|
#1
November 25th, 2006, 05:19 AM
|
||||
|
||||
|
Firefox Hackers discovered.
Was just watching some American news. There is a warning out for all Firefox users to disable the auto password feature. Hackers have discovered a way to get your password. Just a warning.
Tossed.  November 22, 2006 Phishers Lurk For Firefox 2.0 Password Manager By Sean Michael Kerner Using Mozilla Firefox's built-in Password Manager to keep track of your browser's passwords? It makes site logins faster but it also could help malicious sites steal your passwords. The bug, which has been known to Mozilla for at least 10 days, remains unpatched and exploits as well as a proof of concept exist in the wild. "I was shocked today to find an in-the-wild phish that uses nothing more than cross-site forms, and also extracts information from the Password Manger!" Security Researcher Robert Chapin wrote in a November 12th e-mail posted in the bugzilla bug tracking system. "The underlying method was so obvious that it should have raised multiple warnings," Chapin continued. "There were none at all." The flaw allows a maliciously crafted page to auto-fill a form with credentials intended for another site. Apparently, there is no warning in Firefox 2.0 or previous versions that the credentials are being pulled for the wrong site and submitted to a third party. Details of the flaw first became public this week. Mozilla developers do not yet have a fix. "Since this bug is an in-the-wild attack we're not protecting anyone by hiding the details anyway," Mozilla developer Daniel Veditz wrote in a bugzilla entry. "Up to now, browser makes have focused on user convenience and assumed sites with valuable passwords would be well-written. But they have bugs just like we have bugs so we might have to be more defensive." Last edited by tossedmycookies; November 25th, 2006 at 05:24 AM. Reason: new info 
|
|
#2
November 25th, 2006, 10:00 AM
|
||||
|
||||
|
I find it interesting that firefox is making the headlines about this flaw when MSIE 7 has the very same problem.
__________________
Dan Registered Linux User #382181 - Don't be irreplaceable; if you can't be replaced, you can't be promoted. posting tips - cth tos - how to post hijackthis log
|
|
#3
November 25th, 2006, 11:26 AM
|
|||
|
|||
|
Yes its interesting indeed......
If they both have it why isnt IE7's issues being disclosed?
__________________
(\__/) (='.'=) This is Bunny. Copy and paste bunny into your (")_(") signature to help him gain world domination.
|
|
#4
November 25th, 2006, 05:59 PM
|
||||
|
||||
|
Quote:
__________________
Dan Registered Linux User #382181 - Don't be irreplaceable; if you can't be replaced, you can't be promoted. posting tips - cth tos - how to post hijackthis log
|
|
#5
November 28th, 2006, 02:47 AM
|
|||
|
|||
|
IE7 + issues
wow im surprised not ive found out the hard way about its little flaws. some day maybe a good reliable and safe browser can be written maybe probably not hmm so i am looking to dump all this stuff and finally get a mac in the early spring time or late winter
__________________
Randy the Easterwabbit! dell inspiron 5100 laptop 2.66ghz G4 intel cpu 512k ram broadcom 440x 10/100 controller not acknowledging the ethernet cable for some reason, help! (\__/) (='.'=) (")_(")
|
|
#7
November 30th, 2006, 12:39 AM
|
|||
|
|||
|
I always find it interesting that people are quick to want to shoot the messenger instead of addressing the fact that there is, and probably never will be any such thing as perfect security, and on some level the user need to take a certain degree of responsibility for his/her browsing habits. I dont know how many times I've seen people with logins and password combinations such as...
user:johnsmith pass:johnsmith ...and they'll use it for everything including online banking and bill payment! UGH!!!! If people would follow a few common sense security practices much of this would be a complete non-issue. This are some of my rules for a happy and secure internet experience. 1. create a "throw-away" email address through yahoo or some other free provider that should it get hacked or spammed it becomes inconsequential. And use this for logins to the various social networking sites and places that want to collect email addresses. 2. When filling out profile data NEVER use or post accurate information about yourself. When asked for this info on a website, I tend to become... Herman Munster 1313 Mockingbird Lane Beverly Hills CA. 90210 3. When performing any sort of monetary transaction online, make sure you're on a secure socket, and type your username and password in manually with a large randomly generated password. If you cant remember it, write the thing down on a piece of paper...and change it every few months. Also do not let your browser remember any of this info or set any persistent cookies. 4. Finally, don't maintain ANY sensitive information on you computer. Very few home/personal computers have any sort of hardened security and even a fairly novice hacker can get into your system. Spend 5 minutes in an online chat room and you're a potential victim. I don't mean for this to sound like a rant or anything but if more people would follow these types of rules, and use their brains for a moment, the chances of anything happening to you or your personal information will become greatly diminished no matter how many security holes there may be in a piece of software.
|
 |
| Bookmarks |
«
Previous Topic
|
Next Topic
»
| Topic Tools | |
|
|
All times are GMT +1. The time now is 08:25 PM.
[
RSS ]
