Are you sure you’re the only one with access to that password you ‘recovered’? Think again


	Are you sure you’re the only one with access to that password you ‘recovered’? Think again

brightlight4

2-2-2009 12:09 PM

190 views

brightlight4 says:

It’s well known that the biggest threat to sensitive data comes from the inside. Connecting the dots, it’s not inconceivable that some insider at some Web service provider somewhere might be throwing a sniffer on the local area network to capture passwords that, in the course of their recovery, are viewable as clear text.

The risk varies from one service provider to the next and from one password to the next. For example, if for certain services you use the same, easy to remember innocuous password that, if discovered, wouldn’t matter anyway, then there’s little risk. If however, a password that also protects your access to more sensitive systems (eg: your bank) is showing up in a password recovery routine that e-mails that password to you in clear text, the risk is significantly higher.

From online service to online service, the techniques vary. For example, some will e-mail a temporary password and force you to reset it on the next login. Others will mail you a URL that you m

1 Comment |

Add a Comment

2-2-2009 3:39 PM

tanyamm

That's why I never put anything on my computer that I would not be let viewed in public.

Login to Comment. Not a member yet? Sign up

Today's Top Clips

visit the Top Clips page

View the Top Clips from February 2, 2009

Embed This Clip In Your Site...

<div style="margin: 12px 0px; font-family: arial; color: #333333; background: #ffffff; border: solid 4px #e5e5e5; width: 100%; clear: left;"><div class="CM_CTB_Content_Wrap" style="margin: 0px; padding: 0px;background-color: #ffffff;"><div style="border-bottom: solid 1px #dcdcdc; white-space: nowrap; margin-bottom: 8px; background-color: #eeeeee ;background-image: url(http://clipmarks.com/images/source-bg.gif); background-repeat: repeat-x; height: 24px; line-height: 24px; vertical-align: middle; padding-bottom: 4px; color: #666666; font-size: 10px;" ><a href="http://clipmarks.com/clip-to-blog/" title="see clips that are hot right now"><img src="http://content.clipmarks.com/blog_embed/cc2c79fc-a4ce-4292-b6ca-fe869a311141/3EF77A72-7E1C-4E96-BE15-E8FFE9D1032C/" alt="" width="19" height="19" border="0" style="vertical-align: middle; margin: 0px 4px; display: inline; border: none; float:none;" /></a>clipped from <a title="http://blogs.zdnet.com/Berlind/?p=624" href="http://blogs.zdnet.com/Berlind/?p=624" style="font-size: 11px;">blogs.zdnet.com</a></div><blockquote style="text-align: left; padding: 0px 8px; margin: 4px 0px 8px 0px; background: transparent; border: none;" cite="http://blogs.zdnet.com/Berlind/?p=624"><H1><A title="Permanent Link to Are you sure you’re the only one with access to that password you ‘recovered’? Think again." rel="bookmark" href="http://blogs.zdnet.com/Berlind/?p=624">Are you sure you’re the only one with access to that password you ‘recovered’? Think again.</A></H1></blockquote><div style="height: 2px; font-size: 2px; background: #dcdcdc; border-bottom: solid 1px #f5f5f5; margin: 2px 4px;"></div><blockquote style="text-align: left; padding: 0px 8px; margin: 4px 0px 8px 0px; background: transparent; border: none;" cite="http://blogs.zdnet.com/Berlind/?p=624">not only are our passwords being passed around in clearly viewable text on public networks, but, for a short moment in time (but long enough for someone with a network sniffer or protocol analyzer to pick it up), they’re also being moved across the service provider’s local area network in clear text as well.  To be honest, I’m not nearly as concerned about the data going through the public network as I am about the service provider’s LAN (the one that the server spitting out the recovered passwords is sitting on).  That’s because of stories like <A href="http://www.washingtonpost.com/wp-dyn/content/article/2007/07/03/AR2007070300934.html?nav=rss_technology">the one from earlier this month</A> where an insider at one of <A href="http://financial.washingtonpost.com/custom/wpost/html-qcn.asp?dispnav=business&mwpage=qcn&symb=LION&nav=el">Fidelity National</A> Information Services subsidiaries “stole 2.3 million consumer records containing credit card, bank account and other personal information.” Or perhaps you recall <A href="http://blogs.zdnet.com/BTL/?p=1742">the story</A> of now ex-AOLer Jason Smathers (another inside job).</blockquote></div><div style="margin: 0px 6px 6px 4px;"><table style="font-size: 11px;border-spacing: 0px;padding: 0px;" cellpadding="0" cellspacing="0" width="100%"><tr><td style="background:transparent;border-width:0px;padding:0px;">&nbsp;</td><td align="right" style="background:transparent;border-width:0px;padding:0px;width:107px" width="107"><a href="http://clipmarks.com/share/3EF77A72-7E1C-4E96-BE15-E8FFE9D1032C/blog/" title="blog or email this clip"><img src="http://content6.clipmarks.com/images/c2b-foot.png" border="0" alt="blog it" width="107" height="17" style="border-width:0px;padding:0px;margin:0px;" /></a></td></tr></table></div></div>

New from the makers of Clipmarks: Amplify.com - Don't just share the news...Amplify it!

Clipmarks: Home; New Clips; Top Clips; Dashboard

Popular Topics: News; Life; Science; Technology; Entertainment

Get Started: Sign Up; Install Clipping Tool; How Clipping Works; Clip-to-Blog™; ClipSearch

Tools and Resources: FAQ; ClipWeek; Top Clippers; Top Tags; Site Map

About Clipmarks: About Us; Contact; Copyright; Privacy; EULA

Search Options

Today's Top Clips