Slashdot Mirror

← Back to Stories (view on slashdot.org)

Passwords Can Sit on Hard Disks for Years

Posted by CmdrTaco on from the my-password-is-31337 dept.

CygnusXII writes ""As people spend more time on the web and hackers become more sophisticated, the dangers of storing personal information on computers are growing by the day, security experts say. There are some obvious safeguards, such as never allowing your computer to store your passwords. But even that is no guarantee of security." "

9 of 449 comments (clear)

  1. Well, we can always do like in MacGyver by 192939495969798999 · · Score: 5, Interesting

    My favorite MacGyver episodes were the ones where he used fingerprinting dust to read the numbers on a keypad. Of course, anyone using the keypad for a password is only going to press the keys involved in the password.

    The most dangerous thing to security is people. Why go routing around on a hard drive when you can just ask someone what the password is, and they'll probably tell you anyways?

    --
    stuff |
  2. Re:Hehe by Reziac · · Score: 5, Interesting

    That was my thought too...

    Back in the Win3.1x era, when the typical swapfile was still small enough to peruse with a hex editor, I cruised through my permanent swapfile with LIST, just to see what was being dumped out of RAM. I found data in there that was identifiably over 3 years old. And therein, I also found some passwords archived -- as plaintext.

    Not to mention logfiles; I have some that stretch back several years, and I'm sure I'm not alone.

    So I don't find this exactly "news" either. Then again, I could turn this into a rant on the "expertise" of the typical tech journalist... (one of my PC maintenance clients is one. Regular exposure has given me a complete lack of respect for the breed.)

    --
    ~REZ~ #43301. Who'd fake being me anyway?
  3. Find them using Kazaa by Drunken_Jackass · · Score: 4, Interesting

    You'd be amazed what you can find on Kazaa when you search for documents with password or resume or account as the keyword. People don't realize that you don't need to be a hacker to break into your machine - just someone with access to the folder you share on and P2P network...which, if it happens to be your My Documents folder....look out.

    --
    There are 01 types of people in this world. Those that understand binary, and me.
  4. OpenBSD by GlobalEcho · · Score: 4, Interesting

    OpenBSD encrypts the swap space by default, specifically to avoid these problems. I would hazard a guess somebody has hacked Linux to do the same, but I haven't seen it.

    Of course, if you have so much RAM that you never swap, this is less of an issue.

  5. Re:No Guarantee of Security?!?! by harrkev · · Score: 4, Interesting

    Of course there is a guarantee...

    Just buy a boatload of ram and disable virtual memory. Problem solved.

    Of course, you could always use Knoppix or something similar whenever buying on-line. This would also solve the problem for the truly paranoid.

    --
    "-1 Troll" is the apparently the same as "-1 I disagree with you."
  6. Protective measures by Woogiemonger · · Score: 4, Interesting

    Some basic tips that not enough people know, in no particular order:

    1. Make sure you have a firewall configured to allow incoming connections from only ports you need open. You might be able to do just fine with no incoming connections allowed at all.
    2. Have an updated virus checker.. Norton or Mcafee. By updated, I mean having it auto-update for you. Have it check every file accessed on media accessed by the computer, and email. At the very least, all the incoming media and email should be scanned on the fly, but outgoing is a good idea too.
    3. Use Spybot or Ad Aware at least once a month to scan for spyware. Also keep these updated. I forget if they auto-update, but just be sure it checks for updates before you run them.
    4. Only use credit cards that keep you free of liability for any fraud.
    5. Buy a separate unnetworked little organizer with a keyboard to store hints to remember your passwords. Don't store the actual password.
    6. Cancel credit cards you don't use.
    7. Photocopy the backs and fronts of all the credit/debit cards you use and whatever else you keep in your wallet. Write in the customer service phone numbers if they're not clear.
    8. Have Windows auto-update and auto-install all critical patches, or keep your Linux distro updated.
    9. Don't open email attachments that you have no reason to trust, and certainly not until you have antivirus software checking incoming emails.

  7. Eraser will help by stecoop · · Score: 4, Interesting

    Go download Eraser. It will erase empty space and swap files using DoD mil quality and even higher. It will erase empty space on your drive while you sleeping swiping it clean of bits 32 times over. On shutdown it will erase the swap file with the same quality. You can also get the source code and make it better if you want.

    I have mine run once a week. I'm more concerned of my hard drive failing having to returning it under warranty and someone else receiving that drive they could then retrieve my data.

  8. Re:Repairs by Woy · · Score: 4, Interesting

    I have a computer services company, and a client of ours, a lawyer, never ever lets his computer out of his office. All repairs, no matter what, are done in his office, under his scrutiny. He has no problems paying for it, he says he is required by law (we are in Spain) to be sure that his clients' data is safe at all times. There just isn't another option.

    --
    "If God created us in his own image we have more than reciprocated." - Voltaire
  9. Re:Hehe by Reziac · · Score: 4, Interesting

    Nah, reinstalling is just a sign of incompetence at dealing with Windows. And I mean that seriously. On average it takes Win32 about 3 years of average-user neglect and outright abuse to get to the point where it's nonfunctional, and even then it's recoverable with simple maintenance procedures.

    As a SOHO tech, my job is not just to get the machine working, but also to get it to the state the client expects it to be in -- with all his apps and data intact (whether he has a good backup or not). I've only had to reinstall Windows *once*, and that was due to AOL5 FUBAR'ing both DUN and the entire WinEx/IE setup -- on a system that had gone five years with a PEBKAC owner and ZERO maintenance. I find it is faster and easier to resurrect the system than to hope to find all the body parts (apps, data, passwords, settings, CD keys, etc, etc.) and reinstall them where someone else expects them to be.

    Of course, this is why my clients won't let anyone else touch their PCs, either :)

    My own everyday setups date back to 1998 (Win95), 2001 (Win98), 1999 (WinME -- hasn't crashed since Sept.99, and this is a test box!!), 2002 (XP Pro). Plus I have a couple part-time-use Win95 machines that date back to '95 and '96. And my Win16 setup (1994) was finally retired at 7 years old. All are original installs and all work their asses off. -- I hadn't looked in WFWG's swapfile in some time, but it's a safe bet that if I inspect the CD where it's archived, I'll find data in the perserved swapfile that is now over 10 years old.

    --
    ~REZ~ #43301. Who'd fake being me anyway?