• Home
  • My Favorite Topics
    • Blogging
    • Business
    • Career
    • Cars
    • Consulting
    • Epic Life Quest
    • Iceland
    • Marketing
    • Presenting
    • Productivity
  • My Life Quest
    • Future Achievements
  • About Me
  • My Recent Photos

WOOHOO! PASS Fixes Password Vulnerabilities, Voting Restrictions

8 years ago
pass, security, sqlpass
12 Comments

Great news this morning – PASS turned the ship around in 24 hours. Late last night, PASS President Tom LaRock announced:

  • Voting deadlines have been extended until October 14th
  • If you didn’t get a ballot email, you can still vote, but you have to update your PASS profile by Oct 5th
  • The password vulnerabilities are fixed, and in the process of being tested

Go change your SQLPASS.org password right now.

This kills two birds with one stone: you’ll become eligible to vote, and less eligible for hacking. If you use that same password, go change it in every other place you use it, and now would be an excellent time to look at password management apps. I use 1Password, and I also hear good things about Lastpass.

pass, security, sqlpass
Previous Post
The Bigger #PASSVotes Problem: Your Password Was Shared.
Next Post
New #SQLPASS Virtual Chapter Webcasts

12 Comments. Leave new

  • mister magoo
    September 27, 2014 6:18 am

    Sounds like a half hearted response to me…how can a vulnerability be fixed and simultaneously being tested ?

    Reply
    • Brent
      September 27, 2014 6:19 am

      The same way I write code, and then someone else tests it. With security changes, you want to do due diligence and have someone else really put it to the test before you declare the emergency over.

      Reply
  • mister magoo
    September 27, 2014 6:20 am

    Yes but haven’t they just said it is fixed before the testing is done?

    Reply
    • Brent
      September 27, 2014 6:22 am

      That’s up to how you parse Tom’s words:

      “In response, we have added SSO integration for Simply Voting as well as SSL certificates. We want to assure you that the voting process and your login details and profile activity are secure. We are continuing testing and validation of the security of all PASS sites – stay tuned to the PASS blog for details and updated information as soon as that is completed in the coming days.”

      It’s written in a way that says remediations have been made, but he avoids the word “fixed” because it’s just too legally risky for him to say that. It wouldn’t be prudent for him to say the site is bulletproof – there’s always somebody with a bigger bullet.

      Reply
  • JMont
    September 27, 2014 8:45 am

    yey! Let’s face it, sometimes I can get cynical and think that it is useless to try to change things. But this is truly inspiring to see so many things fixed just because community demanded. Thanks Brent & everyone who joined the discussion! Exceptional community spirit that keeps me motivated, I would say!

    Reply
    • Brent
      September 27, 2014 8:50 am

      JMont – You’re absolutely welcome. I’m really happy to see the continuing change of direction from PASS. Some of the Board members have started getting much more involved in Twitter, Facebook, and blog comments, and that’s inspiring.

      Reply
  • Anne Hills
    September 27, 2014 10:38 am

    Thank you Brent. I have no doubt that your blogging re: PASS contributed significantly to the result we are now seeing. 🙂

    Reply
    • Brent
      September 27, 2014 10:42 am

      Anne – Aww, thanks ma’am! I like to think that they already had the whole response planned out before my posts went live, and that they were just taking their time to do spell checking. 😀

      Reply
  • alzdba
    September 27, 2014 10:54 am

    Happy, happy, happy, happy, …

    It’s a bloody job, but somebody had to do it.

    Thanks again for pushing hard to get Pass to fix it.

    Leadership comes with responsibility and exemplary behavior.

    Johan

    Reply
    • Brent
      September 27, 2014 10:56 am

      Alzdba – thanks sir! It was a long week this week, but I’m really happy with the end results. We’ll win more people back under the PASS umbrella – people who really wanted to be in – and hopefully focus on keeping them there rather than pushing ’em out into the rain.

      Reply
  • Greg Smith
    September 29, 2014 6:58 am

    Great Work Brent!

    Wonder how many 1password apps you sold for AgileBits?

    Reply
    • Brent
      September 29, 2014 7:04 am

      Greg – HA! Thanks. Yeah, hopefully they’ll sell a bunch this week – anything to get folks to split out their passwords. I hated this when Jeremiah first made me do it, but like most of the things he makes me do, the results were awesome.

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Hi. I’m Brent.

That's me, Brent.

I live in Las Vegas, Nevada. I'm on an epic life quest to have fun and make a difference.

I co-founded Brent Ozar Unlimited to help make your SQL Server go faster. I also maintain sp_Blitz® and the open source First Responder Kit repo.

My current car collection includes a Jaguar XKR-S, Porsche 944 Turbo, Porsche 356 Speedster replica, and a Ferrari 328 GTS.

profile for Brent Ozar on Stack Exchange, a network of free, community-driven Q&A sites

© 2021 Brent Ozar, all rights reserved. Privacy Policy

  • Home
  • My Favorite Topics
  • My Life Quest
  • About Me
  • My Recent Photos