1) Palin's password was not compromised directly. Instead, the backup "private security questions" had answers which were in the public domain -- such as "name of your high school" -- to a sufficiently dedicated adversary. (There are four in Wasilla. Sort of narrows the search space a bit versus trying to brute force a password, right?)
2) This doesn't prove OpenID is a good idea, at all. Let's review facts: the site which was compromised uses OpenID and presumably an OpenID provider which has bulletproof security. The problem with this is that, for most users, the vulnerability is not the strongest provider but the weakest one, since they share credentials everywhere. Equivalently, you could say that the weakest link is the user. (Even on an Internet where EVERY site used OpenID, most users would fall for a compromise-anywhere-compromise-everywhere phishing attack.)
Regarding 2), I think it would be fair to say that the compromised site was in fact the one that did not use OpenID and instead stored passwords poorly. Once compromised, it exposed user credentials which could then be used elsewhere. Had they used OpenID, this would not have happened.
There were two sites that were compromised. The first did not use OpenID; it stored an unsalted hash, which lead to the compromised password. The second compromised site -- StackOverflow -- uses OpenID. It was compromised because Jeff used the same password on both sites.
Patio11's point is that this is common user behavior, so OpenID doesn't offer any better security than its weakest point, which becomes sites not using OpenID but storing the same password as OpenID. I have to disagree, though: The alternative to OpenID is many more login/password pairs, which has exactly the same problem to a worse degree: too many passwords to remember, so the users reuse them.
StackOverflow wasn't compromised, Atwood's password was. The actual site that password is entered into is irrelevant. If this is a compromise of SO, then banks are compromised every time somebody steals a credit card.
If that credit card had access to all of the funds in the banks, then you would be right. Atwood has an administrator's account on StackOverflow, and presumably administrator powers.
The weakest link is nearly always the user... but, unfortunately, they're not a link you can do without. All you can do is look after your end and force their hand as much as you can - password strength meters, salting and hashing passwords, etc.
1) Palin's password was not compromised directly. Instead, the backup "private security questions" had answers which were in the public domain -- such as "name of your high school" -- to a sufficiently dedicated adversary. (There are four in Wasilla. Sort of narrows the search space a bit versus trying to brute force a password, right?)
2) This doesn't prove OpenID is a good idea, at all. Let's review facts: the site which was compromised uses OpenID and presumably an OpenID provider which has bulletproof security. The problem with this is that, for most users, the vulnerability is not the strongest provider but the weakest one, since they share credentials everywhere. Equivalently, you could say that the weakest link is the user. (Even on an Internet where EVERY site used OpenID, most users would fall for a compromise-anywhere-compromise-everywhere phishing attack.)