From owner-freebsd-security  Thu Apr  8 18:11: 2 1999
Delivered-To: freebsd-security@freebsd.org
Received: from pollux.or.signature.nl (pollux.or.signature.nl [194.229.138.194])
	by hub.freebsd.org (Postfix) with ESMTP id DD35314E82
	for <freebsd-security@FreeBSD.ORG>; Thu,  8 Apr 1999 18:10:27 -0700 (PDT)
	(envelope-from bit@signature.nl)
Received: from localhost (bit@localhost)
	by pollux.or.signature.nl (8.9.1/8.9.1) with SMTP id DAA12249;
	Fri, 9 Apr 1999 03:07:16 +0200 (MET DST)
Date: Fri, 9 Apr 1999 03:07:16 +0200 (MET DST)
From: Bart Smit <bit@signature.nl>
X-Sender: bit@pollux.or.signature.nl
To: Foxfair Hu <foxfair@news.ks.edu.tw>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Fw: Netscape 4.5 vulnerability
In-Reply-To: <370D516D2EE.C14EFOXFAIR@news.ks.edu.tw>
Message-ID: <Pine.BSF.4.02A.9904090302180.12018-100000@pollux.or.signature.nl>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org



On Fri, 9 Apr 1999, Foxfair Hu wrote:

> session preferences .This file also contains encrypted password for
> pop3.
> Not like a DES , this encryption can be decrypted. As a result of many

Sure it can. How else can Netscape reproduce your password?
That some silly people choose to store their passwords in a file is hardly
new and hardly a problem that belongs on this list.

--Bart



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message