Language Selection

English French German Italian Portuguese Spanish

Gnome Lets Anyone See Your Keyring Passwords

Filed under
Software
Security

A security hole in Gnome allows anyone to see your keyring passwords without needing to enter so much as a password.

The Issue
Despite needing to enter your root password to alter such basic things as CPU Scaling, you are not once prompted to enter it to access the Passwords and Encryption Keyring.

Ubuntu Forum user humphreybc, who first reported this anomaly on the Ubuntu Forums, posted a quick –step-through guide so you can see for yourself how dodgy this lapse is: -

1. Restart your computer and login. Do not enter any passwords after your desktop has loaded.

2. Go to Applications > Accessories > Passwords and Encryption Keyrings

3. Click on the 'Login' folder to drop down and view the programs that store data here.

4. Double click on something you want to look at.

5. Click Password to show some dots, then uncheck the box below the dots marked "Show password"

Rest Here




More in Tux Machines

Is Ubuntu moving away from .deb packages? Here is the complete story

Canonical loves to shake things up. After introducing Unity, HUD, Mir, Click and Snappy the sponsor of Ubuntu is now contemplating moving away from just .deb based desktop and adopting its own Snappy. Read more

Can funding open source bug bounties save Europe from mass-surveillance?

The report also suggests promoting open-source software as a way to build resilience to surveillance, which could be achieved by funding audits of important open-source software. Among several products it highlights is disk encryption software, TrueCrypt, which was recently subjected to a crowd-funded audit that was able to rule out the existence of NSA backdoors in the product. “TrueCrypt is a typical example of a problem of the commons: worldwide use of software package was probably dependent on two or three developers,” the study notes to highlight why funding open source projects may be valuable. Read more

Fedora 23 Release Schedule Published, the Distro Could Arrive on October 27

Now that the Beta version of the Fedora 22 Linux operating system is available for download and testing, the Fedora developers are discussing plans for the next release of the distribution, Fedora 23. Read more

Debian 8 and Mageia 5 RC Released Over the Weekend

What an exciting weekend that just passed. First up, the long-awaited Debian GNU/Linux 8.0 "Jessie" was released in live and traditional installation media. Elsewhere, Mageia 5 Release Candidate was released with UEFI support and other installation improvements. In addition, LibreOffice 4.3.7 was released Saturday as well. Read more