Many people were shocked when root password readable in clear text with ubuntu, but that was nothing much to me since I’m not using ubuntu, and don’t plan to return back to it after my dissapointing 2 day trial session with it before.
The shock came to me when I found out that gaim stores password in plain text too!. It might be nothing new to some people, but for me, I found that out when checking my ~/.gaim/accounts.xml. My YM and google talk account has been set to auto login with saved password (I’m just too lazy to login everytime), and apparently, settings of each of the accounts are stored in the file in xml format, and the passwords in the plain.. I don’t mind much for people to use my id with the instant messaging stuff, but to use the password to login to my email accounts, which might lead to discovery of passwords to other account’s. Sigh..
Guys (and gals), don’t be a lazy person like me and stop using the ‘remember password’ function.
p/s: for those who keep their terminal open, people can easily install web developer extension to firefox and to able to view the stored password that’s normally replaced with *** (asterisks) in plain text using the Show Passwords function.
3 Comments on this post
Leave a Commenteh… scary… considering most people use the same password for many, many things… dari ym ke account pin blah blah..
Comment left on 3.22.2006 by noris
If to rate me as a security paranoid to a carefree end user, I’m more to the carefree end user..
Comment left on 3.22.2006 by shakir
Forgot to include that stored passwords can also be viewed in firefox from the Edit/Tools->Prefereces->Privacy->Saved Passwords->View Saved Passwords.
Be warned, don’t trust those sharing your pc. And, don’t just go to other’s pc and start harvesting passwords
Comment left on 4.21.2006 by shakir