This is why I use Maxthon:


Firefox 2, IE7 Login Exploit
by John Emerson on 20061124 @ 03:39PM EST | google it | send to friends
Channel: Windows | Infopackets Gazette | (related terms: password, login, hacker)


   
The whole point of releasing Mozilla's Firefox 2 and Microsoft's Internet Explorer 7, aside from some flashy buttons and a few bucks for the makers, was to upgrade the security of each browser.

And although the first Firefox was heralded as a divinely secure gift from the web surfing Gods (in the wake of IE6's massive loopholes), both Firefox 2 and Internet Explorer 7 are reportedly susceptible to a new and potent login spoof, which gives hackers the ability to easily swipe passwords and other sensitive information.

    
    
    
   
    
Like Taking Candy From A Baby

According to security guru Robert Chapin, web criminals can phish for passwords by creating a forged login screen. Because Firefox's overly trustworthy Password Manager enters passwords into web forms by default, all the hacker needs to do is wait patiently as the information is plugged in. Once this is done, sensitive data can then be redirected back to the hacker. (Source: info-svc.com)

Thus far, the key to the hack is that the user must be revisiting a trusted website. That's the only way that a standard Password Manager -- found in either Mozilla or Microsoft -- will automatically re-enter login and password information without prompting the user to do so. Still, it's something even the average web surfer does every day, making the problem particularly concerning.

However, the potential for such a crime requires the hacker do a lot of work. He/she must first create a fake login on a website that users will visit, or hack into an already established and trusted web source in order to inject the fake login code. Either way, the result probably isn't worth it for most attackers. (Source: zdnet.com)

Regardless, it's an indication that there are already major security problems with the web's newest browsers, and this last issue should keep both Microsoft and Mozilla busy for some time.

--

I guess that is a good reason to use a different browser.... Just in case a hacker hacks a secure website I have already logged into at least once to get my password with a fake login page.

I have heard this only works on Friday the 13th, during a full moon.... ;o (if its raining AND I am using the password manager)

I belive this particular bug was already fixed in firefox. What's the release date of that vulnerability?

I NEVER use ANY password manager. But thanks for the info.

Laff, that doesn't mean maxthon is any securer, the only reason why you don't hear stuff about it, is that its not popular, and most hackers want to affect the greatest amount of people possible. With that in mind, IE7 is still their primary target, but firefox is a close second. Anything is hackable, just depends on how long it will take the hacker to get past it.

You can disable the auto fill in field option as well; additionally, even if you don’t store passwords and personal information does not completely keep you safe from hackers and crackers, whom either gain admin access to well known sites or setup/fake a mock website or spoof a URL of their own. Of course I heard that many companies frequently toss personal information straight into their dumpsters and that executives frequently take home classified personal information on their laptops and disks to work on at home, I have heard of many cases where their home of vehicle was burglarized and these items were taken; there was a recent case involving an IRS officer having their district offices laptop and IRS ID badges taken from the trunk of their burglarized vehicle.  Also, another issues is with disgruntled employees with access to these types of data and files, they can easily do lots of harm and frequently without anybody else’s knowledge.

24-November 2006
Firefox 2, IE7 Login Exploit
by John Emerson on 20061124 @ 03:39PM EST | google it | send to friends
Channel: Windows | Infopackets Gazette | (related terms: password, login, hacker)