People Using Nifty Stats - you might want to check this - GoFuckYourself.com

Machete_ · 11-12-2008, 02:10 PM

I tested Nifty Stats, and really liked it, and was just about to upgrade to the Pro version.

Just to test a few things I went in to the DB file and was quite shocked that all my passwords and usernames was stored in the database, UNencrypted, in a big flat file.

I dont do drama, but this is a security issue I think the users should be aware of.

The program default install path is in "C:\Documents and Settings\USERNAME\Application Data"

That folder is assessible by some Browserplugins

papill0n · 11-12-2008, 02:27 PM

going to check that right now

polish_aristocrat · 11-12-2008, 02:27 PM

not my biz, but you said you left adult...

Machete_ · 11-12-2008, 02:30 PM

Quote:

Originally Posted by polish_aristocrat

not my biz, but you said you left adult...

I think you should read what I wrote again

Super Negro · 11-12-2008, 02:39 PM

I just checked mine and it is a completely encrypted file, I can't read anything in it, all characters and jibberish

Machete_ · 11-12-2008, 02:45 PM

Quote:

Originally Posted by Super Negro

I just checked mine and it is a completely encrypted file, I can't read anything in it, all characters and jibberish

then send it to me - email is in the sig

Super Negro · 11-12-2008, 02:50 PM

Quote:

Originally Posted by ebus_dk

then send it to me - email is in the sig

nice try

margarita · 11-12-2008, 03:42 PM

You can change the folder but AFAIK browser plugins can read ANY files and folders on your HDD which are accessible by current user's permissions (do you keep only encrypted docs on your disk?). That's why you definitely should not install any unsigned and untrusted ActiveX and programs.
Correct me if I'm wrong but once I was using plugin in IE for uploading of photos ant it uploaded all photos I've threw to it and they were not in "application data" folder for sure

Lace · 11-12-2008, 03:44 PM

loginBLAHxpassBLAHx

yeah, pretty open...

NinjaSteve · 11-12-2008, 04:48 PM

At least you'd need a user/pass from what Lace is saying.

Machete_ · 11-12-2008, 04:52 PM

Quote:

Originally Posted by NinjaSteve

At least you'd need a user/pass from what Lace is saying.

no - that is NOT what he said, and its NOT how it is

kgp43 · 11-18-2008, 12:58 AM

up we go

Bro Media - BANNED FOR LIFE · 11-18-2008, 01:13 AM

Oh damn, that sucks...

Hopefully Jenna sees this and they roll out an update with encryption?

Machete_ · 11-18-2008, 01:19 AM

Quote:

Originally Posted by Retox Josh

Oh damn, that sucks...

Hopefully Jenna sees this and they roll out an update with encryption?

They know it, but claim its not a issue.

They also claim that any other software out there stores the passwords unencrypted in clear text files

I dont know who Jenna from Nifty is. The Support team that answer Nifty Stats Questions, dont want to tell me their names

11-12-2008, 02:10 PM	#1
Machete_ WINNING! Industry Role: Join Date: Oct 2002 Posts: 14,579	People Using Nifty Stats - you might want to check this I tested Nifty Stats, and really liked it, and was just about to upgrade to the Pro version. Just to test a few things I went in to the DB file and was quite shocked that all my passwords and usernames was stored in the database, UNencrypted, in a big flat file. I dont do drama, but this is a security issue I think the users should be aware of. The program default install path is in "C:\Documents and Settings\USERNAME\Application Data" That folder is assessible by some Browserplugins

11-12-2008, 02:27 PM	#3
polish_aristocrat Too lazy to set a custom title Join Date: Jul 2002 Posts: 40,381	not my biz, but you said you left adult... __________________ I don't use ICQ anymore.

11-12-2008, 03:42 PM	#8
margarita Confirmed User Join Date: Jun 2003 Posts: 917	You can change the folder but AFAIK browser plugins can read ANY files and folders on your HDD which are accessible by current user's permissions (do you keep only encrypted docs on your disk?). That's why you definitely should not install any unsigned and untrusted ActiveX and programs. Correct me if I'm wrong but once I was using plugin in IE for uploading of photos ant it uploaded all photos I've threw to it and they were not in "application data" folder for sure __________________ Check out my favourite kinky sponsor and must-have tool Nifty Stats

11-12-2008, 03:44 PM	#9
Lace Too lazy to set a custom title Industry Role: Join Date: Mar 2004 Posts: 16,112	loginBLAHxpassBLAHx yeah, pretty open... __________________ Your Paysite Partner Strength In Numbers! StickyDollars \| RadicalCash \| KennysPennies HomegrownCash \| GhostCash

11-12-2008, 04:48 PM	#10
NinjaSteve Too lazy to set a custom title Industry Role: Join Date: Dec 2003 Posts: 11,089	At least you'd need a user/pass from what Lace is saying. __________________ ...

11-12-2008, 02:27 PM	#2
papill0n Unregistered Abuser Industry Role: Join Date: Oct 2007 Posts: 15,547	going to check that right now

11-12-2008, 02:39 PM	#5
Super Negro So Fucking Banned Join Date: Aug 2006 Posts: 215	I just checked mine and it is a completely encrypted file, I can't read anything in it, all characters and jibberish

11-18-2008, 12:58 AM	#12
kgp43 Confirmed User Join Date: Jan 2005 Posts: 143	up we go __________________ ... .

11-18-2008, 01:13 AM	#13
Bro Media - BANNED FOR LIFE MOBILE PORN: IMOBILEPORN Join Date: Jan 2004 Location: Tinseltown NL Posts: 16,502	Oh damn, that sucks... Hopefully Jenna sees this and they roll out an update with encryption?