One Mans Blog
Specialization is for Insects.
Posted on Mar 28, 2007 - 12:43am by John P. in Security, Tutorials
That’s right. I hate to tell you folks, but if you give me 10 seconds alone with your computer I’ll not only get your user name and passwords to every mail box you have set up in Outlook and Outlook Express, but I’ll also be able to see every single login you have saved in your Internet Explorer auto-complete settings.
And I’ll do it all with this tiny little application. Don’t believe it? Fine, download it, unzip it and launch it. You’ll be instantly staring at all of the passwords you’ve ever told Microsoft to remember for you.
If that doesn’t make you paranoid… well, you just aren’t alive. So, what can you do about it?
I know I’m beginning to sound like a broken record to my regular readers when it comes to security paranoia, but I’d rather you be safe than sorry. And hey… at least One Man is looking out for you. 
 |
Get OMB via e-mail:
|
I use the "No Adverts for Friends" plugin by Donncha O Caoimh
That’s odd…no mac version.
Scary stuff.
How can Microsoft get so much wrong, when much smaller, poorer firms apparently have no such issues?
That Mac comment shows the very weakness that Hackers will exploit when they turn their beady eyes to the Mac…arrogance. The reason Mac users haven’t had to worry about security as much is because there were fewer Mac users around. But with their growth in popularity, they will begin to suffer the same attacks that PC users have suffered. With my Mac friends I use the analogy that it’s like a guy not wearing a condom during sex because he’s never caught any disease in the past. Past experience does not determine future experience. But as long a Mac users keep their noses in the air, they’ll never see the pit they are about to fall into.
Should I not be concerned that my AV had to delete the program, as it classed it as a virus? anyone else had this problem??
Damian,
Your Anti Virus or Anti Spyware program is right to disable this app because it is known to be used maliciously. However, the dangerous form is when this application is installed as payload from a piece of malware.
In other words. It is not dangerous for you to download and run it yourself, but it is dangerous if someone else sneaks it onto your computer (the point I was making exactly). And since your AV program doesn’t know who’s running it, it disables by default.
For more detail see the Computer Associates site here or here.
Still, the larger point is that this is a MAJOR flaw in the password security of the Microsoft product line.
John
http://www.stevengould.org has this which he coded himself. Doesnt show up as virii under NOD32 either. I’d like to see the source code.