People Using Nifty Stats - you might want to check this

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Machete_
    WINNING!
    • Oct 2002
    • 14579

    #1

    People Using Nifty Stats - you might want to check this

    I tested Nifty Stats, and really liked it, and was just about to upgrade to the Pro version.

    Just to test a few things I went in to the DB file and was quite shocked that all my passwords and usernames was stored in the database, UNencrypted, in a big flat file.

    I dont do drama, but this is a security issue I think the users should be aware of.

    The program default install path is in "C:\Documents and Settings\USERNAME\Application Data"

    That folder is assessible by some Browserplugins
  • papill0n
    Unregistered Abuser
    • Oct 2007
    • 15547

    #2
    going to check that right now

    Comment

    • polish_aristocrat
      Too lazy to set a custom title
      • Jul 2002
      • 40377

      #3
      not my biz, but you said you left adult...
      I don't use ICQ anymore.

      Comment

      • Machete_
        WINNING!
        • Oct 2002
        • 14579

        #4
        Originally posted by polish_aristocrat
        not my biz, but you said you left adult...
        I think you should read what I wrote again

        Comment

        • Super Negro
          So Fucking Banned
          • Aug 2006
          • 215

          #5
          I just checked mine and it is a completely encrypted file, I can't read anything in it, all characters and jibberish

          Comment

          • Machete_
            WINNING!
            • Oct 2002
            • 14579

            #6
            Originally posted by Super Negro
            I just checked mine and it is a completely encrypted file, I can't read anything in it, all characters and jibberish
            then send it to me - email is in the sig

            Comment

            • Super Negro
              So Fucking Banned
              • Aug 2006
              • 215

              #7
              Originally posted by ebus_dk
              then send it to me - email is in the sig
              nice try

              Comment

              • margarita
                Confirmed User
                • Jun 2003
                • 917

                #8
                You can change the folder but AFAIK browser plugins can read ANY files and folders on your HDD which are accessible by current user's permissions (do you keep only encrypted docs on your disk?). That's why you definitely should not install any unsigned and untrusted ActiveX and programs.
                Correct me if I'm wrong but once I was using plugin in IE for uploading of photos ant it uploaded all photos I've threw to it and they were not in "application data" folder for sure
                Check out my favourite kinky sponsor and must-have tool Nifty Stats

                Comment

                • Lace
                  Too lazy to set a custom title
                  • Mar 2004
                  • 16116

                  #9
                  loginBLAHxpassBLAHx

                  yeah, pretty open...
                  Your Paysite Partner
                  Strength In Numbers!
                  StickyDollars | RadicalCash | KennysPennies | HomegrownCash

                  Comment

                  • NinjaSteve
                    Too lazy to set a custom title
                    • Dec 2003
                    • 11089

                    #10
                    At least you'd need a user/pass from what Lace is saying.
                    ...

                    Comment

                    • Machete_
                      WINNING!
                      • Oct 2002
                      • 14579

                      #11
                      Originally posted by NinjaSteve
                      At least you'd need a user/pass from what Lace is saying.
                      no - that is NOT what he said, and its NOT how it is

                      Comment

                      • kgp43
                        Confirmed User
                        • Jan 2005
                        • 143

                        #12
                        up we go
                        ...
                        .

                        Comment

                        • Bro Media - BANNED FOR LIFE
                          MOBILE PORN: IMOBILEPORN
                          • Jan 2004
                          • 16502

                          #13
                          Oh damn, that sucks...

                          Hopefully Jenna sees this and they roll out an update with encryption?

                          Comment

                          • Machete_
                            WINNING!
                            • Oct 2002
                            • 14579

                            #14
                            Originally posted by Retox Josh
                            Oh damn, that sucks...

                            Hopefully Jenna sees this and they roll out an update with encryption?
                            They know it, but claim its not a issue.

                            They also claim that any other software out there stores the passwords unencrypted in clear text files

                            I dont know who Jenna from Nifty is. The Support team that answer Nifty Stats Questions, dont want to tell me their names

                            Comment

                            Working...