Re: Hotline Client Plain password vuln.

[macdaddy () neo pittstate edu]

The Mac client dates back to around the Fall of 1997 and it has always
done that.  All of Hotline's communication is plain text so I imagine the
authors figured there wasn't a need for encryption.  Just store the file
in a secure place like in your personal profile directory and you should
be fine.  I see it as no more insecure than a Netscape bookmarks file in
which you put your userid/passwd in a saved URL.

Justin

--
Justin Shore                    Pittsburg State University
Network & Systems Manager       Kelce 157Q
Office of Information Systems   Pittsburg, KS 66762
Voice: (620) 235-4606           Fax: (620) 235-4545
http://www.pittstate.edu/ois/

"Time spent tightening security at your site is best spent before a
break-in occurs. Never believe that your site is too small or of too
little consequence. Start out by being wary, and you will be more prepared
when the inevitable attack happens."

  -- "Sendmail, 2nd Edition" by Bryan Costales & Eric Allman for O'Reilly

On Thu, 28 Feb 2002, Rense Buijen wrote:

> Hello,
>
> I am using Hotline Client 1.8.5 from Hotline Communications Ltd on a
> windows XP platform. In this client you have the options to save
> bookmarks so you can easily connect to your sites.  When I was looking
> around in the "Bookmarks" dir (program files\hotline communications ltd)
> I saw that the bookmarks store your login, password and host in
> plaintext although it is a binary file. Has this been mentioned before?
> Is this normal or just a flaw from the creators?
>
> Cheers,
>
> Rens