Technical readers can follow the full thread on Hacker News, but the brief explanation is that the passwords are simply being obfuscated (meaning, hidden) using a single encryption key which is the same for everybody, according to Bevand’s tests seen here. In Pandora’s case, not only are passwords being stored locally, they’re not properly encrypted. It’s also only possible in modern web browsers which support HTML5 (like the current versions of Chrome, IE and Safari now do). In fact, it’s not very common to save passwords in local storage at all. That being said, it is generally not considered a best practice to store a website’s password on a user’s computer, and if a website is going to do so, then the password should at least be properly encrypted. This is not something that users should immediately freak out about, but it may be worthwhile to change your Pandora password if you access Pandora’s website on a shared computer or at an Internet cafe, especially if that password is one you use across the web for other sites of a more personal and private nature. It was soon after picked up by Hacker News.Ī developer, Marc Bevand, then demonstrated how easy it would be steal a user’s Pandora password off their computer using a simple hack he created in response to the information.
Pandora radio hacked software#
While that’s a step up from the earlier, more concerning situation, it’s still a risk.ĭetails of the issue were first posted to Google+ by Amber Yust, a software engineer at Google. However, it appears that the passwords aren’t being stored in cleartext, but are encrypted using a single static encryption key which is the same for all users. Specifically, those passwords are being stored in the HTML5 local storage area for the website. Initially, word was that Pandora was storing cleartext passwords (meaning unencrypted) directly on users’ hard drives, which would have been a major concern.
It’s not a password leak or an attack, however, but there’s concern that passwords aren’t being well secured on users’ computers. There are reports circulating related to the security of users’ Pandora passwords.
0 kommentar(er)
