Sorry your browser is not supported!

You are using an outdated browser that does not support modern web technologies, in order to use this site please update to a new browser.

Browsers supported include Chrome, FireFox, Safari, Opera, Internet Explorer 10+ or Microsoft Edge.

Geek Culture / FF2 / IE7 Major Security Flaw

Author
Message
indi
22
Years of Service
User Offline
Joined: 26th Aug 2002
Location: Earth, Brisbane, Australia
Posted: 24th Nov 2006 06:09 Edited at: 24th Nov 2006 06:10
Link
Passwords are not secure.
http://www.earthtimes.org/articles/show/10807.html
hopefully reviewed next upgrade.

A small notebook and a pencil, with passwords encrypted in that with your own internal memory algorithm will always beat digital protection, however sniffing the data on entry is an entirely different worry.

Safari gets another notch in my book as well.

Back to top
Profile PM Email
Kenjar
19
Years of Service
User Offline
Joined: 17th Jun 2005
Location: TGC
Posted: 24th Nov 2006 10:17 Edited at: 24th Nov 2006 10:18
Link
Thanks for the heads up. However I don't store passwords as s rule. Ever since Firefox "imported" all passwords and links alarm bells went up for me. It's information clearly stored in such a way that it's allowed or at least able to be copied. I dunno about you, but at very least I'd want IE6/ 7 to store my login names and passwords in a protected, encrypted file, not in a location where a third party product can come along and "import" all the data. It's only a matter of time, if it hasn't happened already, for a clever trojan to import your data then export it to an external site!

[center]Your signature was too large... I can't tell a lie, I was so totally jelous of it I abused my moderator powers. I've stollen your signature! - The Abusive Moderator Team![center]
Back to top
Profile PM Email Website
indi
22
Years of Service
User Offline
Joined: 26th Aug 2002
Location: Earth, Brisbane, Australia
Posted: 24th Nov 2006 10:18
Link
yep, viva la notepad nothing digital is secure.

Back to top
Profile PM Email
Kenjar
19
Years of Service
User Offline
Joined: 17th Jun 2005
Location: TGC
Posted: 24th Nov 2006 10:20
Link
Oh I dunno, you've just got to setup a proper encryption. There was an e-mail encryption fad a few years ago with 1024-bit encryption, the FBI was very, very annoyed because they couldn't break it.

[center]Your signature was too large... I can't tell a lie, I was so totally jelous of it I abused my moderator powers. I've stollen your signature! - The Abusive Moderator Team![center]
Back to top
Profile PM Email Website
indi
22
Years of Service
User Offline
Joined: 26th Aug 2002
Location: Earth, Brisbane, Australia
Posted: 24th Nov 2006 10:24 Edited at: 24th Nov 2006 10:25
Link
I know, nothing is secure with time and persistence, its a golden computer rule, thats why one time keypads are used in critical situations, a glorified notepad.

Back to top
Profile PM Email
Fallout
22
Years of Service
User Offline
Joined: 1st Sep 2002
Location: Basingstoke, England
Posted: 24th Nov 2006 10:33
Link
That's the most obvious security problem in the world. I can't believe it'd be that easy to exploit. That's rediculous. The industry is just full of cowboys that don't take our privacy seriously, or aren't smart enough to get the job done.


Back to top
Profile PM
Kenjar
19
Years of Service
User Offline
Joined: 17th Jun 2005
Location: TGC
Posted: 24th Nov 2006 11:38
Link
Quote: "I know, nothing is secure with time and persistence, its a golden computer rule, thats why one time keypads are used in critical situations, a glorified notepad."


I suppose it depends on how you define the word. In true essance, then yes you are right, nothin is unbreakable.

However, Secuity can be simply a matter of making the task so long, and drawn out that it's impossible to do with a half dozen computers in a reasonable amount of time. No one is going to spend weeks or months and months attempting to break the encryption on a file simply so they can get a password to TGC forums, about a half dozen other forums, a couple of gaming websites and possibily a home shopping website. Now if I was running a bank, I'd be worried, but not for me, Mr Joe Average, with more debt then funds.

[center]Your signature was too large... I can't tell a lie, I was so totally jelous of it I abused my moderator powers. I've stollen your signature! - The Abusive Moderator Team![center]
Back to top
Profile PM Email Website
Benjamin
21
Years of Service
User Offline
Joined: 24th Nov 2002
Location: France
Posted: 24th Nov 2006 11:41
Link
Quote: "password to TGC forums, about a half dozen other forums, a couple of gaming websites and possibily a home shopping website"

But who would be stupid enough to use the same password for all those things anyway?

Tempest - P2P UDP Multiplayer Plugin (DBP/DBCe)
Download the free version
Back to top
Profile PM Email
Kenjar
19
Years of Service
User Offline
Joined: 17th Jun 2005
Location: TGC
Posted: 24th Nov 2006 13:02 Edited at: 24th Nov 2006 13:03
Link
And who would be stuid enough to spend weeks or months brute force hacking an encryped file that merely contained these things? Get my point now?

[center]Your signature was too large... I can't tell a lie, I was so totally jelous of it I abused my moderator powers. I've stollen your signature! - The Abusive Moderator Team![center]
Back to top
Profile PM Email Website
Fallout
22
Years of Service
User Offline
Joined: 1st Sep 2002
Location: Basingstoke, England
Posted: 24th Nov 2006 13:06
Link
I still remember the few hacker lectures I had at uni. The hacker's number 1 tool for hacking .... looking over your shoulder when you type in your password. Good old fashioned bearded espionage.


Back to top
Profile PM
Benjamin
21
Years of Service
User Offline
Joined: 24th Nov 2002
Location: France
Posted: 24th Nov 2006 13:52
Link
Quote: "Get my point now?"

No, not really.

Tempest - P2P UDP Multiplayer Plugin (DBP/DBCe)
Download the free version
Back to top
Profile PM Email
Lost in Thought
20
Years of Service
User Offline
Joined: 4th Feb 2004
Location: U.S.A. : Douglas, Georgia
Posted: 24th Nov 2006 15:03
Link
I like how everyone says FF is so much more secure than IE and yet it is weaker than IE in such an obvious security flaw. I am a little dissappointed in IE as well, but when you use password remembering you are asking for trouble anyway. It only takes 5 to 6 seconds to type in the longest of passwords I have. I use the remember username which also kinda makes it easier for them to target you, but not as bad as the UserN and PW.

I use the same password for everything pretty much. There are enough digits in the pw for protection though (takes me a while to type in). I have a lot lower digit on simpler stuff like email that I care not 1 iota if anyone gets access to. There's not really anything I have that matters if anyone gets my password or not. My funds are insured and if someone gets my information and uses them I am not liable. Even I can't order stuff sometimes because it's so strict. And I can always setup my own email accounts.

Back to top
Profile PM Email
Kenjar
19
Years of Service
User Offline
Joined: 17th Jun 2005
Location: TGC
Posted: 24th Nov 2006 15:03 Edited at: 24th Nov 2006 15:15
Link
Quote: "No, not really."


* Shurgs *

Quote: "I use the same password for everything pretty much. There are enough digits in the pw for protection though (takes me a while to type in). I have a lot lower digit on simpler stuff like email that I care not 1 iota if anyone gets access to. There's not really anything I have that matters if anyone gets my password or not. My funds are insured and if someone gets my information and uses them I am not liable. Even I can't order stuff sometimes because it's so strict. And I can always setup my own email accounts."


Tut tut. Personally I use the same password for low level sites such as forums, and other non-important websites. But anything that has my credit card information typed in gets a uniqe password which I keep sperately on an old Zire 21 PDA, which is never, never synced to my desktop or laptop. The Palm itself is password protected of cause. Of cause if I lost the PDA, then I might be in trouble, but equally if I couldn't find the thing, which is always kept in the same place for more than a few hours, then I'd likely change the passwords on those sites, or at least contact the sites such as abbey national to report a secuity breech. Because the PDA turns itself off every three minutes without activity, it means there's quite a small window for someone to grab the information. I really only do this out of habbit, I used to carry company bank information because I was responsible for ordering supplies, and contacting some clients. In the end it was the most secuire way of keeping the information.

[center]Your signature was too large... I can't tell a lie, I was so totally jelous of it I abused my moderator powers. I've stollen your signature! - The Abusive Moderator Team![center]
Back to top
Profile PM Email Website
Siolis
18
Years of Service
User Offline
Joined: 19th May 2006
Location:
Posted: 24th Nov 2006 16:38
Link
Im still on firefox one and dont plan on "upgrading" any time soon. Not at least untill they start using industrial brand of spray on some of them bugs

Your signature has been erased by a mod because it's larger than 600x120
Back to top
Profile PM Email
Kenjar
19
Years of Service
User Offline
Joined: 17th Jun 2005
Location: TGC
Posted: 24th Nov 2006 16:53
Link
FF 2.0 is a good stable browser. If you're comitting secuity data to it, then you are very unwise. Frankly doing it with any browser is highly unwise. That's just life. But FF2 as some nice features, it runs well, so far I've seen no real life problems occure.

[center]Your signature was too large... I can't tell a lie, I was so totally jelous of it I abused my moderator powers. I've stollen your signature! - The Abusive Moderator Team![center]
Back to top
Profile PM Email Website
Seppuku Arts
Moderator
20
Years of Service
User Offline
Joined: 18th Aug 2004
Location: Cambridgeshire, England
Posted: 24th Nov 2006 17:52
Link
Thanks for the heads up, removed all my remembered passwords.

"Cut down the gods if they stand in your way" - Hakamoto Tsunetomo
Back to top
Profile PM Website
NeX the Fairly Fast Ferret
19
Years of Service
User Offline
Joined: 10th Apr 2005
Location: The Fifth Plane of Oblivion
Posted: 24th Nov 2006 19:51
Link
*Picks up Zire 21 owned by Kenjar*
Hmm...
Tap-Tap-Tap-Tap
Your passwords are mine! Muhahahaha!


Since the other one was scaring you guys so much...
Back to top
Profile PM Website
Kenjar
19
Years of Service
User Offline
Joined: 17th Jun 2005
Location: TGC
Posted: 24th Nov 2006 20:55
Link
I warn you don't try! I've trained my cat to firmly attach itself to the face of any intruder, claws first.

[center][center]
Back to top
Profile PM Email Website
Back to top

Login to post a reply

Server time is: 2024-11-17 21:43:24
Your offset time is: 2024-11-17 21:43:24