I try to tell my friends to never use their real first and last name because of potential identity theft, but of course no one worries about such things until it happens.
The details of the user profile can be changed, but not the main username. It is okay I suppose if you're a smith or jones or any other common name.
Quote:
Originally Posted by ljocampo
NOT! Facebook never cancels an account. It will always remain forever on the Facebook server. I cancelled my account years ago. Used all the tips to permanently delete it. Guess what, Facebook still has it and can activate it. They never delete anything even when they have you think they do delete it. And I highly suspect the data you had as public is still available for the public to find it, since I still find references to the profile page.
Right to the clipboard. It's the only option available. On the PC side 1Password is a little more clever and will remove the clipboard contents after a short interval. Of course, they can't do this with iOS.
I assume that no app still running in the background will get unfettered access to the clipboard. I had thought about recopying the clipboard data to something nonsensical before switching out from the app but then I realized that the clipboard keeps a fairly long list of the perviously used information.
This is one of those things I expect Apple to be looking for when vetting apps for poor security which is why I'm surprised that they allowed plaintext passwords in a PLIST file to begin with.
Right to the clipboard. It's the option available. On the PC side 1Password is a little more clever and will remove the clipboard contents after a short interval. Of course, they can't do this with iOS.
I assume that no app still running in the background will get unfettered access to the clipboard. I had thought about recopying the clipboard date to something nonsensical before switching out the particular app I'm using the password in but then I realized that the clipboard keeps a fairly long list of the pervious clipboard information.
This is one of those things I expect Apple to be looking for when vetting apps for poor security which is why I'm surprised that they allowed plaintext passwords in a PLIST file to begin with.
This is freaking aces! What an informative post; thanks much!
This is freaking aces! What an informative post; thanks much!
Update: I'm wrong. It keeps a long list of items to Undo, like typing and such, but it appears to only keep the last item on the clipboard. So that's a good thing. I think I will take that extra step and change my clipboard data before leaving an app I've saved a password too. Thanks. I wouldn't have considered checking this more thoroughly without your post.
You seem to be forgetting that back in 2011 Charlie Miller demonstrated a web only hack that broke out of the Safari sandbox at Pwn2Own.
There are tether free Jailbreaking websites sites that work by exploiting flaws accessible from web code.
Sure some of the PDF and font exploits that existed in 2011 have since been plugged, but presumably others remain.
Bottom line if a Jailbreaking website can breakout of the sandbox and not only access the file system but root the device, it can then sure as hell read .plist files from the file system.
Obviously it's easier if the device is already jailbroken and you have physical access but that it's strict requirement.
Comments
The details of the user profile can be changed, but not the main username. It is okay I suppose if you're a smith or jones or any other common name.
NOT! Facebook never cancels an account. It will always remain forever on the Facebook server. I cancelled my account years ago. Used all the tips to permanently delete it. Guess what, Facebook still has it and can activate it. They never delete anything even when they have you think they do delete it. And I highly suspect the data you had as public is still available for the public to find it, since I still find references to the profile page.
Still, even with the app I need to access 1Password and copy the password as it's 22 to 32 randomly generated characters.
Do you copy some non-sensitive text after pasting that password, or do you thrust there is no clipboard hack around?
Or am I being overly suspicious? I haven't heard of any clipboard hacks, but then again, I didn't know about an address book exploit / auto fill exploit and code signing flaw until I read it here.
Thanks,
Phil
http://www.appleinsider.com/print/11...s_malware.html
Do you copy some non-sensitive text after pasting that password, or do you thrust there is no clipboard hack around?
Or am I being overly suspicious? I haven't heard of any clipboard hacks, but then again, I didn't know about an address book exploit / auto fill exploit and code signing flaw until I read it here.
Thanks,
Phil
Right to the clipboard. It's the only option available. On the PC side 1Password is a little more clever and will remove the clipboard contents after a short interval. Of course, they can't do this with iOS.
I assume that no app still running in the background will get unfettered access to the clipboard. I had thought about recopying the clipboard data to something nonsensical before switching out from the app but then I realized that the clipboard keeps a fairly long list of the perviously used information.
This is one of those things I expect Apple to be looking for when vetting apps for poor security which is why I'm surprised that they allowed plaintext passwords in a PLIST file to begin with.
Right to the clipboard. It's the option available. On the PC side 1Password is a little more clever and will remove the clipboard contents after a short interval. Of course, they can't do this with iOS.
I assume that no app still running in the background will get unfettered access to the clipboard. I had thought about recopying the clipboard date to something nonsensical before switching out the particular app I'm using the password in but then I realized that the clipboard keeps a fairly long list of the pervious clipboard information.
This is one of those things I expect Apple to be looking for when vetting apps for poor security which is why I'm surprised that they allowed plaintext passwords in a PLIST file to begin with.
This is freaking aces! What an informative post; thanks much!
This is freaking aces! What an informative post; thanks much!
Update: I'm wrong. It keeps a long list of items to Undo, like typing and such, but it appears to only keep the last item on the clipboard. So that's a good thing. I think I will take that extra step and change my clipboard data before leaving an app I've saved a password too. Thanks. I wouldn't have considered checking this more thoroughly without your post.
Update: I'm wrong. It keeps a long list of items to Undo, like typing and such, but it appears to only keep the last item on the clipboard.
Hahaha, excelling your excellent post, again, thanks much.
There are tether free Jailbreaking websites sites that work by exploiting flaws accessible from web code.
Sure some of the PDF and font exploits that existed in 2011 have since been plugged, but presumably others remain.
Bottom line if a Jailbreaking website can breakout of the sandbox and not only access the file system but root the device, it can then sure as hell read .plist files from the file system.
Obviously it's easier if the device is already jailbroken and you have physical access but that it's strict requirement.