|
Page 1 of 1
|
[ 7 posts ] |
|
For those who use Firefox 2 and IE7 Read!
Author |
Message |
Vulcan
Gameop
Joined: Fri Sep 03, 2004 2:00 am Posts: 2041 Location: Acworth, Georgis USA
|
This is why I use Maxthon:
Firefox 2, IE7 Login Exploit
by John Emerson on 20061124 @ 03:39PM EST | google it | send to friends
Channel: Windows | Infopackets Gazette | (related terms: password, login, hacker)
The whole point of releasing Mozilla's Firefox 2 and Microsoft's Internet Explorer 7, aside from some flashy buttons and a few bucks for the makers, was to upgrade the security of each browser.
And although the first Firefox was heralded as a divinely secure gift from the web surfing Gods (in the wake of IE6's massive loopholes), both Firefox 2 and Internet Explorer 7 are reportedly susceptible to a new and potent login spoof, which gives hackers the ability to easily swipe passwords and other sensitive information.
Like Taking Candy From A Baby
According to security guru Robert Chapin, web criminals can phish for passwords by creating a forged login screen. Because Firefox's overly trustworthy Password Manager enters passwords into web forms by default, all the hacker needs to do is wait patiently as the information is plugged in. Once this is done, sensitive data can then be redirected back to the hacker. (Source: info-svc.com)
Thus far, the key to the hack is that the user must be revisiting a trusted website. That's the only way that a standard Password Manager -- found in either Mozilla or Microsoft -- will automatically re-enter login and password information without prompting the user to do so. Still, it's something even the average web surfer does every day, making the problem particularly concerning.
However, the potential for such a crime requires the hacker do a lot of work. He/she must first create a fake login on a website that users will visit, or hack into an already established and trusted web source in order to inject the fake login code. Either way, the result probably isn't worth it for most attackers. (Source: zdnet.com)
Regardless, it's an indication that there are already major security problems with the web's newest browsers, and this last issue should keep both Microsoft and Mozilla busy for some time.
--
_________________ Vulcan's Forge v1 TWGS telnet://vulcansforge.homeip.net:2002 v2 TWGS telnet://vulcansforge.homeip.net:23 Forum and site down for now. my Email is vulcan219@comcast.net now
|
Sat Nov 25, 2006 5:06 am |
|
|
Cerne
Gameop
Joined: Sun Oct 08, 2006 2:00 am Posts: 991
|
I guess that is a good reason to use a different browser.... Just in case a hacker hacks a secure website I have already logged into at least once to get my password with a fake login page.
I have heard this only works on Friday the 13th, during a full moon.... ;o (if its raining AND I am using the password manager)
_________________ "All warfare is based on deception..." - Art of War "Time will tell all tales" - SG Any advanced tactic in TW is indistinguishable from cheating.
|
Sat Nov 25, 2006 7:22 am |
|
|
Singularity
Veteran Op
Joined: Thu Jun 02, 2005 2:00 am Posts: 5558 Location: USA
|
I belive this particular bug was already fixed in firefox. What's the release date of that vulnerability?
_________________ May the unholy fires of corbomite ignite deep within the depths of your soul...
1. TWGS server @ twgs.navhaz.com 2. The NavHaz Junction - Tradewars 2002 Scripts, Resources and Downloads 3. Open IRC chat @ irc.freenode.net:6667 #twchan 4. Parrothead wrote: Jesus wouldn't Subspace Crawl.
*** SG memorial donations via paypal to: dpocky68@booinc.com
|
Sat Nov 25, 2006 11:22 am |
|
|
Darkstarbase
Gameop
Joined: Wed Jun 07, 2006 2:00 am Posts: 241 Location: Daytona Beach, Florida
|
I NEVER use ANY password manager. But thanks for the info.
_________________ -=Darkstarbase TWGS=- http://www.darkstarbase.com telnet://darkstarbase.no-ip.org:23 Like us on Facebook http://facebook.com/darkstarbase
|
Sat Nov 25, 2006 2:00 pm |
|
|
Baited
Lieutenant
Joined: Sun Nov 07, 2004 3:00 am Posts: 588 Location: USA
|
Laff, that doesn't mean maxthon is any securer, the only reason why you don't hear stuff about it, is that its not popular, and most hackers want to affect the greatest amount of people possible. With that in mind, IE7 is still their primary target, but firefox is a close second. Anything is hackable, just depends on how long it will take the hacker to get past it.
|
Sat Nov 25, 2006 2:17 pm |
|
|
RexxCrow
Captain
Joined: Sat Jun 18, 2005 2:00 am Posts: 2214 Location: USA
|
You can disable the auto fill in field option as well; additionally, even if you don’t store passwords and personal information does not completely keep you safe from hackers and crackers, whom either gain admin access to well known sites or setup/fake a mock website or spoof a URL of their own. Of course I heard that many companies frequently toss personal information straight into their dumpsters and that executives frequently take home classified personal information on their laptops and disks to work on at home, I have heard of many cases where their home of vehicle was burglarized and these items were taken; there was a recent case involving an IRS officer having their district offices laptop and IRS ID badges taken from the trunk of their burglarized vehicle. Also, another issues is with disgruntled employees with access to these types of data and files, they can easily do lots of harm and frequently without anybody else’s knowledge.
_________________ Your reliance upon subjective IRM's, subjugates you through utter omission, obfuscation, and distortion of fact! Don't mess with me, I will 26 U.S.C. § 7212(a) your IRS!
|
Sat Nov 25, 2006 6:31 pm |
|
|
Vulcan
Gameop
Joined: Fri Sep 03, 2004 2:00 am Posts: 2041 Location: Acworth, Georgis USA
|
Singularity wrote: I belive this particular bug was already fixed in firefox. What's the release date of that vulnerability?
24-November 2006
Firefox 2, IE7 Login Exploit
by John Emerson on 20061124 @ 03:39PM EST | google it | send to friends
Channel: Windows | Infopackets Gazette | (related terms: password, login, hacker)
_________________ Vulcan's Forge v1 TWGS telnet://vulcansforge.homeip.net:2002 v2 TWGS telnet://vulcansforge.homeip.net:23 Forum and site down for now. my Email is vulcan219@comcast.net now
|
Sat Nov 25, 2006 10:47 pm |
|
|
|
|
Page 1 of 1
|
[ 7 posts ] |
|
Who is online |
Users browsing this forum: No registered users and 3 guests |
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum
|
|