Last week, I was watching the season finale of the second season of Heroes. It's not technically the season finale, but with the Hollywood writer's strike, they finished off the first part of the season until new episodes could be written.
Anyhow, my memory seems to be bit fuzzy at the moment, but there was a scene in there which caused me to laugh out loud. Two of the characters have broken into the evil corporation Primatech's headquarters in order to destroy the Shanti virus (why the heck can't I remember the exact details?). They login to a computer, enter in the username and then enter in the password.
Normally, when you enter in a password in pretty much any web page anywhere on the web, or any computer system anywhere in the world, it looks like this:
Of course, that's in Windows. If you go to a web page in Firefox and enter in your password, it looks like this:
In this episode of Heroes, the character who I can't remember enters in the password. However, instead of the characters being obfuscated, the password characters are echoed to the screen in plain text and we learn that the password is MIDAS.
I'm beginning to see why the Corporation couldn't control the people they released on the world or capture the good/bad guys. With security measures like that, where passwords are echoed to the screen (and probably stored in plain text, no doubt), one would think that breaches are par for the course.
The heroes were typing asterisks at the keyboard.
The actual password was stored with an LM hash.
Each time the hero typed an asterisk, a cracker program displayed the next character of the actual password.