Language Selection

English French German Italian Portuguese Spanish

GNOME Cleartext Passwords: Bug or Feature?

Filed under
Software
Security

The current discussion in the Ubuntu forums is about a possible security hole in GNOME, specifically about GNOME registered users having their passwords appear as cleartext on the keyring. Not a bug, say its defenders, but the security concept behind the GNOME keyring.

In the discussion thread, the discoverer of the "blatant security flaw" gave an example of how it happens in Ubuntu 9.10. The user starts Ubuntu and registers on the desktop. The path through the Applications | Accessories | Passwords and Encryption Keyrings menus arrives at the keyring manager. Clicking on the Login folder shows the application processes and programs (including WLAN and mail accounts) and their respective passwords.

A right mouse click on an entry shows a context menu of properties, one of its tab being for keys. Clicking Password pops up a screen asking whether keyring access is allowed, for which no restrictions exist. The passphrase then appears and can be viewed as cleartext.

Rest Here




More in Tux Machines

today's howtos

UKSM Is Still Around For Data Deduplication Of The Linux Kernel

Several years back we wrote about Ultra Kernel Samepage Merging (UKSM) for data de-duplication within the Linux kernel for transparently scanning all application memory and de-duping it where possible. While the original developer is no longer active, a new developer has been maintaining the work and continues to support it on the latest Linux kernel releases. Read more

Why Dell’s gamble on Linux laptops has paid off

The whole juggernaut that is now Linux on Dell started as the brainchild of two core individuals, Barton George (Senior Principal Engineer) and Jared Dominguez (OS Architect and Linux Engineer). It was their vision that began it all back in 2012. It was long hours, uncertain futures and sheer belief that people really did want Linux laptops that sustained them. Here is the untold story of how Dell gained the top spot in preinstalled Linux on laptops. Where do you start when no one has ever really even touched such a concept? The duo did have some experience of the area before. George explained that the XPS and M3800 Linux developer’s laptops weren’t Dell’s first foray into Linux laptops. Those with long memories may remember Dell testing the waters for a brief while by having a Linux offering alongside Windows laptops. By their own admission it didn’t work out. “We misread the market,” commented George. Read more Also: New Entroware Aether Laptop for Linux Powered with Ubuntu

A Short MATE Desktop 1.17 Review in February 2017

MATE 1.17 is a testing release, it has no official announcement like 1.16 stable release (odd = unstable, even = stable). But what made me interested is because Ubuntu MATE 17.04 includes it by default so I write this short review. The most fundamental news is about MATE Desktop is now completely ported to GTK+3 leaving behind GTK+2. You may be interested seeing few changes and I have tried Ubuntu MATE 17.04 Alpha 2 to review MATE 1.17 below. Enjoy MATE 1.17! Read more Also: What's up with the hate towards Freedesktop?