Bugtraq mailing list archives
Re: @stake Security Advisory: NetZero Password Algorithm
From: Intrepid| <intrepid () POBOX COM>
Date: Mon, 31 Jul 2000 11:55:07 -0400
At 10:30 AM 7/18/2000 Tuesday, you wrote: [snip snip snip *ouch* snip snip snip] [After reading the rather lengthy advisory...] I agree that many vendors, including NetZero, may use poor algorithms to protect passwords. However, the advisory does use NetZero as the case example. And you can truly get the "password in less than a seconds time" without knowledge of the algorithm. No C program necessary. Just copy and paste the password from NetZero's logon screen into pretty much any text or word processing program. The asterisks will be converted to plain text. Yesterday, I discovered this wonderful feature because I forgot my NetZero password. I happened to have saved the advisory (as I use NetZero) and was cleaning out some old email this morning when I happened across it again. I believe this copy/paste "technique" is not uncommon and has been around for a long time. -My- first experience with this was on a 68k Mac about 5-6 years ago. Then it had something to do with improper uses of fonts. Pure speculation on my part, but I would not be surprised if that was the case for Windows as well. However, I have not and do not intend to look into this any more. Using NetZero Z3, version 3.0.4, on a Win98 box.
Current thread:
- Re: @stake Security Advisory: NetZero Password Algorithm der Mouse (Jul 20)
- <Possible follow-ups>
- Re: @stake Security Advisory: NetZero Password Algorithm Intrepid| (Jul 31)