The multi protocol Instant Messenger, Pidgin, is failry common in Gnome based distros of Linux desktops such as ubuntu. I did a little digging into it and found that it contains plain text passwords and logs that can be extracted. While we know the legalities of using those passwords cannot go beyond certain scopes (i.e. logging into email servers with those found credentials), we could add to the arsenal of found passwords for unlocking things like zip files. Chat logs can also be found. While a person can easily turn these things off, most users tend to neglect this.
/home/USER/.purple/accounts.xml shows an XML format for the accounts that are present on the machine. Passwords will be present under the password element.
/home/USER/.purple/blist.xml has a list of all associated “buddies” that the user are inherited by the IM protocol. MAC times present. I assume Modified times alter when new “buddies” are added/deleted.
/home/USER/.purple/logs directory will have separate folders for the different IM protocols used. Here is the meat of the chat logs used. Big thing here is that the logs DO have timestamps on them! I’m assuming the times are local to the machine.
The format that these are put in really are helpful for analysis. Everything is nicely sorted for looking at. A concern I have is that MAC times can be Modifies, rather than a new file being created each and every time a setting is altered. I would like to confirm this later when I have time.
Another confirmation that I’d like to have is the builtin capability to tranfer files. Where the files go, how the IM client logs this information
So… if you chat, and are worried about security, don’t store passwords in pidgin. It’s not as secure as you’d think
Tags: linkedin