From: Bruce Murphy <packrat@ratbox.rattus.uwa.edu.au>
Date: Tue, 20 Feb 1996 21:20:11 +0800
To: "'Cypherpunks Mailing List'" <cypherpunks@toad.com>
Subject: Re: Windows 95 encryption shell extension
In-Reply-To: <01BAFEAE.63BB64E0@loki>
Message-ID: <199602201245.UAA00304@ratbox.rattus.uwa.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


In message <01BAFEAE.63BB64E0@loki>, 
  Brian Gorka wrote:
> On Monday, February 19, 1996 4:32 AM, Andy Brown[SMTP:a.brown@nexor.co.uk] 
> wrote:
> >http://www.fim.uni-linz.ac.at/win32/codedrag/codedrag.htm
> >
> >Haven't tried it myself since I don't use Windows 95, just thought
> >I'd report what I saw.
> >
> 
> I downloaded this, AND installed it.  It displays your password right on 
> the screen!!!  No *s, no blind typing.  Anyone looking over ytour shoulder 
> can see what you type as your passphrase!  Come on.
> 

Aha! but what you didn't know was that it was FV's card number
sniffer, and their obviously competent programmer needed another four
weeks to get the '*'s to come up...

One has to wonder about the security of binaries random people put up
especially for closed systems such as Win96 don't you?

--
Packrat (BSc/BE;COSO;Wombat Admin)
Nihil illegitemi carborvndvm.