lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <6130FAF67D15D411BF7100E01899071F5F978E@stork.mightyoaks.local>
From: david.vincent at mightyoaks.com (David Vincent)
Subject: http://www.theregister.co.uk/content/55/31353.html

would ya look at that!  donnie weiner made the news...

-d

---------------

http://www.theregister.co.uk/content/55/31353.html
Come up and see me some time
By Mike Kemp
Posted: 20/06/2003 at 17:14 GMT

 
WebcamNow, a streaming image service with more than 1.5 million users a
month, stores user ids and passwords in plain text in the registry of users'
computers.

The coding snafu, first spotted by bugwatcher Donnie Werner, was posted on
BugTraq on June 12. The error had not been fixed on June 18, when we signed
up for the service.

WebcamNow stores usernames and associated passwords in plaintext format in
the following registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\WebCamNow\Users\Name
HKEY_LOCAL_MACHINE\SOFTWARE\WebCamNow\Users\Password

As a result these details can be exposed to any local users who have the
permissions to view these directories, or any illegitimate intruder with the
tenacity to gain access to them.

The company has yet to make a formal comment.

Using WebcamNow's service right now may let you see the bored housewives
from the Midwest in sundry states of undress, but it could also allow system
intruders, or other legitimate local users, to see them too.

WebcamNow is "continually ranked as one of the top 10 "stickiest" Web sites
on the Net by Nielsen/NetRatings and Media Metrix". It may be "sticky" - but
secure? Patch, please. ? 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ