IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 1 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Security Forum / Ummm ... I disagree
Post #171,053
by drewk
Picture of drewk
8/26/04 12:18:25 PM
Reply
New Ummm ... I disagree
In order for a browser to "remember" passwords, they have to be kept somewhere the browser can see. If I felt like it I could check the Mozilla source and see where it puts it and look that info up pretty easily. What this really shows is how insecure the "remember this password" function really is. That's why I never use it.

And hey, they know that too:
"The public should have access to this technology," says Alex Konanykhin, CEO of KMGI, "not only for the benefits it will afford them, but to better understand how unprotected their private information currently is. Exposure is the first step to solving the problem."
Their tool isn't really the problem, and Windows users aren't the only ones vulnerable to this. The problem is the feature itself.
===

Implicitly condoning stupidity since 2001.
Post #171,071
by Steven A S
Picture of Steven A S
8/26/04 3:10:23 PM
Reply
New Re: Ummm ... I disagree
Mozilla keeps it's password in "Documents and Settings\\username\\Application Data\\Mozilla\\Profiles\\default\\profileid\\########.s" the userid and password seem to be encrypted even if you have Encrypt Sensitive Data off. Note, username is a given, but profileid and ######## will be different on each computer.
~~~)-Steven----

"I want you to remember that no bastard ever won a war by dying for his country.
He won it by making the other poor dumb bastard die for his country..."

General George S. Patton
Post #171,087
by Arkadiy
Picture of Arkadiy
8/26/04 4:26:11 PM
Reply
New Encrypted?
As in DMCA?

[link|http://www.holgermetzger.de/moz-passwords.html|http://www.holgermet...oz-passwords.html]
--

"...was poorly, lugubrious and intoxicated."

-- Patrick O'Brian, "Master and Commander"
Post #171,195
by Steven A S
Picture of Steven A S
8/27/04 8:51:27 AM
Reply
New OK, didn't say it was well encrypted
~~~)-Steven----

"I want you to remember that no bastard ever won a war by dying for his country.
He won it by making the other poor dumb bastard die for his country..."

General George S. Patton
     Windows passwords easily revealed - (Steve Lowe) - (13) - Aug. 26, 2004, 11:50:36 AM EDT
         Not sure which passwords in question? - (Nightowl) - Aug. 26, 2004, 12:09:04 PM EDT
         This only goes to show you Passwords are not the... - (folkert) - Aug. 26, 2004, 12:11:55 PM EDT
         Ummm ... I disagree - (drewk) - (3) - Aug. 26, 2004, 12:18:25 PM EDT
             Re: Ummm ... I disagree - (Steven A S) - (2) - Aug. 26, 2004, 03:10:23 PM EDT
                 Encrypted? - (Arkadiy) - (1) - Aug. 26, 2004, 04:26:11 PM EDT
                     OK, didn't say it was well encrypted -NT - (Steven A S) - Aug. 27, 2004, 08:51:27 AM EDT
         Simpsons did it. - (altmann) - (2) - Aug. 26, 2004, 04:31:19 PM EDT
             OT: Auto abbreviation of URLs is sometimes amusing -NT - (Meerkat) - (1) - Aug. 26, 2004, 10:43:16 PM EDT
                 <snigger type=schoolboy/> -NT - (pwhysall) - Aug. 27, 2004, 12:34:50 PM EDT
         This isn't real, right? - (pwhysall) - (3) - Aug. 27, 2004, 12:34:04 PM EDT
             Real in what way? - (broomberg) - (2) - Aug. 27, 2004, 07:29:27 PM EDT
                 The software really exists? - (pwhysall) - (1) - Aug. 27, 2004, 07:48:16 PM EDT
                     Yup - (broomberg) - Aug. 27, 2004, 08:18:58 PM EDT

Ho ho, then you ain't gettin' no Coke!
91 ms