One critical security flaw...

Casey Ho pidgin at caseyho.com
Tue Jan 12 22:16:56 EST 2010


Just a random comment: Lifehacker had an entire section in an article about
Pidgin's password security yesterday, so expect this to crop up more than
usual in the near future.

-Casey

On Tue, Jan 12, 2010 at 3:35 PM, Daniel Atallah <daniel.atallah at gmail.com>wrote:

> On Tue, Jan 12, 2010 at 18:33, Sarah Pillsbury
> <shodan_is_grood at yahoo.com> wrote:
> > Saved passwords are stored in plain, human-readable format. Why should
> this
> > even be considered as a viable method of storing login information when
> we
> > live in an age that malware often searches for such things on their
> infected
> > hosts, using this info to open avenues with which to spread itself!? I'm
> no
> > programmer and I know that the most major of issues with open-source
> > software is the same as its benefit (anyone can look through its code to
> > deconstruct how it works, ) which may negate most of the usefulness of
> > encrypting such information, but surely some bit of encryption could at
> > least partially stave off the prying eyes of real, living snoopers who
> know
> > where to look for that vital information they need to screw their
> > Pidgin-using target over with.
>
> http://developer.pidgin.im/wiki/PlainTextPasswords
>
> -D
> _______________________________________________
> security mailing list
> security at pidgin.im
> http://pidgin.im/cgi-bin/mailman/listinfo/security
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20100112/912e3ed5/attachment.htm>


More information about the security mailing list