Full Disclosure mailing list archives
Re: SMC Router safe Login in plaintext
From: Nicolas Couture <nc () stormvault net>
Date: Fri, 05 Sep 2003 07:40:43 -0700
On Wed, 3 Sep 2003, Schmehl, Paul L wrote:
Every ISP I've ever dealt with stores your password in plaintext. If this were not true, they would not be able to tell you what it is. Just call support, identify yourself and ask them to change your password for you.
I have to disagree with one point, it's not because they can tell you your password that it is stored in plain text.
The risk is that someone else could use your account to access the Internet. Apparently that's a risk the ISPs are willing to take. So exposing your ISP password in plaintext on your own computer is really no more of a risk than you are already exposed to.
I think that many ISPs are neglecting security to a point that is ridiculous. A simple yet stupid example is that I spent alot of my personal time with my ISP before I actually convinced them to add SSL support to one of their webservices that allows us, users, to change our passwords online. That is something trivial on a security point of vue. The sad part is their webservices where anyone could actually verify if an account name is valid and could even crack it's password because of their bad designs. All that to say paranoia is a good virtue.
That's why I use "throwaway" passwords for ISP access. They're worthless anyway.
I encourage this "strategy" and would even recommend using them whenever possible. Nicolas Couture _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: SMC Router safe Login in plaintext, (continued)
- Re: SMC Router safe Login in plaintext Kim Scarborough (Sep 03)
- Re: SMC Router safe Login in plaintext C. Church (Sep 03)
- Re: SMC Router safe Login in plaintext KF (Sep 03)
- Re: SMC Router safe Login in plaintext Jeremiah Cornelius (Sep 03)
- Re: SMC Router safe Login in plaintext Irwan Hadi (Sep 04)
- Re: SMC Router safe Login in plaintext KF (Sep 04)
- Re: SMC Router safe Login in plaintext morning_wood (Sep 04)
- Re: SMC Router safe Login in plaintext Paul Schmehl (Sep 03)
- Re: SMC Router safe Login in plaintext Justin (Sep 04)
- Re: SMC Router safe Login in plaintext Nicolas Couture (Sep 05)