[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <6130FAF67D15D411BF7100E01899071F5F978E@stork.mightyoaks.local>
From: david.vincent at mightyoaks.com (David Vincent)
Subject: http://www.theregister.co.uk/content/55/31353.html
would ya look at that! donnie weiner made the news...
-d
---------------
http://www.theregister.co.uk/content/55/31353.html
Come up and see me some time
By Mike Kemp
Posted: 20/06/2003 at 17:14 GMT
WebcamNow, a streaming image service with more than 1.5 million users a
month, stores user ids and passwords in plain text in the registry of users'
computers.
The coding snafu, first spotted by bugwatcher Donnie Werner, was posted on
BugTraq on June 12. The error had not been fixed on June 18, when we signed
up for the service.
WebcamNow stores usernames and associated passwords in plaintext format in
the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\WebCamNow\Users\Name
HKEY_LOCAL_MACHINE\SOFTWARE\WebCamNow\Users\Password
As a result these details can be exposed to any local users who have the
permissions to view these directories, or any illegitimate intruder with the
tenacity to gain access to them.
The company has yet to make a formal comment.
Using WebcamNow's service right now may let you see the bored housewives
from the Midwest in sundry states of undress, but it could also allow system
intruders, or other legitimate local users, to see them too.
WebcamNow is "continually ranked as one of the top 10 "stickiest" Web sites
on the Net by Nielsen/NetRatings and Media Metrix". It may be "sticky" - but
secure? Patch, please. ?
Powered by blists - more mailing lists