T/A Quark Automation, Quark AudioVisual, Quark IT
> >
> >
> >> -----Original Message-----
> >> From: Aditya K Sood [mailto:[EMAIL PROTECTED]
> >> Sent: Wednesday, 17 September 2008 10:41 PM
> >> To: bugtraq@securityfocus.com
> >> Subjec
Memisyazici, Aras wrote:
> John:
>
> Thank you for your reply.
>
> Indeed, as I tried to explain in my previous reply, my "suggestion" in
> obscurity as a means of securing things, was not meant as (encryption of
> encryption) ^ ?, rather building another barrier to make it "harder" for
> co
strator
Virginia Tech
From: John Bailey [mailto:[EMAIL PROTECTED]
Sent: Thu 9/18/2008 5:44 PM
To: Memisyazici, Aras
Cc: bugtraq@securityfocus.com; Siim Põder
Subject: Re: Pidgin IM Client Password Disclosure Vulnerability.
On Thu, Sep 18, 2008 at 03:16:18PM -0400,
Memisyazici, Aras wrote:
whereby they take a hash of the password, with a non-std. hashing
mechanism. The idea being that in today's world where there are so
many scr1pt-kiddi3 toolz out there allowing the avg. Joe Schmoe the
capability of analyzing one's memory processes i.e. Tsearch, memhack
et
On Thu, Sep 18, 2008 at 03:16:18PM -0400, Memisyazici, Aras wrote:
> While I agree with your comments, I cannot help but suggest that maybe the
> method of choice could be 'security through obscurity' whereby they take a
> hash of the password, with a non-std. hashing mechanism. The idea being th
s :)
Just a thought,
Aras 'Russ' Memisyazici
Systems Administrator
Virginia Tech
-Original Message-
From: Siim Põder <[EMAIL PROTECTED]>
Sent: Thursday, September 18, 2008 12:58 PM
To: bugtraq@securityfocus.com
Subject: Re: Pidgin IM Client Password Disclosure Vulnerabili
Hi.
Aditya K Sood wrote:
> The pidgin client inherits client side password disclosure
> vulnerability. The credentials used to
> connect to the required service i.e. username and password is not
> encrypted properly. The credentials
what do you propose? encrypt the password and store the encrypti
d [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, 17 September 2008 10:41 PM
> To: bugtraq@securityfocus.com
> Subject: Pidgin IM Client Password Disclosure Vulnerability.
>
> Pidgin IM Client Password Disclosure Vulnerability.
>
> *Version Affected:*
> 0.7.10 Unicode / Previou
al Message-
From: Aditya K Sood [mailto:[EMAIL PROTECTED]
Sent: Wednesday, 17 September 2008 10:41 PM
To: bugtraq@securityfocus.com
Subject: Pidgin IM Client Password Disclosure Vulnerability.
Pidgin IM Client Password Disclosure Vulnerability.
*Version Affected:*
0.7.10 Unicode / Previous vers
Pidgin IM Client Password Disclosure Vulnerability.
*Version Affected:*
0.7.10 Unicode / Previous version can be affected.
*Release Date:*
11 September 2008
*About:*
Pidgin is a graphical modular messaging client based on libpurple which
is capable
of connecting to AIM, MSN, Yahoo!, XMPP, ICQ
10 matches
Mail list logo