jwcolby
jwcolby at colbyconsulting.com
Mon Sep 26 06:40:56 CDT 2011
LOL, yea Firefox does the same thing. Not only that but each password is associated with the username and web site. so the list says Website, Username, password. Pretty much a shopping list of where to go and how to get in. John W. Colby www.ColbyConsulting.com On 9/26/2011 5:44 AM, Mark Breen wrote: > Hello All, > > Just thought I would share an experience with you. > > My brother (the security guy) dropped in on Friday morning. I was working, > building a pc at another desk and not using my own machine. He asked if he > could check his email. I said work away. > > Ten seconds later, he started calling out a bunch of my passwords that I use > for various services, websites etc. Of course some of them overlap and are > the same passwords. Can you guess how he did it? > > In Chrome you click the wrench, personal stuff and manage saved passwords. > in FF you click Tools options, privacy and saved passwords > probably IE has it also, but who uses that ! > > No encryption, no hashing, just passwords in clear text. > > So if someone gains access to your machine, you better hope you only have > saved your low security passwords in your browser. Can you be 100% sure you > did not accidentally save one of your important passwords? Can you be sure > you will not do so in the future. remember to check all browsers on your > machine. > > It was quite surprising to hear Stephen simply shout out my passwords like > that, within 10 seconds of sitting down. > > Mark > _______________________________________________ > dba-SQLServer mailing list > dba-SQLServer at databaseadvisors.com > http://databaseadvisors.com/mailman/listinfo/dba-sqlserver > http://www.databaseadvisors.com > >