maemo.org - Talk
Page 11 of 15 « First 910 11 1213 Last »
Show 40 post(s) from this thread on one page

maemo.org - Talk (https://talk.maemo.org/index.php)
-   Maemo 5 / Fremantle (https://talk.maemo.org/forumdisplay.php?f=40)
-   -   IM, Email Passwords Are Stored as Plain Text (https://talk.maemo.org/showthread.php?t=41164)

keesj 2010-01-18 14:40
Re: Warning - Exploit found, keep N900 to yourself until it's fixed!
 
How about killing this whole thread. Event the subject is plain wrong. Its not even an exploit.

javispedro 2010-01-18 14:41
Re: Warning - Exploit found, keep N900 to yourself until it's fixed!
 
Quote:
Originally Posted by slender (Post 479984)
Do you know that there is different levels of security. I do know that these levels are unmeasurable`and subjective but if you really want to be safe I would probably not use computer and I would be living in small aluminium foil box in same place where air frances black box is.

If they were encrypted I would give device to SOME people.
Again, back to the "and do you think anybody knowing where that file is wouldn't know how to 'decrypt' it?"

Quote:
Originally Posted by slender (Post 479984)
Actually did you know that firefoxs password safe gui was "plain text" for awhile but they changed it so that you have press button before it shows passwords behind usernames. Is this completely stupid thing to do?
They did it because of people glancing at them on the monitor, and also because then it can prompt for your master password. Nothing else.

slender 2010-01-18 14:42
Re: Warning - Exploit found, keep N900 to yourself until it's fixed!
 
Quote:
Originally Posted by keesj (Post 480003)
How about killing this whole thread. Event the subject is plain wrong. Its not even an exploit.
I agree that topic name is highly exaggerated.

jcompagner 2010-01-18 14:47
Re: Warning - Exploit found, keep N900 to yourself until it's fixed!
 
guys the only way to fix this if unlocking the a locked phone (device lock of the settings) would use that lock code as a password to get the private key where everything can be decrypted with.

So how many that are now complaining do have enabled the device lock?

HeinzHarald 2010-01-18 14:48
Re: Warning - Exploit found, keep N900 to yourself until it's fixed!
 
Quote:
Originally Posted by NvyUs (Post 479919)
well most off us until today have been duped already by option A. thinking they was safe
I'm sure if many people knew was told option B before they hit submit to purchase they would not of got the device at all
I believe the point is that if seeing the file you know it's an unsecure yet sensitive file if it's plaintext and will therefore treat it right. Were it obscured the regular user wouldn't realize the file had to be treated with care since he or she wouldn't know it wasn't secure and wouldn't know what it contained.

Now the reverse would also be true, a criminal might not know what it contained right away if it were obscured, but it's a safe bet he would steal the obscured files anyway and go play.

This doesn't mean there's no point having any kind of security system but the very best though. Awareness of how secure you truly are is what's important, what/who you are protected against. Obscurity/weak security really doesn't help this in most cases.

shinkamui 2010-01-18 14:50
Re: Warning - Exploit found, keep N900 to yourself until it's fixed!
 
Quote:
Originally Posted by slux (Post 479644)
Well, to put things into perspective I believe that not having them there in plaintext would only serve as making it slightly more difficult to do this as the software still has to decrypt and send the passwords when logging in and it would not be a major problem to snatch them if you have physical access to the system said software is running on.
Well, no point in making it idiot capable.

ewan 2010-01-18 15:25
Re: Warning - Exploit found, keep N900 to yourself until it's fixed!
 
Quote:
Originally Posted by slux (Post 479968)
As has been said, most were not calling for a non-trivial form of encryption but a trivial form that is better called obfuscation.
OK; but what's the counter-argument to the people that are actually calling for a proper solution using real encryption?

Using base64 or ROT13 is clearly stupid, but using the approach that Kwallet, Firefox (with a master password) etc. use is a bad idea because?......

herix1 2010-01-18 15:35
Re: IM, Email Passwords Are Stored as Plain Text
 
I have never backed up. I have never updated. my passwds are stored very nice and clear.

mahousaru 2010-01-18 16:15
Re: IM, Email Passwords Are Stored as Plain Text
 
I was always taught that security is implemented in multiple layers like an onion... Lots of little things add up to a more secure system. I guess some people know much better and that security is either on or off :p

tk421 2010-01-18 16:34
Re: IM, Email Passwords Are Stored as Plain Text
 
My password was showing but I added the MSN account again, after the 1.1 upgrade, and the password isn't there. My n900 locks after 5 mins anyway.

On my Linux PC there are services with plain text passwords in /etc. I just never leave my user logged in when I'm not there, same goes for the phone, but its not really a phone and I guess some people just don't get that.


All times are GMT. The time now is 14:22.
Page 11 of 15 « First 910 11 1213 Last »
Show 40 post(s) from this thread on one page

vBulletin® Version 3.8.8