[gentoo-user] Re: Catastrophic bug in the firefox 'ProfileManager' function

2015-07-21 Thread walt 
On Tue, 21 Jul 2015 08:53:42 +0100
Mick michaelkintz...@gmail.com wrote:

 On Tuesday 21 Jul 2015 02:40:54 Dale wrote:

   This wouldn't help with some of the things you lost but it will
   with your passwords at least.  For passwords, this will help and
   you can use it somewhere else as well since it is portable, sort
   of.
   
   https://lastpass.com/
snipped for brevity

First, thanks to everyone who replied to this thread.  As usual in this
group, I learned something from every reply.

I've actually been using lastpass for about two years, so I lost a lot
less than I would have otherwise.   I had another scary moment, though,
when I couldn't remember my lastpass master password.

After about twenty guesses I remembered that I just recently changed my
lastpass password exactly because of the 'possible' data breach at
lastpass (the security issues Mick mentions below).

I asked lastpass to email me my password hint, which I made vague on
purpose so bad guys would have trouble using it -- and that meant I had
trouble using it too :)  But after another ten guesses I finally got
the new password right.  Whew...


 A better, as in more secure, solution should involve local encryption
 and IMHO local air-gapped storage.  A USB key will do nicely and you
 can have a second USB key stored in your brother's premises, for
 disaster recovery scenarios. This is because cloud storage:
 
  a) creates a honey pot which attracts attacks[1] and 
  b) most of cloud storage is in the US.
 
 [1] https://en.wikipedia.org/wiki/LastPass#Security_issues

[gentoo-user] Re: Catastrophic bug in the firefox 'ProfileManager' function

2015-07-20 Thread »Q« 
On Mon, 20 Jul 2015 16:18:44 -0700
walt w41...@gmail.com wrote:

 I suspect most people don't even know firefox has a ProfileManager,
 but I'm here to warn you not to use it.  It just cost me years of
 bookmarks and saved passwords.
 
 For testing purposes I invoked firefox-bin with the -ProfileManager
 flag (don't do this, it's broken!) and created a fresh firefox profile
 with the name temp as I've been doing for years.
 
 I ran the temp profile while doing my testing, quit firefox and then
 re-invoked firefox with the -ProfileManager flag and used it to delete
 the temp profile because I didn't need it any more.
 
 Unfortunately, deleting temp also deleted the default profile I've
 been using for years, which had all of my bookmarks and saved
 passwords and maybe other stuff I haven't even thought about yet.

I'm sorry you had this trouble, and I can't explain it.

I've used the profile manager to delete temporary profiles at least once
a twice a week for the past many years without problems.  I compile
firefox instead of using firefox-bin, but that shouldn't make any
difference.

I guess you've already looked, but just in case, make sure the
default profile directory is really gone.  If you're very lucky, only
the profile.ini file got corrupted.