On Tue, Feb 16, 1999 at 01:02:08PM -0600, HD Moore wrote: > The password is *still* in the registry after you close netscape, Now that we are talking about Netscape, here is another similar bug. Kabsoftware (http://www.kabsoftware.com) produces a *very* handy utility that let's you check your email via POP3 (without downloading it) and other stuff like that (check their www page if you are interested). It appears that Lydia (the utility) stores the user passwords in C:\Windows\Lydia.INI. However, the encryption algorithm is trivial. I am not a cryptanalyst in any way and it took me 30min to find out the mapping between the ascii space and the scrambling they do. (Basically they map each character to 2 bytes). I notified Kabsoftware in January, and they responded promptly that "the encryption in Lydia algorithm is casual" and that they are going to change it in a future release. -- Yiorgos Adamopoulos -- #include <std/disclaimer.h> adamoat_private -- Knowledge and Data Base Systems Laboratory, NTUA
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:36:00 PDT