Great news this morning – PASS turned the ship around in 24 hours. Late last night, PASS President Tom LaRock announced:
- Voting deadlines have been extended until October 14th
- If you didn’t get a ballot email, you can still vote, but you have to update your PASS profile by Oct 5th
- The password vulnerabilities are fixed, and in the process of being tested
Go change your SQLPASS.org password right now.
This kills two birds with one stone: you’ll become eligible to vote, and less eligible for hacking. If you use that same password, go change it in every other place you use it, and now would be an excellent time to look at password management apps. I use 1Password, and I also hear good things about Lastpass.
Sounds like a half hearted response to me…how can a vulnerability be fixed and simultaneously being tested ?
The same way I write code, and then someone else tests it. With security changes, you want to do due diligence and have someone else really put it to the test before you declare the emergency over.
Yes but haven’t they just said it is fixed before the testing is done?
That’s up to how you parse Tom’s words:
“In response, we have added SSO integration for Simply Voting as well as SSL certificates. We want to assure you that the voting process and your login details and profile activity are secure. We are continuing testing and validation of the security of all PASS sites – stay tuned to the PASS blog for details and updated information as soon as that is completed in the coming days.”
It’s written in a way that says remediations have been made, but he avoids the word “fixed” because it’s just too legally risky for him to say that. It wouldn’t be prudent for him to say the site is bulletproof – there’s always somebody with a bigger bullet.
yey! Let’s face it, sometimes I can get cynical and think that it is useless to try to change things. But this is truly inspiring to see so many things fixed just because community demanded. Thanks Brent & everyone who joined the discussion! Exceptional community spirit that keeps me motivated, I would say!
JMont – You’re absolutely welcome. I’m really happy to see the continuing change of direction from PASS. Some of the Board members have started getting much more involved in Twitter, Facebook, and blog comments, and that’s inspiring.
Thank you Brent. I have no doubt that your blogging re: PASS contributed significantly to the result we are now seeing. 🙂
Anne – Aww, thanks ma’am! I like to think that they already had the whole response planned out before my posts went live, and that they were just taking their time to do spell checking. 😀
Happy, happy, happy, happy, …
It’s a bloody job, but somebody had to do it.
Thanks again for pushing hard to get Pass to fix it.
Leadership comes with responsibility and exemplary behavior.
Alzdba – thanks sir! It was a long week this week, but I’m really happy with the end results. We’ll win more people back under the PASS umbrella – people who really wanted to be in – and hopefully focus on keeping them there rather than pushing ’em out into the rain.
Great Work Brent!
Wonder how many 1password apps you sold for AgileBits?
Greg – HA! Thanks. Yeah, hopefully they’ll sell a bunch this week – anything to get folks to split out their passwords. I hated this when Jeremiah first made me do it, but like most of the things he makes me do, the results were awesome.