A True Horror Story About Why We Need Authentication Standards
I am constantly downloading applications and utilities off the web to try this or that out. I am as paranoid as the next guy so I do think about where this app came from and what havock it may or may not be planning.
Still, I often will choose to ignore my most paranoid impulses and go ahead. I came across a story of such a utility which in addition to doing something useful for the user, was stealing passwords.
It is altogether expected that this kind of thing is going on and still, it's a chilling story.
This is an excerpt this post from ReadWriteWeb:
"…What I came across was quite shocking. [name deleted] the apparent creator, hard coded his username and password to his gmail account in source code. All right, not the smartest thing in the world to do, but then I noticed that every time a user adds their account to the program to back up their data, it sends and email with their username and password to his personal email box! Having just entered my own information I became concerned…"
(from: Your Email Password: A True Horror Story About Why We Need Authentication Standards)