Linked by Eugenia Loli on Wed 23rd May 2007 00:46 UTC
Privacy, Security, Encryption Today, while I was trying to create a SIP Presence account for VoIPBuster, Pidgin kept crashing. I had to find its settings in my personal folder in order to manually edit the accounts.xml file and remove the entry (so Pidgin could start up again normally instead of keep crashing on load). When I opened the accounts.xml file with a plain text editor, all the passwords of all my accounts were listed out in the open in plain text. This is not a new issue, it was discussed many times before, but it can still be a surprise for most users.
Permalink for comment 242525
To read all comments associated with this story, please click here.
by linuxh8r on Wed 23rd May 2007 02:28 UTC
Member since:

I thought since this was an open source application it would be so much more secure.

I thought since the code was available for all to see and security flaws would be found and plugged immediately.

How could this happen? I thought open source development was supposed to find and fix these vulnerabilities quickly. According to the article this has been around for a while.

Given that this is such a simple application (compared to say the linux kernel), I can only imagine how many stupid security flaws exist in the Linux kernel, or Samba, or X.Org, etc...

I guess it goes to show that open source software isn't as safe as we've been led (brainwashed) to believe.

Reply Score: -4