Today, while I was trying to create a SIP Presence account for VoIPBuster, Pidgin kept crashing. I had to find its settings in my personal folder in order to manually edit the accounts.xml file and remove the entry (so Pidgin could start up again normally instead of keep crashing on load). When I opened the accounts.xml file with a plain text editor, all the passwords of all my accounts were listed out in the open in plain text. This is not a new issue, it was discussed many times before, but it can still be a surprise for most users.
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:2005-07-06
Member since:2005-06-28
Member since:2005-07-06
Very true. Giving average users a false sense of security is the worst thing you can do. If someone would want real security in this issue, password storing should not be allowed so the user would need to explicitely authenticate him/herself before every and each login to the im network.
This whole issue is a non-issue really. Local passworsd storage is a comfort feature, not a necessity. If someone doesn't trust it, shouldn't use it.
Member since:2005-08-18
"None of you around here get it. "
The problem is that you don't get security.
"Even if a solution is not 100% hacker proof, at least it's DADDY proof."
Instead of having applications implement hair brained (in)security schemes you should just secure your computer from daddy.
"It is better to have SOMETHING, than having what we have now, which is one big fat *nothing*."
No it isn't. A false sense of security (be it daddy-proof or whatever) is not better than knowing you don't have any security.
Member since:2005-06-28
Well, I disagree. You are talking high-level and philosophically, while I am talking practically. While a malware written by a CAPABLE hacker can break an encryption of an IM app, passwords won't snooped, neither they can be broken by Joe Users or less-capable script kiddies. It is FAR easier parsing an XML file rather than BREAKING an encryption. You like it or not, that's how it is.
Member since:2007-05-23
I simply have to disagree. Passwords are not stored somewhere that'd you'd stumble across them unintentionally (in another person's homedir, at that). If Daddy is seeing the stored passwords, then Daddy is doing it intentionally. If gaim implements unauthenticated encryption for stored passwords, I have no doubt someone will implement an online cracker for it. Daddy will not be stopped, because if Daddy has found where passwords are stored, he's probably able to google up a cracker.
Member since:2005-06-28
Member since:2007-03-22
"It is better to have SOMETHING, than having what we have now, which is one big fat *nothing*".
Not true, you have file system permissions.
The feature is only used when you tick "Remember password", and then it can only be viewed by users with read permissions on your profile directory (usually only you and the system administrator).
Firefox even has a "Show Passwords" button in the options window to show all saved passwords. Is that also a security bug?
Member since:2005-07-09
Member since:
2005-06-28
None of you around here get it.
Even if a solution is not 100% hacker proof, at least it's DADDY proof. It is better to have SOMETHING, than having what we have now, which is one big fat *nothing*.