Re: Getting password list for backup
George Carden wrote: Bill Davidsen wrote: I am doing some work for an agency which has a requirement that they will have a recent copy of all passwords stored on any computer accessing their site. Previously I was able to use an HTML file which did the job, it doesn't work with recent SM versions. This isn't a discussion of whether that's a good idea, it's a policy requirement, and not worth quitting over, since I got a letter from the legal department saying I had told them it was a bad idea, and I'm not on the hook if there's a compromise. It will be done, the question is if there is a way to do it easily and get it on dead trees. Oh, and a way to conveniently move a limited number from one machine to another would be a time saver, as well. If there is such a thing. I use the technique on this page...Be sure to follow the instructions at the bottom for it to work. http://the-edmeister.com/firefox_info/Firefox_Passwords_Info.html There is also an updated version at the bottom of this page: http://edmullen.net/mozilla/moz_pw.php -- Ed Mullen http://edmullen.net/ A dirty book is rarely dusty. ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: Getting password list for backup
George Carden wrote: I use the technique on this page...Be sure to follow the instructions at the bottom for it to work. http://the-edmeister.com/firefox_info/Firefox_Passwords_Info.html TY I have been looking for such a thing for a long time. I can now throw away my scribble notes. It says FF but works in SM 2.9. Ray ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: Getting password list for backup
George Carden wrote: Bill Davidsen wrote: I am doing some work for an agency which has a requirement that they will have a recent copy of all passwords stored on any computer accessing their site. Previously I was able to use an HTML file which did the job, it doesn't work with recent SM versions. [...snip...] I use the technique on this page...Be sure to follow the instructions at the bottom for it to work. http://the-edmeister.com/firefox_info/Firefox_Passwords_Info.html Thanks for the suggestion, will try it. -- Bill Davidsen david...@tmr.com We are not out of the woods yet, but we know the direction and have taken the first step. The steps are many, but finite in number, and if we persevere we will reach our destination. -me, 2010 ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: Getting password list for backup
MCBastos wrote: Interviewed by CNN on 02/04/2012 02:00, Bill Davidsen told the world: I am doing some work for an agency which has a requirement that they will have a recent copy of all passwords stored on any computer accessing their site. Unfortunately I don't have a technical solution for you, but... They are requiring you to surrender ALL passwords that you save on your computer, even ones for totally unrelated purposes/websites/services/banks, just because you *accessed their web site*? That's whack, man! Their computer. Personally, I would go the route of not saving ANY password on the computer. That way, you fulfill their absurd requirement without actually surrendering any password. It's a drag, having to type all passwords by hand, but still better than surrendering your personal passwords to a third party. There are no personal passwords, and I'm not just accessing their web site, I'm doing stuff for them. Using a computer used for nothing else, running Linux, accessing no public anything (the VPN only lets me talk to them). To lessen the drudgery, I would set up a LastPass account to handle all the low-security passwords (forums and such). Since those passwords are stored in the cloud, they should be technically exempt from that requirement too. But I wouldn't trust LastPass with IMPORTANT passwords, like for banking -- but then, I don't save those in Seamonkey either. Hell, I don't even trust Keepass with those, and that's stored in a local file using allegedly high-security encryption. I will keep no other copies of passwords, access codes, or any similar material, except on the encrypted disk. Another possibility is having a copy of Portable Seamonkey/Firefox/Opera/Chrome on a USB drive, and only saving passwords on THAT copy -- again, technically not saved on the computer. For which I could go to prison. I do _not_ try to think about beating the rules. -- Bill Davidsen david...@tmr.com We are not out of the woods yet, but we know the direction and have taken the first step. The steps are many, but finite in number, and if we persevere we will reach our destination. -me, 2010 ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: Getting password list for backup
NoOp wrote: On 04/01/2012 10:00 PM, Bill Davidsen wrote: I am doing some work for an agency which has a requirement that they will have a recent copy of all passwords stored on any computer accessing their site. Previously I was able to use an HTML file which did the job, it doesn't work with recent SM versions. Easy. If you wish to copy the SeaMonkey PW's have a look at: https://bugzilla.mozilla.org/show_bug.cgi?id=571997#c23 Otherwise review the thread regarding this issue from just a few days ago (Subject: my bad, my bad) This isn't a discussion of whether that's a good idea, it's a policy requirement, and not worth quitting over, since I got a letter from the legal department saying I had told them it was a bad idea, and I'm not on the hook if there's a compromise. That's the scariest policy that I've ever heard. Don't know what the agency is (a phishing agency? - certainly can't be a government agency), but I'd strongly suggest hiring a lawyer yourself contesting the issue. If you have a Facebook account, an ISP account (you are Verizon), etc., you are most likely in violation of their TOS by releasing your passwords to a third party, and may be dropped completely[1]. If you actually plan to give these people *all* of your passwords, then I hope you are prepared to turn over up your /etc/passwd, /etc/shadow, all ssh keys, pam keys, vnc password, root password, secure logs (and of course the system passwords so they can access those as well, TrueCrypt passwords, ecryptfs passwords, etc., etc. You might just as well drop your drawers and let them have at it. Were I you, I'd ask them to provide me with a machine that will be used *solely* for accessing their site/data/whatever tell them to either take a flying leap regarding the other, or face a lawsuit. I'm pretty sure that the EFF might be interested in your 'situation'. It will be done, the question is if there is a way to do it easily and get it on dead trees. Oh, and a way to conveniently move a limited number from one machine to another would be a time saver, as well. If there is such a thing. So you'll be giving them the passwords on the other machine as well? Either way... good luck. [1] Simple example for you: http://www.verizon.net/policies/vzcom/tos_popup.asp [MANAGEMENT OF YOUR DATA AND COMPUTER. - Your Responsibilities Regarding Security.] THe OP has offered a clarification that the passwords are for access TO (and from)the website in question. ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: Getting password list for backup
Rick Merrill wrote: NoOp wrote: On 04/01/2012 10:00 PM, Bill Davidsen wrote: I am doing some work for an agency which has a requirement that they will have a recent copy of all passwords stored on any computer accessing their site. Previously I was able to use an HTML file which did the job, it doesn't work with recent SM versions. Easy. If you wish to copy the SeaMonkey PW's have a look at: https://bugzilla.mozilla.org/show_bug.cgi?id=571997#c23 Otherwise review the thread regarding this issue from just a few days ago (Subject: my bad, my bad) This isn't a discussion of whether that's a good idea, it's a policy requirement, and not worth quitting over, since I got a letter from the legal department saying I had told them it was a bad idea, and I'm not on the hook if there's a compromise. That's the scariest policy that I've ever heard. Don't know what the agency is (a phishing agency? - certainly can't be a government agency), but I'd strongly suggest hiring a lawyer yourself contesting the issue. If you have a Facebook account, an ISP account (you are Verizon), etc., you are most likely in violation of their TOS by releasing your passwords to a third party, and may be dropped completely[1]. If you actually plan to give these people *all* of your passwords, then I hope you are prepared to turn over up your /etc/passwd, /etc/shadow, all ssh keys, pam keys, vnc password, root password, secure logs (and of course the system passwords so they can access those as well, TrueCrypt passwords, ecryptfs passwords, etc., etc. You might just as well drop your drawers and let them have at it. Were I you, I'd ask them to provide me with a machine that will be used *solely* for accessing their site/data/whatever tell them to either take a flying leap regarding the other, or face a lawsuit. I'm pretty sure that the EFF might be interested in your 'situation'. It will be done, the question is if there is a way to do it easily and get it on dead trees. Oh, and a way to conveniently move a limited number from one machine to another would be a time saver, as well. If there is such a thing. So you'll be giving them the passwords on the other machine as well? Either way... good luck. [1] Simple example for you: http://www.verizon.net/policies/vzcom/tos_popup.asp [MANAGEMENT OF YOUR DATA AND COMPUTER. - Your Responsibilities Regarding Security.] THe OP has offered a clarification that the passwords are for access TO (and from)the website in question. ...then the site admin should be perfectly able to manage them himself. Probably via a cookie, like everyone else. -- - Rufus ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: Getting password list for backup
Bill Davidsen wrote: I am doing some work for an agency which has a requirement that they will have a recent copy of all passwords stored on any computer accessing their site. Previously I was able to use an HTML file which did the job, it doesn't work with recent SM versions. This isn't a discussion of whether that's a good idea, it's a policy requirement, and not worth quitting over, since I got a letter from the legal department saying I had told them it was a bad idea, and I'm not on the hook if there's a compromise. It will be done, the question is if there is a way to do it easily and get it on dead trees. Oh, and a way to conveniently move a limited number from one machine to another would be a time saver, as well. If there is such a thing. I use the technique on this page...Be sure to follow the instructions at the bottom for it to work. http://the-edmeister.com/firefox_info/Firefox_Passwords_Info.html ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: Getting password list for backup
Interviewed by CNN on 02/04/2012 02:00, Bill Davidsen told the world: I am doing some work for an agency which has a requirement that they will have a recent copy of all passwords stored on any computer accessing their site. Unfortunately I don't have a technical solution for you, but... They are requiring you to surrender ALL passwords that you save on your computer, even ones for totally unrelated purposes/websites/services/banks, just because you *accessed their web site*? That's whack, man! Personally, I would go the route of not saving ANY password on the computer. That way, you fulfill their absurd requirement without actually surrendering any password. It's a drag, having to type all passwords by hand, but still better than surrendering your personal passwords to a third party. To lessen the drudgery, I would set up a LastPass account to handle all the low-security passwords (forums and such). Since those passwords are stored in the cloud, they should be technically exempt from that requirement too. But I wouldn't trust LastPass with IMPORTANT passwords, like for banking -- but then, I don't save those in Seamonkey either. Hell, I don't even trust Keepass with those, and that's stored in a local file using allegedly high-security encryption. Another possibility is having a copy of Portable Seamonkey/Firefox/Opera/Chrome on a USB drive, and only saving passwords on THAT copy -- again, technically not saved on the computer. -- MCBastos This message has been protected with the 2ROT13 algorithm. Unauthorized use will be prosecuted under the DMCA. -=-=- ... Sent from my HOLMES IV. * Added by TagZilla 0.7a1 running on Seamonkey 2.8 * Get it at http://xsidebar.mozdev.org/modifiedmailnews.html#tagzilla ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: Getting password list for backup
On 4/1/12 10:00 PM, Bill Davidsen wrote: I am doing some work for an agency which has a requirement that they will have a recent copy of all passwords stored on any computer accessing their site. Previously I was able to use an HTML file which did the job, it doesn't work with recent SM versions. This isn't a discussion of whether that's a good idea, it's a policy requirement, and not worth quitting over, since I got a letter from the legal department saying I had told them it was a bad idea, and I'm not on the hook if there's a compromise. It will be done, the question is if there is a way to do it easily and get it on dead trees. Oh, and a way to conveniently move a limited number from one machine to another would be a time saver, as well. If there is such a thing. Have the legal department re-examine the issue. Your client wants a copy of all MY passwords if I access its Web site. That is, your client wants a copy of a file on my computer that I do not want to share with anyone. I believe that, in the U.S., this is a criminal offense. Even for a law enforcement agency, this is illegal without a search warrent. I am quite sure that, in the EU, this is definitely a criminal offense. When I was a software engineer, I would definitely have refused to comply with this request. I would have also informed the appropriate law enforcement agency. (If the request originated from a law enforcement agency, I would have informed my Representative and Senator in Congress; however, I never had any law enforcement agency as a client.) -- David E. Ross http://www.rossde.com/. Anyone who thinks government owns a monopoly on inefficient, obstructive bureaucracy has obviously never worked for a large corporation. © 1997 by David E. Ross ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: Getting password list for backup
On 04/01/2012 10:00 PM, Bill Davidsen wrote: I am doing some work for an agency which has a requirement that they will have a recent copy of all passwords stored on any computer accessing their site. Previously I was able to use an HTML file which did the job, it doesn't work with recent SM versions. Easy. If you wish to copy the SeaMonkey PW's have a look at: https://bugzilla.mozilla.org/show_bug.cgi?id=571997#c23 Otherwise review the thread regarding this issue from just a few days ago (Subject: my bad, my bad) This isn't a discussion of whether that's a good idea, it's a policy requirement, and not worth quitting over, since I got a letter from the legal department saying I had told them it was a bad idea, and I'm not on the hook if there's a compromise. That's the scariest policy that I've ever heard. Don't know what the agency is (a phishing agency? - certainly can't be a government agency), but I'd strongly suggest hiring a lawyer yourself contesting the issue. If you have a Facebook account, an ISP account (you are Verizon), etc., you are most likely in violation of their TOS by releasing your passwords to a third party, and may be dropped completely[1]. If you actually plan to give these people *all* of your passwords, then I hope you are prepared to turn over up your /etc/passwd, /etc/shadow, all ssh keys, pam keys, vnc password, root password, secure logs (and of course the system passwords so they can access those as well, TrueCrypt passwords, ecryptfs passwords, etc., etc. You might just as well drop your drawers and let them have at it. Were I you, I'd ask them to provide me with a machine that will be used *solely* for accessing their site/data/whatever tell them to either take a flying leap regarding the other, or face a lawsuit. I'm pretty sure that the EFF might be interested in your 'situation'. It will be done, the question is if there is a way to do it easily and get it on dead trees. Oh, and a way to conveniently move a limited number from one machine to another would be a time saver, as well. If there is such a thing. So you'll be giving them the passwords on the other machine as well? Either way... good luck. [1] Simple example for you: http://www.verizon.net/policies/vzcom/tos_popup.asp [MANAGEMENT OF YOUR DATA AND COMPUTER. - Your Responsibilities Regarding Security.] ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Getting password list for backup
I am doing some work for an agency which has a requirement that they will have a recent copy of all passwords stored on any computer accessing their site. Previously I was able to use an HTML file which did the job, it doesn't work with recent SM versions. This isn't a discussion of whether that's a good idea, it's a policy requirement, and not worth quitting over, since I got a letter from the legal department saying I had told them it was a bad idea, and I'm not on the hook if there's a compromise. It will be done, the question is if there is a way to do it easily and get it on dead trees. Oh, and a way to conveniently move a limited number from one machine to another would be a time saver, as well. If there is such a thing. -- Bill Davidsen david...@tmr.com We are not out of the woods yet, but we know the direction and have taken the first step. The steps are many, but finite in number, and if we persevere we will reach our destination. -me, 2010 ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: Getting password list for backup
Bill Davidsen wrote: I am doing some work for an agency which has a requirement that they will have a recent copy of all passwords stored on any computer accessing their site. Previously I was able to use an HTML file which did the job, it doesn't work with recent SM versions. ...that's a comfort. This isn't a discussion of whether that's a good idea, it's a policy requirement, and not worth quitting over, since I got a letter from the legal department saying I had told them it was a bad idea, and I'm not on the hook if there's a compromise. It will be done, the question is if there is a way to do it easily and get it on dead trees. ...let's hope/pray not. I wouldn't mind knowing whom this client is, so I can avoid *ever* doing biz with them, or *ever* visiting any of their websites. In fact, I'd like to know more about just how someone would do this, as my own security people warned me some time ago that storing passwords on your machine in any form is a *bad* idea in the first place...now I guess I know why. Oh, and a way to conveniently move a limited number from one machine to another would be a time saver, as well. If there is such a thing. This is exactly why I export/import .html Bookmarks - usually I only want a subset, not a complete Synch between machines. Bad hunting to you... -- - Rufus ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
