[ISN] Come up and see me some time

From: InfoSec News (isnat_private)
Date: Mon Jun 23 2003 - 00:58:19 PDT

  • Next message: InfoSec News: "[ISN] Student arrested for allegedly hacking university computers to derail election"

    http://www.theregister.co.uk/content/55/31353.html
    
    By Mike Kemp
    20/06/2003 
       
    WebcamNow, a streaming image service with more than 1.5 million users
    a month, stores user ids and passwords in plain text in the registry
    of users' computers.
    
    The coding snafu, first spotted by bugwatcher Donnie Werner, was
    posted on BugTraq on June 12. The error had not been fixed on June 18,
    when we signed up for the service.
    
    WebcamNow stores usernames and associated passwords in plaintext
    format in the following registry entries:
    
    HKEY_LOCAL_MACHINE\SOFTWARE\WebCamNow\Users\Name
    HKEY_LOCAL_MACHINE\SOFTWARE\WebCamNow\Users\Password
    
    As a result these details can be exposed to any local users who have
    the permissions to view these directories, or any illegitimate
    intruder with the tenacity to gain access to them.
    
    The company has yet to make a formal comment.
    
    Using WebcamNow's service right now may let you see the bored
    housewives from the Midwest in sundry states of undress, but it could
    also allow system intruders, or other legitimate local users, to see
    them too.
    
    WebcamNow is "continually ranked as one of the top 10 "stickiest" Web
    sites on the Net by Nielsen/NetRatings and Media Metrix". It may be
    "sticky" - but secure? Patch, please.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Jun 23 2003 - 03:43:59 PDT