about 1am and 8am Pacific time?
More like 00:00-7:45 (Pacific time).
Anyone know what broke, and why the IX was dead for nearly 8 hours?
This is our second recent issue with "an Any2 IX", having dealt with an IX
Something happened... All my traffic dropped between 1am to 3am.
-Mike
> On Jun 11, 2021, at 10:11, Seth Mattinen wrote:
>
> Did Any2 LAX barf last night between about 1am and 8am Pacific time?
Did Any2 LAX barf last night between about 1am and 8am Pacific time?
John Levine writes:
> I have signed all 300 zones on my DNS servers, but only about half of
> them have working DNSSEC because there is no practical way to install
> the DS records.
Sounds like ICANN, having told us for a very long time that they want
DNSSEC everywhere, should attempt to get a
On 6/10/21 20:08, Randy Bush wrote:
i am sure there are more things to do; and hope that wiser folk will
expand, comment, and correct.
Stay far away from AS0...
Mark.
On Fri, Jun 11, 2021 at 9:42 AM César de Tassis Filho
wrote:
> Google does not have access to your plain-text passwords in either case.
If they can display the plain text passwords to me on my screen in a
non-Google web browser then they have access to my plain text
passwords. Everything else is
On Fri, Jun 11, 2021 at 9:38 AM Jan Schaumann via NANOG wrote:
> William Herrin wrote:
> > It turns out that every password I allowed Chrome on Android to
> > remember, it uploaded to Google. In plain text!!
>
> Chrome does not store your passwords in plain text.
> It encrypts them locally, on
It appears that Tom Ivar Helbekkmo via NANOG said:
>Jeroen Massar via NANOG writes:
>
>> No, not even kidding. For many organisations DNSSEC is 'scary' and a
>> burden as it feels 'fragile' for them.
>
>Unfortunately, yes. And those of us who use it know that this is a
>myth. With modern
Google stores encrypted passwords. By default it uses your own Google
Account password as part of the key to decrypt your other synced passwords.
But you can change that and use a custom "sync passphrase".
Once you're logged in your device can decrypt your passwords and compare
them against
William Herrin wrote:
> It turns out that every password I allowed Chrome on Android to
> remember, it uploaded to Google. In plain text!!
Chrome does not store your passwords in plain text.
It encrypts them locally, on e.g. macOS using, I
think, a secret stored in the keychain under "Chrome
Hi,
I use Firefox and saved its profile inside a VeraCrypt disk, inside
a Bitlocked disk, inside a Surface3 used only for that purpose =D.
( Yeah that include a few physical MFA device and Shutdown instead
of Sleeping, and yadi yada )
So GL with Chrome =D.
-
Alain Hebert
Disable "auto sign-in" and "Save and fill addresses" and there's more for
payment methods, too.
Josh Luthman
24/7 Help Desk: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
On Fri, Jun 11, 2021 at 12:12 PM William Herrin wrote:
> On Fri, Jun 11, 2021 at 9:06 AM Josh
On Fri, Jun 11, 2021 at 9:16 AM Matthias Merkel
wrote:
> On mobile: Chrome Settings -> Sync -> Uncheck Sync All -> Uncheck Passwords
This works. Thank you.
Still, on by default? How many billions of passwords does google now
have stored with reversible encryption?
Regards,
Bill Herrin
--
On Fri, Jun 11, 2021 at 9:06 AM Josh Luthman
wrote:
> That's wrong, you CAN turn it off. I believe it's encrypted between Google
> and your Chrome browser, it says so but I haven't confirmed this myself.
Chrome can be configured to not remember passwords at all (makes a
browser pretty
That's wrong, you CAN turn it off. I believe it's encrypted between Google
and your Chrome browser, it says so but I haven't confirmed this myself.
Chrome Settings, Password, disable "Offer to save passwords"
Josh Luthman
24/7 Help Desk: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite
Howdy,
My gmail account prompted me today to change a compromised password.
It wasn't compromised; it was an offline system where I intentionally
used a generic password. But in the process...
It turns out that every password I allowed Chrome on Android to
remember, it uploaded to Google. In
Hello,
Please excuse the noise. If there are any network engineers from Cogent
and Altice on the list, could you please email me directly. This is
regarding a specific Altice IPv4 aggregate in the NYC area that Cogent
in the NYC area is handing off to Zayo in San Jose for some reason. It
Jeroen Massar via NANOG writes:
> No, not even kidding. For many organisations DNSSEC is 'scary' and a
> burden as it feels 'fragile' for them.
Unfortunately, yes. And those of us who use it know that this is a
myth. With modern software, DNSSEC is quick and easy to set up, and
works just
42 matches
Mail list logo