Tuesday, November 21, 2006
Heads up, folks, this one is serious
If your web browser offers to "remember" passwords for you, it can also leak them to places on the web that you didn't intend.
This was first noticed in Firefox, and I gather it's possible but more difficult in Internet Explorer.
Bad guys can build web pages (and they already are) that request your username and password for the site you're on and then send it to another site. For several reasons, you're most likely to be attacked on a place that allows user-contributed content, for example MySpace.
Right now it's hard to defend yourself. There's no software patch yet to fix the vulnerability. The best advice anyone has is not to save passwords in your browser.
Details for your technical friends
|
This was first noticed in Firefox, and I gather it's possible but more difficult in Internet Explorer.
Bad guys can build web pages (and they already are) that request your username and password for the site you're on and then send it to another site. For several reasons, you're most likely to be attacked on a place that allows user-contributed content, for example MySpace.
Right now it's hard to defend yourself. There's no software patch yet to fix the vulnerability. The best advice anyone has is not to save passwords in your browser.
Details for your technical friends
# posted by Frederick @ 8:02 PM Email to a friend:
Haloscan: they provide trackback