[ale] Mozilla strangeness
James P. Kinney III
jkinney at localnetsolutions.com
Wed Oct 27 19:34:39 EDT 2004
On Wed, 2004-10-27 at 15:27, Geoffrey wrote:
> James P. Kinney III wrote:
> > On Wed, 2004-10-27 at 09:15, Geoffrey wrote:
> >
> >> James P. Kinney III wrote:
> >>
> >>
> >>> Currently the calendar access is through a basic .htaccess form
> >>> that involves sending username and password. I have not checked
> >>> to see if the data is cached past a closing of the app yet.
> >>
> >> Then you should know that the password is passed in plai text when
> >> accessing it via the web anyway.
> >
> >
> > Yep. I was seeing as an office exploit (Fred goes to lunch and evil
> > Joe types access:config and gets his calendar and password. Then goes
> > in and "reschedules" some important meetings so evil Joe looks good
> > and Fred get fired).
>
> Fred's an idiot for leaving his box unprotected.
How true! Poor Fred is my generic test user (Fred Flintstone, lives in
Bedrock MA 90210 :). He racks up huge credit card bills testing payment
gateways and he is a total bozo about system security. The stupid putz
tried to change his password from pebble to "BAM BAM" where he just
pounded his hands on the keyboard. As you can imagine, it didn't work.
Now that that coniving, chuckling Barney rubble has his calendar
password, poor Fred bought flowers for his anniversary a week early,
missed a safety meeting at work and now is stuck on third shift since he
was an hour late to the schedule meeting.
--
James P. Kinney III \Changing the mobile computing world/
CEO & Director of Engineering \ one Linux user /
Local Net Solutions,LLC \ at a time. /
770-493-8244 \.___________________________./
http://www.localnetsolutions.com
GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
More information about the Ale
mailing list