Godlike Productions - Discussion Forum
Users Online Now: 1,772 (Who's On?)Visitors Today: 724,727
Pageviews Today: 1,611,596Threads Today: 685Posts Today: 14,345
10:11 PM


Rate this Thread

Absolute BS Crap Reasonable Nice Amazing
 

Firefox flaw enables hackers to steal passwords

 
Atma
Offer Upgrade

User ID: 160325
United States
11/23/2006 05:35 AM
Report Abusive Post
Report Copyright Violation
Firefox flaw enables hackers to steal passwords
Thursday, 23 November 2006

One of the things that users like about Firefox - it's ability to remember passwords - has suddenly become a liability because of new vulnerability that allows hackers to steal previously saved passwords.

The vulnerability, which affects the latest release of Firefox, version 2.0, has been called a reverse cross-site request (RCSR) by its discoverer Robert Chapin, a Microsoft Certified Engineer.

According to Chapin, the flaw could affect anyone visiting a weblog or forum website that allows user-contributed HTML codes to be added.

Basically, what can occur is that a hacker can put up a fake form on a trusted site like MySpace (which has reportedly already occurred) and users simply have to click on the form for their saved passwords to be transmitted to the hacker's website. Worse still, a hacker can put up an invisible form on a page and users can unwittingly transmit their passwords unwittingly by clicking on the part of the page that contains the invisible form.

On his website, Chapin says that Internet Explorer 7 users could also be vulnerable to such attacks but less so because passwords will not automatically be transitted in Internet Explorer unless the RCSR form appears on the same page as a legitimate login form.

The good news for Firefox users is that the problem is easily fixed until a patch is made available. They can simply untick the remember passwords for sites box which is accessible from the tools menu and selecting options then security.

[link to www.itwire.com.au]
timex

User ID: 161418
Russian Federation
11/23/2006 05:36 AM

Report Abusive Post
Report Copyright Violation
Re: Firefox flaw enables hackers to steal passwords
Thank you Atma for heads up!
higher than high
Atma  (OP)

User ID: 160325
United States
11/23/2006 05:37 AM
Report Abusive Post
Report Copyright Violation
Re: Firefox flaw enables hackers to steal passwords
They can simply untick the remember passwords for sites box which is accessible from the tools menu and selecting options then security.
 Quoting: Atma



Yeah, first I've heard of it.

I just now unticked that box.
Anonymous Coward
User ID: 161420
United Kingdom
11/23/2006 05:43 AM
Report Abusive Post
Report Copyright Violation
Re: Firefox flaw enables hackers to steal passwords
Yeah, but what if you don't remember the password? Then you lock yourself out until you have sent e-mails requesting your password from all the sites you log-on to, which in my case is a dozen.
Atma  (OP)

User ID: 160325
United States
11/23/2006 05:46 AM
Report Abusive Post
Report Copyright Violation
Re: Firefox flaw enables hackers to steal passwords
Yeah, but what if you don't remember the password?
 Quoting: Anonymous Coward 161420



Tools > Options > Security > Show Passwords

You can see a list of all your logins and passwords.
Anonymous Coward
User ID: 122324
United Kingdom
11/23/2006 06:29 AM
Report Abusive Post
Report Copyright Violation
Re: Firefox flaw enables hackers to steal passwords
What I don't get is how the developers miss these kind of things in the first place. Being as it's so easy to patch and all. Why wasn't it patched anyway is what I'm thinking. But, I ain't complaining - I don't write software, wouldn't have a clue.
timex

User ID: 161418
Russian Federation
11/23/2006 06:33 AM

Report Abusive Post
Report Copyright Violation
Re: Firefox flaw enables hackers to steal passwords
What I don't get is how the developers miss these kind of things in the first place. Being as it's so easy to patch and all. Why wasn't it patched anyway is what I'm thinking. But, I ain't complaining - I don't write software, wouldn't have a clue.
 Quoting: Anonymous Coward 122324


As a software engineer I would say it is easy to miss a bug or two (thousands).

No software is perfect except

10 PRINT "HELLO WORLD!"

RUN
higher than high
Psychic Vampire

User ID: 155148
United Kingdom
11/23/2006 06:53 AM
Report Abusive Post
Report Copyright Violation
Re: Firefox flaw enables hackers to steal passwords
I'm sticking to opera

ohyeah
Secrets of the CIA Video (2hr 2min)
[link to video.google.co.uk]
Unexplained Mysteries.
[link to www.unexplained-mysteries.com]

Put something usefull in this area not just some stupid saying..
sTeReOToMy

User ID: 86604
United States
11/23/2006 06:55 AM
Report Abusive Post
Report Copyright Violation
Re: Firefox flaw enables hackers to steal passwords
This is good to know. Thanks for the heads-up, Atma.
\"All that we see or seem is but a dream within a dream.\" ~Poe 1827
bada boom
User ID: 161437
United States
11/23/2006 07:22 AM
Report Abusive Post
Report Copyright Violation
Re: Firefox flaw enables hackers to steal passwords
thank you

i wiped out the firefox pw manager.
very nice.
some one is way ahead on be nice to your neighbor points.
good way to start a stressful family knucklehead day.
Atma  (OP)

User ID: 160325
United States
11/23/2006 03:12 PM
Report Abusive Post
Report Copyright Violation
Re: Firefox flaw enables hackers to steal passwords
bump for the afternoon Foxers.
Maxim

User ID: 161579
United States
11/23/2006 03:14 PM
Report Abusive Post
Report Copyright Violation
Re: Firefox flaw enables hackers to steal passwords
I never never never save passwords!





GLP