View unanswered posts | View active topics It is currently Tue Nov 20, 2018 4:58 pm



Reply to topic  [ 7 posts ] 
 For those who use Firefox 2 and IE7 Read! 
Author Message
Gameop
User avatar

Joined: Fri Sep 03, 2004 2:00 am
Posts: 2040
Location: Acworth, Georgis USA
Unread post 
This is why I use Maxthon:


Firefox 2, IE7 Login Exploit
by John Emerson on 20061124 @ 03:39PM EST | google it | send to friends
Channel: Windows | Infopackets Gazette | (related terms: password, login, hacker)


   
The whole point of releasing Mozilla's Firefox 2 and Microsoft's Internet Explorer 7, aside from some flashy buttons and a few bucks for the makers, was to upgrade the security of each browser.

And although the first Firefox was heralded as a divinely secure gift from the web surfing Gods (in the wake of IE6's massive loopholes), both Firefox 2 and Internet Explorer 7 are reportedly susceptible to a new and potent login spoof, which gives hackers the ability to easily swipe passwords and other sensitive information.

    
    
    
   
    
Like Taking Candy From A Baby

According to security guru Robert Chapin, web criminals can phish for passwords by creating a forged login screen. Because Firefox's overly trustworthy Password Manager enters passwords into web forms by default, all the hacker needs to do is wait patiently as the information is plugged in. Once this is done, sensitive data can then be redirected back to the hacker. (Source: info-svc.com)

Thus far, the key to the hack is that the user must be revisiting a trusted website. That's the only way that a standard Password Manager -- found in either Mozilla or Microsoft -- will automatically re-enter login and password information without prompting the user to do so. Still, it's something even the average web surfer does every day, making the problem particularly concerning.

However, the potential for such a crime requires the hacker do a lot of work. He/she must first create a fake login on a website that users will visit, or hack into an already established and trusted web source in order to inject the fake login code. Either way, the result probably isn't worth it for most attackers. (Source: zdnet.com)

Regardless, it's an indication that there are already major security problems with the web's newest browsers, and this last issue should keep both Microsoft and Mozilla busy for some time.

--

_________________
Vulcan's Forge
v1 TWGS telnet://vulcansforge.homeip.net:2002
v2 TWGS telnet://vulcansforge.homeip.net:23
Forum and site down for now.
my Email is vulcan219@comcast.net now


Sat Nov 25, 2006 5:06 am
Profile ICQ YIM
Gameop
User avatar

Joined: Sun Oct 08, 2006 2:00 am
Posts: 991
Unread post 
I guess that is a good reason to use a different browser.... Just in case a hacker hacks a secure website I have already logged into at least once to get my password with a fake login page.

I have heard this only works on Friday the 13th, during a full moon.... ;o (if its raining AND I am using the password manager)

_________________
"All warfare is based on deception..." - Art of War
"Time will tell all tales" - SG
Any advanced tactic in TW is indistinguishable from cheating.


Sat Nov 25, 2006 7:22 am
Profile ICQ
Veteran Op
User avatar

Joined: Thu Jun 02, 2005 2:00 am
Posts: 5558
Location: USA
Unread post 
I belive this particular bug was already fixed in firefox. What's the release date of that vulnerability?

_________________
May the unholy fires of corbomite ignite deep within the depths of your soul...

1. TWGS server @ twgs.navhaz.com
2. The NavHaz Junction - Tradewars 2002 Scripts, Resources and Downloads
3. Open IRC chat @ irc.freenode.net:6667 #twchan
4. Parrothead wrote: Jesus wouldn't Subspace Crawl.

*** SG memorial donations via paypal to: dpocky68@booinc.com
Image


Sat Nov 25, 2006 11:22 am
Profile ICQ WWW
Gameop

Joined: Wed Jun 07, 2006 2:00 am
Posts: 241
Location: Daytona Beach, Florida
Unread post 
I NEVER use ANY password manager. But thanks for the info.

_________________
-=Darkstarbase TWGS=-
http://www.darkstarbase.com
telnet://darkstarbase.no-ip.org:23
Like us on Facebook http://facebook.com/darkstarbase


Sat Nov 25, 2006 2:00 pm
Profile ICQ WWW
Lieutenant

Joined: Sun Nov 07, 2004 3:00 am
Posts: 588
Location: USA
Unread post 
Laff, that doesn't mean maxthon is any securer, the only reason why you don't hear stuff about it, is that its not popular, and most hackers want to affect the greatest amount of people possible. With that in mind, IE7 is still their primary target, but firefox is a close second. Anything is hackable, just depends on how long it will take the hacker to get past it.


Sat Nov 25, 2006 2:17 pm
Profile
Captain
User avatar

Joined: Sat Jun 18, 2005 2:00 am
Posts: 2214
Location: USA
Unread post 
You can disable the auto fill in field option as well; additionally, even if you don’t store passwords and personal information does not completely keep you safe from hackers and crackers, whom either gain admin access to well known sites or setup/fake a mock website or spoof a URL of their own. Of course I heard that many companies frequently toss personal information straight into their dumpsters and that executives frequently take home classified personal information on their laptops and disks to work on at home, I have heard of many cases where their home of vehicle was burglarized and these items were taken; there was a recent case involving an IRS officer having their district offices laptop and IRS ID badges taken from the trunk of their burglarized vehicle.  Also, another issues is with disgruntled employees with access to these types of data and files, they can easily do lots of harm and frequently without anybody else’s knowledge.

_________________
Your reliance upon subjective IRM's, subjugates you through utter omission, obfuscation, and distortion of fact!
Don't mess with me, I will 26 U.S.C. § 7212(a) your IRS!


Sat Nov 25, 2006 6:31 pm
Profile ICQ WWW
Gameop
User avatar

Joined: Fri Sep 03, 2004 2:00 am
Posts: 2040
Location: Acworth, Georgis USA
Unread post 
Singularity wrote:
I belive this particular bug was already fixed in firefox. What's the release date of that vulnerability?


24-November 2006
Firefox 2, IE7 Login Exploit
by John Emerson on 20061124 @ 03:39PM EST | google it | send to friends
Channel: Windows | Infopackets Gazette | (related terms: password, login, hacker)

_________________
Vulcan's Forge
v1 TWGS telnet://vulcansforge.homeip.net:2002
v2 TWGS telnet://vulcansforge.homeip.net:23
Forum and site down for now.
my Email is vulcan219@comcast.net now


Sat Nov 25, 2006 10:47 pm
Profile ICQ YIM
Display posts from previous:  Sort by  
Reply to topic   [ 7 posts ] 

Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by STSoftware.