Passwords Can Sit on Hard Disks for Years 449
CygnusXII writes ""As people spend more time on the web and hackers become more sophisticated, the dangers of storing personal information on computers are growing by the day, security experts say. There are some obvious safeguards, such as never allowing your computer to store your passwords. But even that is no guarantee of security." "
P2P (Score:5, Insightful)
Passwords can sit anywhere for years (Score:3, Insightful)
The real question is, if a password's that old, what use SHOULD it still have? Hopefully, people adopt policies where they update passwords every month, or few months, especially if it's dealing with anything financial/uber personal (doctor's records.. etc).
Get real, stop trying to scare us with your security warnings; just educate people to change their passwords.
This seems more in the Hype threads (Score:2, Insightful)
of course, I've used the same password for years.. (Score:5, Insightful)
Now if I could only remember the combination to my safe.....
Just my 46fctfj6&*23's worth....
-Rick the WizKid
(oooops...)
all you can do is be careful (Score:3, Insightful)
pretty redundant stuff, but good advice that most people are too lazy to follow.
whats new (Score:1, Insightful)
The security of youre personal information (credit card number, password etc...) lies with the companies storing them.
We all know that hackers aquire passwords by hacking company's data bases. Until company's use stingent privacy and security procedures and implementnations the world wide web remain's a wild west show.
Greetings,
Lord Flashheart.
Stupid (Score:2, Insightful)
I'm assuming that a windows machine keeps a copy of every username and a passord hash (NTLM?) used to log in to any domain locally somewhere on the harddrive.
That is scary news really especially in hotdesk/shared desktop environments.
Isn't there something along the lines of "Client side security is no security at all" in Microsofts security axioms. Can't even follow their own standards.
I can't quite see the point (Score:3, Insightful)
I suppose there's an argument about someone getting the passwords off old machines that have been thrown out. But even then, surely any respectable business will use some software to scrub out all the last traces of sensitive data on any hard drives they're dumping.
An encrypted hard drive wouldn't protect against a key logger. It would protect sensitive data against physical theft, I suppose. But I wouldn't call that "hacking".
Re:Mac OS X and Pastor (Score:3, Insightful)
There is still a security risk. What if someone gets you Pasotr password. Then they can have them all.
You must be new here. You can *always* use that argument. Someone can *always* install a key recorder or watch you type in your password. Security is about raising barriers, not about thinking/searching for somthing that will solve the impossible.
Holy Crap! (Score:2, Insightful)
In fact.. such operating systems are DESIGNED to write to the hard disk..
(like someone said above.. someone just discovered the swap/page file)
I think the author needed to be alittle more articulate with the wording.
But which is more likely... (Score:3, Insightful)
Bottom line, patch your software, get a firewall, be carfeul about opening email, don't use IE or Outlook, and do virus/spyware scans regularly. You'll be safe from all but the most determined hackers, and they don't care about your password.
Re:Hehe (Score:5, Insightful)
Re:Repairs (Score:3, Insightful)
Even tho in the course of sorting out a mess, I may need to use your passwords and look through your files, the *content* goes in one eyeball and out the other. I just don't CARE what's on your hard disk. Your personal life isn't that interesting. I have a million files and passwords and accounts of my own; I don't need to be burdened with yours.
And I think you'll find that's the attitude any mature tech has. It's pimply kids still at the "overly curious" phase of life (or people who never matured beyond the snoopy stage) who will root through your data just because they CAN.
Trouble is, you don't always have control over who works on your machine. And no amount of privacy laws or industry guarantees can stop some kid from snooping when no one is looking.
Re:Mac OS X and Pastor (Score:3, Insightful)
Re:Rubbish! (Score:4, Insightful)
That's a flat out lie.
$ man mlock
MLOCK(2) Linux Programmer's Manual MLOCK(2)
NAME
mlock - disable paging for some parts of memory
Indeed, and under Windows (quoted from msdn.microsoft.com):
The VirtualLock function enables a process to lock one or more pages of committed memory into physical memory (RAM), preventing the system from swapping the pages out to the paging file.
Re:Hehe (Score:3, Insightful)
Flamebait? Give me a break. Obviously a MS Fanboy.
Don't assume incompetence. Sometimes, portions of the registry just become unrecoverable and unrepairable, through no fault of anyone other than MS. Yes, I'm aware that there's a way to completely back them up and replace them, but sometimes, that's moot when the initial backup is already corrupted. With a good initial hardware/software setup and proper precautions, I too can run a system for years and years, and never have it degrade. (Ran a datacenter for about 4 years) Still, this doesn't address the fragility of MS OSes. Oh, and I have a 95 system that's been up since 96. Big deal.
Re:No Guarantee of Security?!?! (Score:4, Insightful)
Of course, because everyone knows that retailers all use crackerjack security and are completely impenetrable by malicious forces.
(Everyone always forgets that these are two-party-- or more-- transactions.)
Re:I think maybe it can (Score:3, Insightful)
Even if your standard RAM didn't have any chance of storing recoverable data, I'd bet any spooks worth their salt would do it anyway. There always the chance someone could have substituted in some flash-ram backed 'custom' jobbies.