Internet Config passwords and security: a second look

Awhile back, we noted another web site's report that the encryption scheme used by Internet Config to encrypt passwords had been broken. An article in the MWJ (an email-only newsletter) points out that there was more smoke than fire behind this revelation: "All any application has to do to get any of the passwords is make a simple call to Internet Config and ask for them. Internet Config returns them just as readily as it would any other parameter. There is no need to run a program to hack the 'Internet Preferences' file because if you can run a program on the target machine, it can just ask for the passwords. Internet Config is a convenience, not a security system. Claiming you've cracked Internet Config is like bragging that you have made a key for an unlocked door."