wants to sell their tool to view passwords in textboxes “hidden” by
asterisks on Windows. They claim it's “a glaring security hole in
Microsoft Windows” and a “grave security risk.” Their webpage is thick
with FUD, and warns that criminals and terrorists can easily clean out
your bank accounts because of this problem.
Of course the problem isn't that users type passwords into their
computers. The problem is that programs don't store passwords securely.
The problem is that programs pass passwords around in plaintext. The
problem is that users choose lousy passwords, and then store them
insecurely. The problem is that financial applications are still
relying on passwords for security, rather than two-factor
But the “Internet Security Foundation” is trying to make as much
noise as possible. They even have this nasty letter to Bill Gates that
you can sign (36 people had signed, the last time I looked). I'm not
sure what their angle is, but I don't like it [Schneier on Security]