|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[ISN] Come up and see me some time
From: InfoSec News (isn
c4i.org)
Date: Mon Jun 23 2003 - 02:58:19 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
http://www.theregister.co.uk/content/55/31353.html
By Mike Kemp
20/06/2003
WebcamNow, a streaming image service with more than 1.5 million users
a month, stores user ids and passwords in plain text in the registry
of users' computers.
The coding snafu, first spotted by bugwatcher Donnie Werner, was
posted on BugTraq on June 12. The error had not been fixed on June 18,
when we signed up for the service.
WebcamNow stores usernames and associated passwords in plaintext
format in the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\WebCamNow\Users\Name
HKEY_LOCAL_MACHINE\SOFTWARE\WebCamNow\Users\Password
As a result these details can be exposed to any local users who have
the permissions to view these directories, or any illegitimate
intruder with the tenacity to gain access to them.
The company has yet to make a formal comment.
Using WebcamNow's service right now may let you see the bored
housewives from the Midwest in sundry states of undress, but it could
also allow system intruders, or other legitimate local users, to see
them too.
WebcamNow is "continually ranked as one of the top 10 "stickiest" Web
sites on the Net by Nielsen/NetRatings and Media Metrix". It may be
"sticky" - but secure? Patch, please.
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomoattrition.org with 'unsubscribe isn'
in the BODY of the mail.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]