Brian Breslin, of Twitbin, left a comment saying that Twitbin fixed the security flaw I previously pointed out. Cooool!
UPDATE: FIXED. See the comments below.
A couple weeks ago, I installed twitbin, a Firefox extension that loads twitter in a sidebar. But, I just happened to be checking my browser cookies, and I noticed that my twitter username and PASSWORD were stored in my browser cookies in plaintext! This is not even a session cookie -- it is persistent, with a one-year expiration.
Are you kidding me?! Twitbin -- uninstalled.
"[I]t is never appropriate for cookies to contain plaintext user names and passwords." [The World Wide Web Security FAQ]
The WordPress crew have announced that the WordPress 2.1.1 download got cracked by an unnamed attacker who injected some code that would allow remote code execution. I'm glad I haven't upgraded!
For XP Pro: Go to Start/Administrative Tools/Local Security Policy/Security Settings/Local Policies/Security Options
Accounts: Limit local account use of blank passwords to console logon only. This is enabled by default, disable it.
For XP Home: (Keith Miller) Go to Start/Run/Regedit and navigate to this key:
Value name: limitblankpassworduse, Type: REG_DWORD, Data: 0 (disabled) 1 (enabled)
For Home: Run Scheduled Task without a Password (Line 67)
Windows XP FAQ