Comments on: Pidgin may eat your password ! http://www.blog.manhag.org/2008/12/pidgin-may-eat-your-password/ Tue, 03 Aug 2010 10:10:43 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: kamasheto http://www.blog.manhag.org/2008/12/pidgin-may-eat-your-password/comment-page-1/#comment-189 kamasheto Tue, 23 Dec 2008 18:55:13 +0000 http://www.blog.manhag.org/?p=275#comment-189 O, thank you. I just need to clarify a little bit more the situation at hand. Pidgin did not rely on 3rd-party solutions to solve the problem -- they just covered it up the best way they could. They said, in honest plain words, they did not really pay any attention to securing the stored passwords. Then they elaborated that it's plain useless, because no matter how secure they tighten things at their end the protocol itself is still unsecure -- which does make sense to be honest. On top of all that, ALL other IM Messengers are vulnerable to having their passwords extrapolated -- just because Pidgin admitted it doesn't make it really that bad IMHO. O, thank you.

I just need to clarify a little bit more the situation at hand. Pidgin did not rely on 3rd-party solutions to solve the problem — they just covered it up the best way they could. They said, in honest plain words, they did not really pay any attention to securing the stored passwords.

Then they elaborated that it’s plain useless, because no matter how secure they tighten things at their end the protocol itself is still unsecure — which does make sense to be honest.

On top of all that, ALL other IM Messengers are vulnerable to having their passwords extrapolated — just because Pidgin admitted it doesn’t make it really that bad IMHO.

]]> By: Ahmed El Gamil http://www.blog.manhag.org/2008/12/pidgin-may-eat-your-password/comment-page-1/#comment-186 Ahmed El Gamil Mon, 22 Dec 2008 14:28:33 +0000 http://www.blog.manhag.org/?p=275#comment-186 You have a good point kamasheto, thanks for mentioning it :) the Open-source community is growing larger and larger and with very wise steps, even microsoft guys are convinced now by the concept :D but this doesn't means that i shouldn't warn other people if i find a particular flaw in a piece of FOSS i see Personally, i am not much in development but if i had the chance to develop something like this, i won't leave the security issue for 3rd-party software (like the UNIX permissions in our case here) to take care of it and just don't do anything about it, i know that using encryptions can sometimes be cracked and stuff like that, but at least blocked a huge amount of users from breaking it. and remember, <strong>pidgin developers said that this is a situation that could change in the future</strong> I will edit the post and add your quote so that every body will see it isA :) Thanks for passing by and for your valuable comment. You have a good point kamasheto, thanks for mentioning it :)
the Open-source community is growing larger and larger and with very wise steps, even microsoft guys are convinced now by the concept :D
but this doesn’t means that i shouldn’t warn other people if i find a particular flaw in a piece of FOSS i see

Personally, i am not much in development but if i had the chance to develop something like this, i won’t leave the security issue for 3rd-party software (like the UNIX permissions in our case here) to take care of it and just don’t do anything about it, i know that using encryptions can sometimes be cracked and stuff like that, but at least blocked a huge amount of users from breaking it.
and remember, pidgin developers said that this is a situation that could change in the future

I will edit the post and add your quote so that every body will see it isA :)
Thanks for passing by and for your valuable comment.

]]> By: kamasheto http://www.blog.manhag.org/2008/12/pidgin-may-eat-your-password/comment-page-1/#comment-184 kamasheto Mon, 22 Dec 2008 03:19:17 +0000 http://www.blog.manhag.org/?p=275#comment-184 I'm sure you don't really mean it this way, but this gives a bad impression about the open-source concept generally and this application in specific. I'm sure you've read the entire article they wrote on their wiki, but just to make sure everyone else gets the image I'd like to quote them: <blockquote cite="http://developer.pidgin.im/wiki/PlainTextPasswords">"But other programs don't store my password in plain text!" That's true. But few of them store it in a way that's any safer. A Google search for im passwords shows a bunch of hits for getting the passwords out of other IM clients just as easily as Pidgin. </blockquote> Bottom line is, all IM clients are insecure and open to the same vulnerability. All of them. I’m sure you don’t really mean it this way, but this gives a bad impression about the open-source concept generally and this application in specific. I’m sure you’ve read the entire article they wrote on their wiki, but just to make sure everyone else gets the image I’d like to quote them:

“But other programs don’t store my password in plain text!”

That’s true. But few of them store it in a way that’s any safer. A Google search for im passwords shows a bunch of hits for getting the passwords out of other IM clients just as easily as Pidgin.

Bottom line is, all IM clients are insecure and open to the same vulnerability. All of them.

]]> By: Ahmed El Gamil http://www.blog.manhag.org/2008/12/pidgin-may-eat-your-password/comment-page-1/#comment-165 Ahmed El Gamil Sun, 14 Dec 2008 23:56:17 +0000 http://www.blog.manhag.org/?p=275#comment-165 @MMF: are you using Linux now ? :) @Mo3taz: الموضوع و ما فيه ان المبرمجين اللى عمله بيدجين يا معتز أعتمدوا على انهم يأمنوا بيدجين عن طريق 3rd party software و ده طبعاً مشكلة كبيرة لأن اصلاً معظم المستخدمين بينزلوا البرنامج و اول ما يشتغل يبقا تمام كده و مبيعمولش اى حاجة تانية عشان يأمنوا النظم سيبك انتا أخبار الجاجا ايه معاك ؟ :) @MMF:
are you using Linux now ? :)

@Mo3taz:
الموضوع و ما فيه ان المبرمجين اللى عمله بيدجين يا معتز أعتمدوا على انهم يأمنوا بيدجين عن طريق
3rd party software
و ده طبعاً مشكلة كبيرة لأن اصلاً معظم المستخدمين بينزلوا البرنامج و اول ما يشتغل يبقا تمام كده و مبيعمولش اى حاجة تانية عشان يأمنوا النظم
سيبك انتا أخبار الجاجا ايه معاك ؟ :)

]]> By: Mo3taz http://www.blog.manhag.org/2008/12/pidgin-may-eat-your-password/comment-page-1/#comment-162 Mo3taz Sun, 14 Dec 2008 19:36:17 +0000 http://www.blog.manhag.org/?p=275#comment-162 شكرا يا أحمد على المعلومة ده هو الأوبن سورس حلو بس مش أوبن للدرجة ده على اللينوكس ممكن الصلاحيات تحد من المشكلة ده لكن على الويندوز ده كارثة ما بعدها كارثة شكرا يا أحمد على المعلومة ده
هو الأوبن سورس حلو بس مش أوبن للدرجة ده
على اللينوكس ممكن الصلاحيات تحد من المشكلة ده لكن على الويندوز ده كارثة ما بعدها كارثة

]]> By: MMF http://www.blog.manhag.org/2008/12/pidgin-may-eat-your-password/comment-page-1/#comment-159 MMF Sun, 14 Dec 2008 01:47:09 +0000 http://www.blog.manhag.org/?p=275#comment-159 really thanks , AHMED :) i will install the Password Encryption plugin thanks again :) really thanks , AHMED :)
i will install the Password Encryption plugin
thanks again :)

]]> By: bingorabbit http://www.blog.manhag.org/2008/12/pidgin-may-eat-your-password/comment-page-1/#comment-157 bingorabbit Sat, 13 Dec 2008 20:15:14 +0000 http://www.blog.manhag.org/?p=275#comment-157 I had two comments held for moderation on my blog too, strange? I had two comments held for moderation on my blog too, strange?

]]> By: Ahmed El Gamil http://www.blog.manhag.org/2008/12/pidgin-may-eat-your-password/comment-page-1/#comment-156 Ahmed El Gamil Sat, 13 Dec 2008 19:25:24 +0000 http://www.blog.manhag.org/?p=275#comment-156 Your are welcome ya mostafa :) I wonder why was your comment held for moderation, do you spam yabny ?! I really really love the new feature of commenting from the dashboard of WP :D, Thanks for BingoRabbit for fixing it .. Your are welcome ya mostafa :)
I wonder why was your comment held for moderation, do you spam yabny ?!

I really really love the new feature of commenting from the dashboard of WP :D , Thanks for BingoRabbit for fixing it ..

]]> By: TeVa http://www.blog.manhag.org/2008/12/pidgin-may-eat-your-password/comment-page-1/#comment-155 TeVa Sat, 13 Dec 2008 19:22:09 +0000 http://www.blog.manhag.org/?p=275#comment-155 Thanx alot 4 the notification. I checked the user privileges in my Ubuntu and i was amazed. What a stupid way!! I consider it's a axiomatic to secure every user's files like fedora. Finally I thanked ALLAH that my sisters don't know very much in linux otherwise my files will be in an open-air not only my passwords :mrgreen: بارك الله فيك :grin: Thanx alot 4 the notification.
I checked the user privileges in my Ubuntu and i was amazed.
What a stupid way!!
I consider it’s a axiomatic to secure every user’s files like fedora.

Finally I thanked ALLAH that my sisters don’t know very much in linux otherwise my files will be in an open-air not only my passwords :mrgreen:
بارك الله فيك
:grin:

]]> By: Ahmed El Gamil http://www.blog.manhag.org/2008/12/pidgin-may-eat-your-password/comment-page-1/#comment-151 Ahmed El Gamil Sat, 13 Dec 2008 03:19:13 +0000 http://www.blog.manhag.org/?p=275#comment-151 @Boody: LOL @ Pidgin security :D امن الحمام الزاجل :D @BingoRabbit: Yeah, I know that permissions are one approach to solve the problem, but note that <strong>not all the distro's out there provide such feature</strong>, for example: on ubuntu systems unprivileged users are allowed to read each other's home directories :D I will edit the post for more info on the topic after el fagr prayer isA :) Jzakom ALLAHu kher for the nice comment @Boody:
LOL @ Pidgin security :D
امن الحمام الزاجل :D

@BingoRabbit:
Yeah, I know that permissions are one approach to solve the problem, but note that not all the distro’s out there provide such feature, for example: on ubuntu systems unprivileged users are allowed to read each other’s home directories :D

I will edit the post for more info on the topic after el fagr prayer isA :)
Jzakom ALLAHu kher for the nice comment

]]>