[CoLoCo] (no subject)

David Overcash funnylookinhat at gmail.com
Wed Sep 26 02:52:51 BST 2007 

I can confirm that they were in fact fixed.  The plain text password exploit
was related to the installer script (known as Ubiquity) keeping the root
password that you select in a plain text file in the system after
installation rather than immediately deleting it.  This was fixed back
between Dapper / Edgy.

-David

On 9/25/07, Jim Hutchinson <jim at ubuntu-rocks.org> wrote:
>
> Plain text passwords than Andrew referred to have been fixed - I think.
>
> On 9/25/07, Neal McBurnett <neal at bcn.boulder.co.us> wrote:
> > On Tue, Sep 25, 2007 at 04:40:39PM -0600, Jim Hutchinson wrote:
> > > I think that's been fixed.
> > >
> > > On 9/25/07, Andrew <keen101 at gmail.com> wrote:
> > > > I heard that the Canonical people were planning to fix the security
> flaw in
> > > > Ubuntu, where passwords are kept in plain text.
> >
> > Huh?  You'll have to be a bit more specific there for me.
> >
> > But this google result was a disappointment for me about gaim/pidgin:
> >
> >  http://www.osnews.com/story.php/17964/Insecure-Passwords-on-GaimPidgin/
> >
> > $ grep password $HOME/.{gaim,pidgin}/accounts.xml
> >
> > Neal McBurnett                 http://mcburnett.org/neal/
> >
> > --
> > Ubuntu-us-co mailing list
> > Ubuntu-us-co at lists.ubuntu.com
> > Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-us-co
> >
>
>
> --
> Please avoid sending me Word or PowerPoint attachments.
> See http://www.gnu.org/philosophy/no-word-attachments.html
>
> --
> Ubuntu-us-co mailing list
> Ubuntu-us-co at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-us-co
>



-- 
---------------------------------------------------------
http://www.funnylookinhat.com
AIM: FunnyLookinHat
ICQ: 40145621
MSN: funnylookinhat at gmail.com
Jabber: funnylookinhat at gmail.com
IRC: irc.freenode.net
---------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/ubuntu-us-co/attachments/20070925/3fef6d0e/attachment-0001.htm

More information about the Ubuntu-us-co mailing list