Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Tool Reveals Internet Passwords

Posted by CmdrTaco on from the change-early-change-often dept.

wiredmikey writes "A new password cracking tool released today instantly reveals cached passwords to websites in Microsoft Internet Explorer, and mailbox and identity passwords in all versions of Microsoft Outlook Express, Outlook, Windows Mail, and Windows Live Mail."

3 of 140 comments (clear)

  1. Title is Inaccurate by Cytlid · · Score: 4, Informative

    It should read "New Tool Reveals Windows Passwords".

    --
    FLR
  2. Re:Prettier Tool, Old Exploit by ShadowRangerRIT · · Score: 5, Informative

    This is of course why Firefox (and I presume a few other browsers) have the option to protect your password cache with a master password. Instead of remembering every single user name and password, you can store them all behind encryption, but the key for this encryption is in your head, not the disk. Obviously still open to exploits if you're infected (pop up a fake window requesting the master password, hook the browser itself and read the keystrokes passed to it, etc.), but virtually any exploit that can grab the master password could grab the real passwords anyway, so the distinction is trivial. As long as your master password isn't "12345" of course.

    --
    $_ = "wftedskaebjgdpjgidbsmnjgcdwatb"; tr/a-z/oh, turtleneck Phrase Jar!/; print
  3. Firefox password security by bartwol · · Score: 3, Informative

    Firefox offers an option to use a [user-supplied] master password to encrypt/decrypt password data. If a Firefox user enables that functionality, then Firefox would not [by my guess] be vulnerable to an exploit strategy such as the one employed by this cracking product (which relies on rule-based keys instead of a user-supplied key). Firefox passwords may, however, be vulnerable to other cracking strategies.

    Here are some more details about how Firefox stores passwords.