[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ZipTorrent 1.3.7.3 Discloses Proxy Passwords to Local Users

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: ZipTorrent 1.3.7.3 Discloses Proxy Passwords to Local Users
From: Nicholas Knight <nknight@xxxxxxxxxxxxxx>
Date: Fri, 26 Aug 2005 15:50:39 -0700

Nick Boyce wrote:

Surely this is just another rehash of the same old debate that appears
here every now and then - the conclusion will always be that stored
passwords are inherently vulnerable.   They can be obfuscated as much
as you like, but it only needs one successful piece of R&D to render
the whole obfuscation scheme useless for everybody.
See http://marc.theaimsgroup.com/?t=92420089800002&r=1&w=2 http://marc.theaimsgroup.com/?t=94570694700003&r=1&w=2 for a couple of useful Bugtraq debates on this topic. [both in 1999 ... was that _really_ the last time this came up ?]

Good grief. Are DOS and Win9x concepts really so burned into people's brains that they can't recognize the proper solution for storing data where other users on a system can't get to it?

These aren't the days of single-user desktop operating systems anymore, people. You don't need inherently insecure obfuscation techniques to hide data, you just have to store it where it friggin' belongs -- IN THE USER'S HOME DIRECTORY.

References:
- ZipTorrent 1.3.7.3 Discloses Proxy Passwords to Local Users
  - From: kozan
- Re: ZipTorrent 1.3.7.3 Discloses Proxy Passwords to Local Users
  - From: Allen Parker
- Re: ZipTorrent 1.3.7.3 Discloses Proxy Passwords to Local Users
  - From: Nick Boyce

Prev by Date: XSS security hole in phpwebnotes.
Next by Date: Re: Tool for Identifying Rogue Linksys Routers
Previous by thread: Re: ZipTorrent 1.3.7.3 Discloses Proxy Passwords to Local Users
Next by thread: Re: Interspire ArticleLive 2005 (php version) is vulnerable to XSS
Index(es):
- Date
- Thread