Language Selection

English French German Italian Portuguese Spanish

Gnome Lets Anyone See Your Keyring Passwords

Filed under
Software
Security

A security hole in Gnome allows anyone to see your keyring passwords without needing to enter so much as a password.

The Issue
Despite needing to enter your root password to alter such basic things as CPU Scaling, you are not once prompted to enter it to access the Passwords and Encryption Keyring.

Ubuntu Forum user humphreybc, who first reported this anomaly on the Ubuntu Forums, posted a quick –step-through guide so you can see for yourself how dodgy this lapse is: -

1. Restart your computer and login. Do not enter any passwords after your desktop has loaded.

2. Go to Applications > Accessories > Passwords and Encryption Keyrings

3. Click on the 'Login' folder to drop down and view the programs that store data here.

4. Double click on something you want to look at.

5. Click Password to show some dots, then uncheck the box below the dots marked "Show password"

Rest Here




More in Tux Machines

Parted Magic 2014.11.19 Now Has Boot Repair Option

Parted Magic is a Linux distribution that features numerous tools for disk management, such as GParted and Parted. It’s one of the best distros of its kind, but also a commercial OS. Read more

With Assembly, anyone can contribute to open-source software and actually get paid

The open-source movement has produced some of the most widely utilized software in the world, a huge economic value driven by a widely dispersed community who believe contributing good work is often its own reward. Outside of the world of computer science, however, these strategies are still relatively niche. A San Francisco startup called Assembly is trying to change all that, by evolving the open-source model to easily incorporate disciplines outside coding and to include a shared profit motive as well. Today the company is announcing a $2.9 million round of funding it will use to help expand its platform. Read more

French, German, Dutch and Italian hackathons fuel UK ODF plugfest

Hackathons in Toulouse (France), Munich (Germany), Woerden (the Netherlands) and Bologna (Italy) involving software developers and public administrations, are providing input for the ODF Plugfest taking place in London on 8 and 9 December. The first four meetings involve developers working on the Open Document Format ODF and the LibreOffice suite of office productivity tools. The ODF Plugfest brings together multiple implementers and stakeholders of this document standard. The plugfest is aimed at increasing interoperability, tests implementations and discuss new features. Read more

Europe Commission approves Tradeshift data format for goverment purchasing

A product of OASIS, the Organization for the Advancement of Structured Information Standards, UBL was developed in a transparent standards-setting process over a period of 13 years by hundreds of leading business experts. OASIS is the same organization that created ODF, the Open Document Format (ISO/IEC 26300), a widely used International Standard for word processing. Read more