Re: Warning - Exploit found, keep N900 to yourself until it's fixed!
 

i have the PR1.1 fw installed and i had plain password in that file too

but i removed all the IM services and added them again and took a backup and the password does not show up anymore in that file... hmm

Re: Warning - Exploit found, keep N900 to yourself until it's fixed!
 

there's too many stupid excuses coming up in this thread, if it was apple iphone it would already be on the lunch time news about it.
there is no other device in my possession what allows the exploit of passwords via a simple type of few words in a web browser and saying dont let it out your hands is not a solution. How is easy would it be for family and friends to spy on each other and yes it does happens amongst insecure people..
lastly how easy would it be for someone to code something to feed that data to a server?

Re: Warning - Exploit found, keep N900 to yourself until it's fixed!
 

Storing passwords in plaintext EVER =

http://skepticalteacher.files.wordpr...8/facepalm.jpg

Seriously, it's about 3 more lines of code to encrypt it!

Re: Warning - Exploit found, keep N900 to yourself until it's fixed!
 

Like already mentioned, providing a false sense of security through obscuring the passwords would do no good either. They would still be easily accessible by determined "friends"/family members and malicious programs.

Re: Warning - Exploit found, keep N900 to yourself until it's fixed!
 

Funny thing is we probably wouldn't even be having this conversation if Nokia had done ROT-13 on those.

On the other hand somebody might now be thinking their passwords are safe.

Re: Warning - Exploit found, keep N900 to yourself until it's fixed!
 

Bring it on, show us :) I'm willing to bet that we will be able to dissect anything you come up with due to the physical access to device.

Re: Warning - Exploit found, keep N900 to yourself until it's fixed!
 

but why leave the door open to even make it easy for non tech minded people

Re: Warning - Exploit found, keep N900 to yourself until it's fixed!
 

you know, if you go to "file:///home/user/.ssh/id_rsa", you can see the PRIVATE key file of the N900's user! omg! :)

seriously, i bet the iPhone and android do the same basically, the exact location might be a bit more obscure, but it certainly isn't "encrypted" there, either.

saving as a hashed string might be enough to soothe concerns here, and should be fairly easy to implement.

Re: Warning - Exploit found, keep N900 to yourself until it's fixed!
 

You are aware that the private key is usually encrypted as well ;)

And it can be any other name :) Hell it could be anywhere else at that :)
A salted md5 hash would probably more or less avoid many of the concerns.

Re: Warning - Exploit found, keep N900 to yourself until it's fixed!
 

A salted MD5 hash won't help you autologin to your favourite IM.