Lack of security in OpenSource?
It was an unpleasant surprise to me to find out for the first time that passwords on my favorite instant messaging client, Gaim, were stored in a plain text file, and the only “security” the software offers is the native Unix privilege rights, thus very invulnerable, was hoping things would change with Pidgin, but in vain: the same “feature” is used in Pidgin and all OpenSource programs based on purple library, this includes Finch, Adium for Mac OS X, … and non purple based, such as Licq and Psi.
According to Pidgin developers, to “obscure a password” is to
do something to store the password in some format other than plain text, but we automatically convert it for you. This is security by obscurity, and is a Very Bad Thing™ in that it gives users a false sense of security that we (Pidgin, Finch, and libpurple developers) believe would be worse to have than to let informed users deal with the password issue themselves. Consider that a naive user might think that it is safe to share his or her accounts.xml, because the passwords are “encrypted”.
They add that not more secure are the other proprietary IM software, such as ICQ, AOL IM, Triton, Yahoo!, MSN, Gtalk, Miranda, … Well I believe that: once you find out about the algorithm used you can decrypt back the so called encrypted password.
The best thing not to make an illusion of security according to Pidgin developers, and to really secure one’s password, is to encrypt the config.xml file once the software is closed, using OpenSSL or GnuPG or whatsoever.
However the method above can be unsecure as well in case you forget to encrypt or to delete the original file (yeah “to forget” happens to the security gurus too), that’s why the only thing I recommend is to never save your password if you want your data secure.
December 30th, 2007 at 9:27 am
Kopete also use a file to save password and logname
and you can copy files of windows live messenger from the computer of your friend.
and many free software can find the password to hack your friend
it work fine
December 30th, 2007 at 4:58 pm
Hi,
Yes, it’s a real problem. But, i found a tip in ubuntugeek.com :
You must download this patch in your Pidgin directory and do this :
tar xf master-password.patch.tarpatch -p 1
After that, you will see a new tab called "security" in the preferences to fix the problem.
Have a nice day !
December 30th, 2007 at 5:04 pm
Excuse me, i make a mistake with the
tag, the code is :tar xf master-password.patch.tar
patch -p 1
December 30th, 2007 at 5:09 pm
You have a problem with the “
" tag ? Anyway,.. the code is :tar xf master-password.patch.tar
patch -p 1
December 30th, 2007 at 5:12 pm
Damn it ! Can you delete my two last posts and replace the code of the first by the following ? Thanks !
tar xf master-password.patch.tar
patch -p 1
February 23rd, 2008 at 7:19 pm
je t tagué
regarde plouch plouch
March 13th, 2008 at 9:05 pm
Hey, man. Are you alive ?
May 10th, 2008 at 2:57 pm
PING!
June 6th, 2008 at 6:38 pm
Salut!
Comment passiez vous cette période de surveillance des examens chers collègues ? N’avez-vous pas l’impression que ce sont toujours les mêmes têtes qui surveillent ? Mais pourquoi cette discrimination ? Ne sommes- nous pas tous des enseignants sensés surveiller et corriger ? Pourquoi n’y a-t-il pas un dû/ une charge horaire de surveillance fixe pour chaque grade d’enseignant ?
April 19th, 2010 at 12:40 pm
Не вижу ничего в этом плохого, если честно. По крайней мере то что на Вашем сайте ведутся обсуждения среди пользователей, сайт точно не испортит. А не то так сразу и форумы прикрыть можно.
June 29th, 2010 at 3:54 am
百度
[url=http://www.sina.com]sina[/url]
June 29th, 2010 at 3:54 am
uggs outlet
ugg boots sale
uggs
July 2nd, 2010 at 11:01 am
Yes some chat messengers have this type of problems. Our password is saving in it on simple text files. We can find much software on internet to hack passwords.
July 16th, 2010 at 3:23 am
I enjoyed this post.
July 23rd, 2010 at 8:20 am
Are you still worrying about the coldness in Winter? Moncler down Jackets uses 100% genuine down and high quality fabrics to keep warm. Simple and modern design may not attracts your eyes at first. But if you put it on, you must be our of the ordinary. That is the design concept of many big brands. Here, buymoncler offers a lot of down jackects and Leisure shoes for Men and Women, and also kids. Choose one for yourself or your family, you will be the unique ones of this winter. – comes from http://www.BuyMoncler.net/
July 28th, 2010 at 4:11 am
For a website totally dedicated to Wholesale NFL jerseys visit Maggie’s Website Buy Cheap NFL Jerseys and more, including vintage NFL jerseys.
August 2nd, 2010 at 1:23 pm
Nice article,You did a good job,and i just got one Minnesota Vikings jerseys and New Orleans Saints jerseystoday,so pleasure…..
August 3rd, 2010 at 2:07 am
christian louboutin almost become a boundless artifact in this year’s most In trend. Louboutin d’orsay There will be stars to select it at altar almost on every bash and every awarding ceremony, which makes Christian Louboutin become an image of the most fashionable high-heeled shoes.
August 4th, 2010 at 8:00 am
gucci online shop
mbt shoes women
ugg boots online
August 17th, 2010 at 2:51 am
christian louboutin shoes,I thought that this kind of shoes is God’s masterpiece, she is the pet —— beautiful women’s best prize which God bestows to the world.
Girls, coming, and puts on it, then you will be the most beautiful angel on the world.christian louboutin lambskin leather ROLANDO Black suede is a classic style,it is Black suede pumps with a heel that measures approximately 100mm / 4 inches.
Christian pumps have an almond toe and a signature red sole.For more information you can search on the website: http://www.luxuryshoesdirect.co.uk
August 20th, 2010 at 3:19 am
Christian louboutin boots louboutin was a native Parisian, he likes to draw all kinds of shoe plan sketches from his childhood, and he began his internship at Charles Jourdan in the 70s. Louboutin d’orsay After effective ten existence for Chanel and Yves Saint Laurent, Christian Louboutin opened the first gather in Paris in1991 and started his own career.
Ysl Sandals In 1992, one day christian shoesgrabbed his helper’s red nail polishes and encrusted the shoe soles red in his invent sketch maps. Then Christian Louboutin was intuitive. He practical for a patent for the Red-soled shoes suddenly. The red underside informs people i intended that the shoes. Women irksome the shoes will interest more men”. Saying Christian Louboutin.
August 22nd, 2010 at 2:43 am
If you are willing to buy a house, you will have to receive the loans. Furthermore, my brother usually utilizes a small business loan, which is really firm.
August 23rd, 2010 at 12:51 pm
Great, I learn lots of things from your post. and as a return, I tell you a nice place where you can purchase many kinds of jerseys, especially cheap nfl jerseys, cheap jerseys
August 25th, 2010 at 2:53 am
christian louboutin,I thought that this kind of shoes is God’s masterpiece, she is the pet —— beautiful women’s best prize which God bestows to the world.
Girls, coming, and puts on it, then you will be the most beautiful angel on the world. christian louboutin shoes lambskin leather ROLANDO Black suede is a classic style,it is Black suede pumps with a heel that measures approximately 100mm / 4 inches.
Christian pumps have an almond toe and a signature red sole.For more information you can search on the website: http://www.louboutinshoesmart.com
August 26th, 2010 at 8:33 am
Soon after sail shop break in Paris, Caroline,Princess of Morocco, destroy in dearest with red soled shoes of cheap christian louboutin shoes . Then set off a wave of red soled shoes in Hollywood, while 18 time agreed, the Red-soled shoes stood out majestically. Christian Louboutin has also suffered the low ebb in his trade career.
He got inspiration from the journey and designed a string of bags in 2003. However, this series is not a very good sales after the catalog, he did not care about it evidently, Christian Louboutin had said frankly: Try a new propose is my prevalent hobby, sensation or collapse is not important, I most have is the fun in the procedure.
" christian louboutin boots says the key to success in the shoes’ devise concern is to get the comfortable and durable shoes’ form and the sexy and attractive shoes’ influence combined entirely. "Much of my inspiration originates from the feelings of my life; I’m not used to the speedy rate of municipal life. If you unhurried down your lick, life will take you by alarm." Over 100000 software pile here and gratis downlaods - Hifreeware.com — free software. Links of London Jewellery,Buy miserly Links of London jewellery at Onsale Links — family of christian louboutin pumps .
August 30th, 2010 at 9:52 am
Soon after sail shop break in Paris, Caroline,Princess of Morocco, destroy in oled shoes of cheap christian louboutin shoes . Then set off a wave of red soled shoes in Hollywood, while 18 time agreed, the Red-soled shoes stood out majestically. Christian Louboutin has also suffered the low ebb in his trade career.
He got inspiration from the journey and designed a string of bags in 2003. However, this series is not a very good sales after the catalog, he did not care about it evidently, Christian Louboutin had said frankly: Try a new propose is my prevalent hobby, sensation or collapse is not important, I most have is the fun in the procedure.
" christian louboutin boots says the key to success in the shoes’ devise concern is to get the comfortable and durable shoes’ form and the sexy and attractive shoes’ influence combined entirely. "Much of my inspiration originates from the feelings of my life; I’m not used to the speedy rate of municipal life. If you unhurried down your lick, life will take you by alarm." Over 100000 software pile here and gratis downlaods - Hifreeware.com — free software. Links of London Jewellery,Buy miserly Links of London jewellery at Onsale Links — family of christian louboutin pumps .