Language Selection

English French German Italian Portuguese Spanish

GNOME Cleartext Passwords: Bug or Feature?

Filed under
Software
Security

The current discussion in the Ubuntu forums is about a possible security hole in GNOME, specifically about GNOME registered users having their passwords appear as cleartext on the keyring. Not a bug, say its defenders, but the security concept behind the GNOME keyring.

In the discussion thread, the discoverer of the "blatant security flaw" gave an example of how it happens in Ubuntu 9.10. The user starts Ubuntu and registers on the desktop. The path through the Applications | Accessories | Passwords and Encryption Keyrings menus arrives at the keyring manager. Clicking on the Login folder shows the application processes and programs (including WLAN and mail accounts) and their respective passwords.

A right mouse click on an entry shows a context menu of properties, one of its tab being for keys. Clicking Password pops up a screen asking whether keyring access is allowed, for which no restrictions exist. The passphrase then appears and can be viewed as cleartext.

Rest Here




More in Tux Machines

Top 3 open source alternatives to Google Analytics

Let’s start off by taking a look at the open source application that rivals Google Analytics for functions: Piwik. Piwik does most of what Google Analytics does, and chances are it packs the features that you need. Those features include metrics on the number of visitors hitting your site, data on where they come from (both on the web and geographically), from what pages they leave your site, and the ability to track search engine referrals. Piwik also has a number of reports and you can customize the dashboard to view the metrics that you want to see. To make your life easier, Piwik integrates with over 65 content management, ecommerce, and online forum systems like WordPress, Magneto, Joomla!, and vBulletin using plugins. With anything else, you just need to add a tracking code to a page on your site. Read more

AN EARLY VIEW OF GTK+ 3.16

We’ve had long-standing feature requests to turn scrollbars into overlayed indicators, for touch systems. An implementation of this idea has been merged now. We show traditional scrollbars when a mouse is detected, otherwise we fade in narrow, translucent indicators. The indicators are rendered on top of the content and don’t take up extra space. When you move the pointer over the indicator, it turns into a full-width scrollbar that can be used as such. Read more

Linux Container Security

Hypervisors present a smaller attack surface than containers. This is somewhat mitigated in containers by using seccomp, selinux and restricting capabilities in order to reduce the number of kernel entry points that untrusted code can touch, but even so there is simply a greater quantity of privileged code available to untrusted apps in a container environment when compared to a hypervisor environment[1]. Read more