[sentenza]

You non-Germans don't know how mind-boggeling insane this whole story is. There is a governmental agency, the BSI, whose job is to be on top of everything regarding security in information systems.

They tell us that millions of email accounts are compromised.

What they don't tell us is _which_ accounts are compromised or even what service provider these accounts are with. Maybe the key information here is that the info was leaked in a database hack at a big consumer software company.

Who knows?

Nobody! That's who. Because they refuse to give any details that would actually be useful to end-users. Now _everybody_ who has an email account is scared that their account is compromised.

Do you know what the punchline here is?

They said they would give more details, but not before Monday. It might not be obvious to non-Germans, but this little detail reeks of a kind of bureaucratic weirdness that is as German as Beer: I bet they will only release more info on Monday because the person in charge doesen't come into the office before Monday.

Sorry if this was a bit ranty, but the whole thing is just so stupid.

[eik3_de]

I saw a news show on ZDF yesterday and they actually recommended using an email provider that has 2 factor auth with "some code on you mobile". I guess no non-geek understood it but I was still shocked. Usually they just say you should have different passwords for different sites.

[viraptor]

Germany is quite good it seems. I don't really understand where it comes from, but the last time I randomly turned on the TV in Berlin, there was an educational program about PGP. At around 20:30, on a standard TV channel, one of the first ones on the list at the hotel, so it wasn't something obscure either. It seemed to describe the whole idea of asymmetric encryption too (inferred from the animated presentation).

I was really impressed.

[raverbashing]

Well, the part of the population that cares about information security is very well informed

But the rest seems to live in a luddite world. If you had watched TV more you would have seen that there are a lot of ads for: web games, PayPal and other websites trying to drag the average consumer into, you know, using the stuff.

Paying with a Debit Card is rare in Berlin, Credit Cards are barely non-existent (but they have some other ways of paying stuff online and on stores)

Security of bank accounts is usually done through a list of one-use code numbers (still, they - and several other countries - have payee initiated money transfers between accounts/banks, something that is rare in US/Canada)

[cJ0th]

You must have caught a lucky moment. Because of the current incident (passwords stored in plaintext were stolen!), spiegel online[0] wrote an article telling their readers they'd be better off if they had chosen stronger passwords.

> 18 Millionen gestohlene Passwörter und Logins hat die Staatsanwaltschaft Verden entdeckt. Mit ein paar Tricks kann man sich zumindest vor dem Schlimmsten schützen, wenn Datendiebe und Hacker zuschlagen.

translates to:

> 18 million stolen passwords and logins were found by the Staatsanwaltschaft (prosecution) of Verden. With a few tricks [i.e. a strong password] you can protect yourself from the worst when data thiefs and hackers attack.

[0] http://www.spiegel.de/netzwelt/web/passwort-emails-und-login...

[jboynyc]

I concur. Another result of informing the public in this manner is that reporting on the leak is murky and alarmist.

Yesterday I watched the Tagesschau, a highly-regarded public TV news program, and their report on this story was so short on information that all it could do -- whether consciously or not -- was to vaguely convey how dangerous cyberspace is. They even had the visuals of numbers flying through space for lack of actual informative content. In a country that's already often backwards when it comes to digital communication technologies, this kind of reporting is completely unhelpful.

[eik3_de]

wait, no shot of a blinking switch port led?

[ciex]

The article says the info was released on Thursday, so there's still Friday in between. Maybe someone at that big consumer software company wanted some time to prepare a defense? Maybe law enforcement wants to procure movement in some hacker groups they are tracking, by keeping them from knowing whether they've been busted? Maybe the BSI really doesn't know where the addresses are coming from? There are so many options here.

[sibbl]

What are you complaining about? There was a leak some months ago and the BSI kept the information about the leak secret until they had set up a system to inform people. Lots of people complained that they didn't publish the information earlier. Now they are doing, what I think is the correct way. Now they have time to discuss how to tell the people whose data has leaked which they surely will do.

[kryptiskt]

Too bad cybercriminals aren't awaiting the orderly notification of people before they use the information to do harm. The leak certainly isn't secret to the perpetrators.