Pidgin insecure and my stupidity

pidgin.jpgFor quite some time now I’ve been having a problem with my internet chat program Pidgin. It would work for a while and then all of a sudden I’d notice that the whole computer would come to a screeching halt. Resource usage would go up to 100% on a Linux machine. Not unbelievable but not very common for me. So, I figured out the problem was my instant messaging software Pidgin. Upon further investigation I found out that it probably was due to the Facebook plugin that I installed that let Pidgin log into my Facebook account and show me all the people available on Facebook chat.

Months went by without spending the time to find a solution for this until today I finally decided to really get into it because I love having my clients accessible to me through instant message rather than phone calls or texting. I had switch to using Kopete for the most part till I got around to fixing it but don’t like anything as much as Pidgin.

I completely uninstalled Pidgin and re-installed it and didn’t like when I saw my accounts log back in. There was obviously some information left on my computer after I uninstalled the program. First, I hate that! If you make a package, clean up all your crap when I uninstall it. Second, I found where it was saving its extra information. The folder “./purple” in my home folder. That’s not the shocking part though. I looked into the adium.pngdirectory and noticed my biggest screw up ever. I saved my passwords! I never do that and always advise people to never save a passwords on a computer.Within a file called “accounts.xml” were all my username and passwords for my different instant messaging accounts in clear text for anyone who sat down at my computer to look for and see. I ddin’t check this on a Windows PC or on a Mac (Adium on the Mac) yet but knowing that I do use it on these other operating systems I will be more aware. I also realized I use Pidgin’s portable version on my USB stick that I keep on my keychain. I don’t save passwords or accounts there because I use it so rarely but what if you did and lost your keys or USB stick. Your information is out there for anyone to see.

If for any reason you’ve saved a password on your computer delete them. Go into all your programs and empty out that information. A little bit of extra time logging in will save you many untold hours of grief. Many people use the same passwords over and over again. An experienced hacker knows to start first with the passwords he knows and just figure out the usernames. Don’t be a victim to this possible openning in your security.

Leave a Reply

You must be logged in to post a comment.