| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4EE7047D.70309@gmail.com> Date: Tue, 13 Dec 2011 08:53:33 +0100 From: Fabio <ctrlaltca@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: Firefox forensics with SQLite Manager at InfoSec Institute On 12/12/2011 18:30, Adam Behnke wrote: > Hello, a recent article here on how to perform forensics investigations > on Firefox with SQLite Manager: > > > > http://resources.infosecinstitute.com/firefox-and-sqlite-forensics/ > > > > This is relevant because it is easy to install, doesn’t require you to > buy a $4,000 forensic software tool (Encase, FTK, etc.), and gives you > lots of good data on forms, cookies, addons, extension, SSL sessions, etc. > > > > Your thoughts? > ---8-<--- Signons – this is a repository of all places that the user has kept their username and login stored in the browser. All the passwords are hashed, but using rainbow tables they can be guessed depending on how the user manages password security. --->-8--- Can you elaborate on that? I thought that just extracting the profile directoy and loading it on a portable installation is enough to view saved passwords.. Firefox needs to be able to use their plaintext-version when logging on a website form, so it needs to use two-way cryptography. I guess you just mean "if the user set a master password or not", or am i missing something? Fabio Bas _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists