| Prev |   7     8   9   10     11   | Next | Last
maemo.org - Talk
Page 9 of 15
Show 40 post(s) from this thread on one page

maemo.org - Talk (https://talk.maemo.org/index.php)
-   Maemo 5 / Fremantle (https://talk.maemo.org/forumdisplay.php?f=40)
-   -   IM, Email Passwords Are Stored as Plain Text (https://talk.maemo.org/showthread.php?t=41164)

pelago 2010-01-18 13:55
Re: Warning - Exploit found, keep N900 to yourself until it's fixed!
 
Quote:
Originally Posted by twaelti (Post 479882)
I can't believe the sheer arrogance of the ideologic "security folks", preaching supersecurity or none at all.
In practice, having weak security IS better than no security. In this case, at least having encoded passwords is still better than having plaintext. Becaus it at least prevents random/accidental password exposure. Otherwise we could pretty much also stop **** the password entry fields.
Read But surely something is better than nothing, right?

Venomrush 2010-01-18 13:56
Re: Warning - Exploit found, keep N900 to yourself until it's fixed!
 
Quote:
Originally Posted by Rob1n (Post 479921)
As it no longer appears to be happening in PR1.1, I'm not surprised.
I'm running PR1.1
Still seeing the 'issue'

javispedro 2010-01-18 13:57
Re: Warning - Exploit found, keep N900 to yourself until it's fixed!
 
Quote:
Originally Posted by Venomrush (Post 479916)
Bug has been marked as INVALID :(
It IS invalid. It's been explained a hundred times why.

Now, if you file a feature request for something like "ability to set a master password to be introduced every time before logging in to any service", then it may make sense to encrypt the passwords with that master password.

ewan 2010-01-18 13:59
Re: Warning - Exploit found, keep N900 to yourself until it's fixed!
 
The bug is not invalid. It may be closed as WONTFIX because it's too hard, but the complaint is entirely true.

Rob1n 2010-01-18 14:01
Re: Warning - Exploit found, keep N900 to yourself until it's fixed!
 
Quote:
Originally Posted by Venomrush (Post 479925)
I'm running PR1.1
Still seeing the 'issue'
Have you deleted and recreated the accounts since upgrading to PR1.1?

SubCore 2010-01-18 14:04
Re: Warning - Exploit found, keep N900 to yourself until it's fixed!
 
FWIW:

i have 2 IM accounts on my N900: MSN (using butterfly) and the built-in skype.

i created the skype account only 2 days ago (with PR 1.1), the MSN account is older, created with PR1.0.
the MSN password is stored in plaintext in accounts.cfg, but skype's password is NOT stored there at all.

i'm gonna recreate the MSN account in the evening when i get home, maybe someone else can try sooner :)

slender 2010-01-18 14:05
Re: Warning - Exploit found, keep N900 to yourself until it's fixed!
 
Quote:
Originally Posted by zwer (Post 479920)
The `mom` argument is even more ludicrous (specially for grownups that don't live in their moms basement :P) - your mom wouldn't know where to look for the said file. If she would, chances are that she knows how to base64/whatever-fully-reversible-algorithm-is-used decode it. And yes, she might find a site on the internet that shows where the said file is, but then again, if it were obfuscated there would be instructions how to deobfuscate it.
I know where to find it and i have no idea how to encrypt that kind of encyption. You probably have too high expections about fellow citzens or I´m just below you standard of average man. Prepare for dissapointmens with people and living in a world where all the other people seem to be a bit stupid :) Hey I just described world view of normal Linux "guru" :P

joelus 2010-01-18 14:09
Re: Warning - Exploit found, keep N900 to yourself until it's fixed!
 
I don't think it's invalid at all. I would at least like the option of being asked for my password every time I log into a service rather than having it stored in plain text.
I mean once I'm logged in, I won't need to type it again until I disconnect or log out?

javispedro 2010-01-18 14:13
Re: Warning - Exploit found, keep N900 to yourself until it's fixed!
 
Quote:
Originally Posted by joelus (Post 479947)
I don't think it's invalid at all. I would at least like the option of being asked for my password every time I log into a service rather than having it stored in plain text.
And I think that's a valid feature request (in fact, it seems like the bug report mentioned on this thread has been converted to that).

slender 2010-01-18 14:14
Re: Warning - Exploit found, keep N900 to yourself until it's fixed!
 
How you measure "false feeling of security"?

Do people behave carelessly when passwords are encrypted? Any studies about this?

I would be offended if someone said to me that I´m careless because I falsely think that I´m safe because of some non trivial encryption. Actually I would be really offended because that´s basically saying "You are a bit stupid ain´t you?"


| Prev |   7     8   9   10     11   | Next | Last
All times are GMT. The time now is 21:37.
Page 9 of 15
Show 40 post(s) from this thread on one page

vBulletin® Version 3.8.8