Re: Another reason the new sandbox is the virtual machine...…

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMStephen at <-
.MJon Kettenhofen at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Michael Butash
Date:  
To: Main PLUG discussion list
Subject: Re: Another reason the new sandbox is the virtual machine..... Bad Chrome disSecurity
It's amazing how weak most application security is, I haven't trusted
browser stored password security in a long time. Using lastpass now,
but I often wonder how good it really is.

Ever use pidgin (adium?)? Ever notice all the passwords are stored in
plain text in the config xml? Lots of things like that that are quite
stupid. I've *recovered* reused passwords a number of times via that
alone. Linux now uses the keyring at least, win/mac, not so much.

Full disk encryption everywhere possible anymore - luks works reliably
for me under linux.

-mb



On 08/06/2013 12:06 PM, Stephen wrote:
> I just did a very quick check of this, Chrome, FireFox and safari all
> have this data stored in a reversible fashion on both Mac and Windows.
>
> safari at least prompts you for the user login to show this data.
>
> IE seems to not allow you to retrieve the password without 3rd party
> utilities.
>
> This certainly makes me review my personal choices of full dis
> centryption and physical security of my computer.
>
>
> On Tue, Aug 6, 2013 at 11:41 AM, Ed <
> <mailto:plug@0x1b.com>> wrote:
>
>     http://blog.elliottkember.com/chromes-insane-password-security-strategy

>
>     is Chrome the new attack vector to your stored passwords in other
>     browsers? would a master password protect against this kind of slurp?
>     Han's presentation at the last East Side PLUG meeting was really on
>     point - thx
>     ---------------------------------------------------
>     PLUG-discuss mailing list - 
>     <mailto:PLUG-discuss@lists.phxlinux.org>
>     To subscribe, unsubscribe, or to change your mail settings:
>     http://lists.phxlinux.org/mailman/listinfo/plug-discuss

>
>
>
>
> --
> A mouse trap, placed on top of your alarm clock, will prevent you from
> rolling over and going back to sleep after you hit the snooze button.
>
> Stephen
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: Another reason the new sandbox is the virtual machine..... Bad Chrome disSecurityHow to list a directory "all except"->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)