Tag Archive | Plaintext

Saved passwords vulnerability still exists in some web browsers

 

Say you are on the Gmail login page and the web browser, as always, has auto-filled the username and passwords fields for you.

This is convenient because you can sign-in to your account with a click but because you have not been typing these saved passwords for a while now, you don’t even remember the Gmail password anymore.

All web browsers, for security reasons, mask the password fields in login forms behind asterisk characters thus making it impossible for passersby to see your secret string.

There’s however an easy workaround that will let you convert those asterisks into the actual password and you don’t need any external utilities or bookmarklets for this. Here’s how:

Full Story at Labnol

r00tbeersec Returns with Philips Hack

 

Today, it has been discovered r00tbeersec making its return with the hack on Philips. As we reported yesterday, r00tbeersec is a new hacking group apparently wanting to make a grand entrance in to the hacking world. Plaintext passwords were revealed in the hack against Philips. First AMD…now Philips. For those who don’t know, Philips is a Dutch-based technology extraordinaire.

Anyway, Philips is the victim of a few small SQL database leaks. Maybe a few skiddie SQL hacks. In the databases that were leaked, phone numbers, passwords and hashes, and even addresses were leaked. These databases were storing plaintext passwords, which is known to be quite a vulnerability. Those passwords should be in encrypted databases, not in plaintext.

Of course, poorly chosen passwords were found, just like a poor database (unencrypted). All in all, their company was just waiting/asking to be attacked, per speculation. And of course, r00tbeersec wanted to show off their 200,000 spilled email addresses.

In case you’re wondering, password security is still a problem. Read more here.

Need more Speed? Check for PC issues causing slowdown and try out Speed Tools to improve PC Speed.

%d bloggers like this: