Schneier on Security
A blog covering security and security technology.
December 13, 2004
The Doghouse: Internet Security Foundation
This organization wants to sell their tool to view passwords in textboxes "hidden" by asterisks on Windows. They claim it's "a glaring security hole in Microsoft Windows" and a "grave security risk." Their webpage is thick with FUD, and warns that criminals and terrorists can easily clean out your bank accounts because of this problem.
Of course the problem isn't that users type passwords into their computers. The problem is that programs don't store passwords securely. The problem is that programs pass passwords around in plaintext. The problem is that users choose lousy passwords, and then store them insecurely. The problem is that financial applications are still relying on passwords for security, rather than two-factor authentication.
But the "Internet Security Foundation" is trying to make as much noise as possible. They even have this nasty letter to Bill Gates that you can sign (36 people had signed, the last time I looked). I'm not sure what their angle is, but I don't like it.
Powered by Movable Type. Photo at top by Per Ervland.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.