Users Online Now:
1,418
(
Who's On?
)
Visitors Today:
266,567
Pageviews Today:
424,895
Threads Today:
135
Posts Today:
2,181
05:25 AM
Directory
Adv. Search
Topics
Forum
Back to Forum
Back to Thread
REPLY TO THREAD
Subject
Firefox flaw enables hackers to steal passwords
User Name
Font color:
Default
Dark Red
Red
Orange
Brown
Yellow
Green
Olive
Cyan
Blue
Dark Blue
Indigo
Violet
Black
Font:
Default
Verdana
Tahoma
Ms Sans Serif
In accordance with industry accepted best practices we ask that users limit their copy / paste of copyrighted material to the relevant portions of the article you wish to discuss and no more than 50% of the source material, provide a link back to the original article and provide your original comments / criticism in your post with the article.
[quote:Psychic Vampire:MV8zMDkyMDFfNTMwNjk0NV81N0RBNzQ4NQ==] [color=blue]I'm sticking to opera[/color] :ohyeah: [/quote]
Original Message
Thursday, 23 November 2006
One of the things that users like about Firefox - it's ability to remember passwords - has suddenly become a liability because of new vulnerability that allows hackers to steal previously saved passwords.
The vulnerability, which affects the latest release of Firefox, version 2.0, has been called a reverse cross-site request (RCSR) by its discoverer Robert Chapin, a Microsoft Certified Engineer.
According to Chapin, the flaw could affect anyone visiting a weblog or forum website that allows user-contributed HTML codes to be added.
Basically, what can occur is that a hacker can put up a fake form on a trusted site like MySpace (which has reportedly already occurred) and users simply have to click on the form for their saved passwords to be transmitted to the hacker's website. Worse still, a hacker can put up an invisible form on a page and users can unwittingly transmit their passwords unwittingly by clicking on the part of the page that contains the invisible form.
On his website, Chapin says that Internet Explorer 7 users could also be vulnerable to such attacks but less so because passwords will not automatically be transitted in Internet Explorer unless the RCSR form appears on the same page as a legitimate login form.
The good news for Firefox users is that the problem is easily fixed until a patch is made available. They can simply untick the remember passwords for sites box which is accessible from the tools menu and selecting options then security.
[
link to www.itwire.com.au
]
Pictures (click to insert)
General
Politics
Bananas
People
Potentially Offensive
Emotions
Big Round Smilies
Aliens and Space
Friendship & Love
Textual
Doom
Misc Small Smilies
Religion
Love
Random
View All Categories
|
Next Page >>