'Big Honking Security Hole' or something else?
Tony Pursell
ajp at princeswalk.fsnet.co.uk
Mon Oct 18 09:17:26 UTC 2010
On Mon, 2010-10-18 at 10:18 +0200, Dotan Cohen wrote:
> On Mon, Oct 18, 2010 at 03:01, Anthony Papillion <papillion at gmail.com> wrote:
> > So, tonight I've been poking around my system and was looking around in
> > the Password and Encryption Keys application. I've stored a few website
> > logins and I notice they are sitting there IN PLAIN TEXT and very readable!
> >
> > While I grant that accessing this information would probably require
> > physical access to the machine (though, maybe, SSH would allow access to
> > it too), isn't this a problem? The fact that usernames and passwords
> > are just sitting there in clear text?
> >
> > Is there something I'm not understanding?
> >
>
> it may or may not be a problem. Which file, exactly, was the data in?
> Did you previously unlock your keyring?
>
> I happen to agree that even if the keyring is unlocked the data should
> not be sitting around in plain text.
>
> --
> Dotan Cohen
>
> http://gibberish.co.il
> http://what-is-what.com
>
Indeed, if you go to System > Preferences > Passwords & Encryption Keys,
expand Passwords, click on a line, click Properties, click Password,
Check 'Show Password', it does show the password. But the fact is, that
you have logged in with your own password. If your computer is
vulnerable to 'snoopers' or remote login attacks, you need to ensure
that you observe due security anyway. Strong login password, logging out
when you leave the PC, etc, etc, because there is more at stake than
your passwords.
Tony
More information about the ubuntu-users
mailing list