Thread: IM, Email Passwords Are Stored as Plain Text
View Single Post
PhilE's Avatar
PhilE is offline PhilE
2010-01-18 , 13:06
Posts: 71 | Thanked: 65 times | Joined on Oct 2009 @ Brighton, UK
#55
there's too many stupid excuses coming up in this thread, if it was apple iphone it would already be on the lunch time news about it.
there is no other device in my possession what allows the exploit of passwords via a simple type of few words in a web browser and saying dont let it out your hands is not a solution. How is easy would it be for family and friends to spy on each other and yes it does happens amongst insecure people..
lastly how easy would it be for someone to code something to feed that data to a server?
Sigh....

I should be working, but I simply can't let that pass...

Firstly, I don't care about iPhones.

Secondly, there are several devices potentially in your possesion where I could retrieve your stored passwords if I physically had that device in my hands or on a desk in front of me.

Your Windows machine? Boot it up with any Linux distro on a USB stick, run the right program and I have all your local user logins and passwords.

You're a firefox user? Try running one of your stored passwords through this:

Code:
#!/usr/bin/perl -w

use strict;
use MIME::Base64;

if ( !defined(@ARGV->[0]) ) {
print "usage: $0 base64_password\n";
} else {
my $test = decode_base64(@ARGV->[0]);
print $test . "\n";
}
As I already pointed out, as soon as you no longer have physical access to your data, it doesn't matter what security measures you have in place, your data will be compromised eventually, given a sufficiently determined crook and a sufficiently valuable set of data.

Presumably if you lost you car keys and your car got stolen as a result, you'd be blaming the manufacturer for that, too?
__________________
Phil Edwards
Brighton, UK
 

The Following 11 Users Say Thank You to PhilE For This Useful Post: