Saturday, September 06, 2008

View your online banking records without your password 

This is a good example of how a simple feature change can create a security issue, and why security features that seem unnecessary can be important in practice.

Google's Chrome browser has a feature I've dreamed of for a long time. You can search the text of pages you've visited before. If you remember that you looked at a great recipe using arugula but can't remember where you found it, you can type "arugula" into Chrome's do-everything bar and it will find the page in your history with the word "arugula" in it. Nifty. Useful.

OK, but what about your online banking activity? It turns out that if you search for words like "balance" or "Visa" you'll bring up copies of pages that your online bank showed you, with potentially sensitive information on them. Humphrey Cheung reports on Chrome indexing banking records. You can't transfer money or anything like that, but it's an information leak.

If you want your banking activity to be confidential from other users of your computer, there is an answer. Use Chrome's "incognito" window, which turns off storing pages into your history. This is a good idea for any security-sensitive activity.

Also, turn off Chrome's autosuggest feature if you don't want Google to know everything you type into the do-everything bar.


This page is powered by Blogger. Isn't yours?