|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: netscape POP3 passwd and mails prefs
From: Simon (sim.vuille
URBANET.CH)Date: Wed Apr 19 2000 - 05:03:33 CDT
- Next message: Robert Sherman: "Re: netscape POP3 passwd and mails prefs"
- Previous message: Todd Sabin: "pwdump2 for Active Directory"
- Next in thread: Robert Sherman: "Re: netscape POP3 passwd and mails prefs"
- Reply: Robert Sherman: "Re: netscape POP3 passwd and mails prefs"
- Reply: Alexandre Da Fonseca: "Re: netscape POP3 passwd and mails prefs"
- Reply: Hans Aikema: "Re: netscape POP3 passwd and mails prefs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ok, I just wanted to point out a few stuff that probably everybody knows
already, but which are of importance, so in case you didn't know, it
might be of great help.
I browsed the netscape preferences for my user and discovered a few
interesting files, first of all
liprefs.js
ok, so, it's basically every preference for your user, anything, from
background color to all the mime types. Anyway, let's get to the
interesting security things, ok, so, I hope you are aware that your mail
login is in cleartext look at this property :
("mail.pop_name", "myloginstandshere")
just after that, whe got
"mail.pop_password", "IKyLOqrMOTE=")
which is your password, ENCODED, ouch, I feared the worst.
Anyway, I just believe that having the login in clear is a real treat,
and even if I don't know what encrypt. they use or how to decrypt it, I
would be very interested if anybody knows how to decrypt this.
One beer for the one who tell me my password.
Ok, let's move to the even worse thing : In your user prefs, there's a
mail folder, and in it, there's a text file for every mailfolder you
created in netscape (inbox, sent....) well, let me tell you that, for
some reason, netscape doesn't erase the mails, my file inbox file was
80megs big for only 20 msg in it, huhuh, I opened it, and, after a long
wait (try to open a 80 meg text file on a 133mhz !) I discovered all the
mails I had received for years, they were in clear text.
Ok, now, could it be true that netscape engineers are weenies ?
Sim
PS tests made on mac, but win 9x is very probably the same. netscape
4.7, netscape 4.x is probably the same. Sorry but I had no windoze
around this place.
_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net
- Next message: Robert Sherman: "Re: netscape POP3 passwd and mails prefs"
- Previous message: Todd Sabin: "pwdump2 for Active Directory"
- Next in thread: Robert Sherman: "Re: netscape POP3 passwd and mails prefs"
- Reply: Robert Sherman: "Re: netscape POP3 passwd and mails prefs"
- Reply: Alexandre Da Fonseca: "Re: netscape POP3 passwd and mails prefs"
- Reply: Hans Aikema: "Re: netscape POP3 passwd and mails prefs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]