 |
16-12-2008, 10:37 PM
|
#1 (permalink)
|
|
TheSaint
Join Date: Jun 2004
Location: Antigua
Posts: 3,447
|
Calling all Fanboys (of all shapes and sizes) :D
Major Web browsers fail password protection tests
Source: http://blogs.zdnet.com/security/?p=2305
Test: http://www.info-svc.com/news/2008/12-12/
That nifty password management feature in your favorite Web browser could be helping identity thieves pilfer your personal data.
That’s the biggest takeaway from the results of this test which shows that all the major Web browsers — including IE, Firefox, Opera, Safari and Chrome — are vulnerable to a total of 20 vulnerabilities that could expose password-related information. Among the problems are three in particular that, when combined, allow password thieves to take passwords without the user’s knowledge.
Read On........
__________________
http://www.neville.in
http://www.linuxrocks.in
"The Future Is Open"
|
|
|
|
Advertisements. Register and be a member of the community to get rid of them.
|
|
Advertisement
|
|
|
16-12-2008, 10:40 PM
|
#2 (permalink)
|
|
AFK
Join Date: Oct 2006
Location: Bombay
Posts: 1,599
|
Re: Calling all Fanboys (of all shapes and sizes) :D
Now thats a major loop hole 
|
|
|
|
|
16-12-2008, 10:41 PM
|
#3 (permalink)
|
|
Broken In
Join Date: Jul 2008
Posts: 140
|
Re: Calling all Fanboys (of all shapes and sizes) :D
Never used the feature 
|
|
|
|
|
16-12-2008, 10:57 PM
|
#4 (permalink)
|
|
Juke Box Hero
Join Date: Aug 2007
Posts: 1,204
|
Re: Calling all Fanboys (of all shapes and sizes) :D
My Firefox results are one up theirs 
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.4) Gecko/2008111217 Fedora/3.0.4-1.fc10 Firefox/3.0.4
Quote:
Test Performed Result
Action Authority Checked on Retrieval PASSED
Action Authority Checked on Save PASSED
Action Authority Raises Warnings FAILED
Action Path Checked on Retrieval FAILED
Action Path Checked on Save FAILED
Action Scheme Checked on Retrieval PASSED
Action Scheme Checked on Save PASSED
Action Scheme Raises Warnings FAILED
Action Scheme Prevented if Unsafe FAILED
Autocomplete=Off Prevents Form Fills PASSED
Invisiblility Prevents Form Fills FAILED
Method Checked on Retrieval FAILED
Method Raises Warnings FAILED
Multiple Paths Per User Per Authority FAILED
Multiple Ports Per User Per Host PASSED
Multi. Schemes Per User Per Authority PASSED
Page Path Checked on Retrieval FAILED
Random Name Attr. Prevents Form Fills FAILED
User Required for PW Retrieval FAILED
User Required for PW Save FAILED
Valid URIs Don't Break Anything PASSED
|
|
|
|
|
|
16-12-2008, 11:05 PM
|
#5 (permalink)
|
|
.
Join Date: Aug 2008
Location: Guwahati
Posts: 2,485
|
Re: Calling all Fanboys (of all shapes and sizes) :D
I never use the passmng feature. Hope devs fix it soon
__________________
| Steam: jojothedragon | Origin : jojothedragon | PSN : jojothedragon |
TDF @ Steam
Get 2GB of free cloud space : http://db.tt/OJKPcZnY
|
|
|
|
|
17-12-2008, 02:03 AM
|
#6 (permalink)
|
|
You gave been GXified
Join Date: Jan 2007
Location: New Delhi
Posts: 5,633
|
Re: Calling all Fanboys (of all shapes and sizes) :D
I use something full proof for my passwords. My Brain, that is impossible to hack I guess
__________________
about.me/gxsaurav
|
|
|
|
|
17-12-2008, 02:24 AM
|
#7 (permalink)
|
|
MMO Addict
Join Date: Jul 2004
Location: Bangalore
Posts: 1,474
|
Re: Calling all Fanboys (of all shapes and sizes) :D
I use secure login extension for FF which does not fill up login boxes automatically when the page loads.
Quote:
* Prevents malicious JavaScript code to automatically steal your login data.
* Provides an option to protect your login data from all JavaScript code during login.
* Can prevent cross-site scripting (XSS) attacks to steal your passwords without having to deactivate JavaScript.
* Helps to protect you from phishing.
|
|
|
|
|
|
17-12-2008, 08:06 AM
|
#8 (permalink)
|
|
Wahahaha~!
Join Date: Dec 2006
Location: Pune/there
Posts: 7,686
|
Re: Calling all Fanboys (of all shapes and sizes) :D
i just disable scripts globally and enable it for known site only
|
|
|
|
17-12-2008, 08:22 AM
|
#9 (permalink)
|
|
God of Mistakes...
Join Date: Dec 2005
Location: Pune, Maharashtra
Posts: 1,923
|
Re: Calling all Fanboys (of all shapes and sizes) :D
Quote:
Originally Posted by gxsaurav
I use something full proof for my passwords. My Brain, that is impossible to hack I guess
|
Social engineering ? 
|
|
|
|
|
18-12-2008, 07:51 AM
|
#10 (permalink)
|
|
Techtree Reviewer
Join Date: Nov 2007
Location: Mumbai
Posts: 2,190
|
Re: Calling all Fanboys (of all shapes and sizes) :D
Quote:
Originally Posted by gxsaurav
I use something full proof for my passwords. My Brain, that is impossible to hack I guess
|
You meant fool proof, didn't you?
|
|
|
|
|
18-12-2008, 08:14 AM
|
#11 (permalink)
|
|
MMO Addict
Join Date: Jul 2004
Location: Bangalore
Posts: 1,474
|
Re: Calling all Fanboys (of all shapes and sizes) :D
^^ haha lol.. brain hacked!
|
|
|
|
|
18-12-2008, 04:32 PM
|
#12 (permalink)
|
|
The Smaller Bang
Join Date: Sep 2007
Location: Gautham City
Posts: 7,492
|
Re: Calling all Fanboys (of all shapes and sizes) :D
^^ROFL 
Are these flaws valid on linux ? And yeah, I use cookies to remember password. Not browser.
__________________
http://TheSmallerBang.wordpress.com
eMachines E725 - T4400 2.2GHz, 1GB, 160GB
Nokia 5130XM * T-Sonic 610 2GB
Nokia 2323C * Samsung Galaxy Y
Apple iPad 2 16GB WiFi
|
|
|
|
|
18-12-2008, 06:06 PM
|
#13 (permalink)
|
|
Broken In
Join Date: Jul 2008
Posts: 140
|
Re: Calling all Fanboys (of all shapes and sizes) :D
Quote:
Originally Posted by MetalheadGautham
^^ROFL
Are these flaws valid on linux ? And yeah, I use cookies to remember password. Not browser. |
Test yourself
|
|
|
|
|
18-12-2008, 06:25 PM
|
#14 (permalink)
|
|
The Smaller Bang
Join Date: Sep 2007
Location: Gautham City
Posts: 7,492
|
Re: Calling all Fanboys (of all shapes and sizes) :D
^^In final few steps and I feel sleepy and irritated. DAMN you NucleusKore. Did you have to give such a stupidly loooooooooooooooooooooooooooooong test to spoil my day ?
wooooooooosh... yeah, here it goes:
Code:
Report
Test Performed Result
Action Authority Checked on Retrieval PASSED
Action Authority Checked on Save PASSED
Action Authority Raises Warnings FAILED
Action Path Checked on Retrieval FAILED
Action Path Checked on Save FAILED
Action Scheme Checked on Retrieval PASSED
Action Scheme Checked on Save PASSED
Action Scheme Raises Warnings FAILED
Action Scheme Prevented if Unsafe FAILED
Autocomplete=Off Prevents Form Fills PASSED
Invisiblility Prevents Form Fills FAILED
Method Checked on Retrieval FAILED
Method Raises Warnings FAILED
Multiple Paths Per User Per Authority FAILED
Multiple Ports Per User Per Host PASSED
Multi. Schemes Per User Per Authority PASSED
Page Path Checked on Retrieval FAILED
Random Name Attr. Prevents Form Fills FAILED
User Required for PW Retrieval FAILED
User Required for PW Save FAILED
Valid URIs Don't Break Anything PASSED
I never liked password save function anyway, nor did I ever consider using it.
__________________
http://TheSmallerBang.wordpress.com
eMachines E725 - T4400 2.2GHz, 1GB, 160GB
Nokia 5130XM * T-Sonic 610 2GB
Nokia 2323C * Samsung Galaxy Y
Apple iPad 2 16GB WiFi
Last edited by MetalheadGautham; 18-12-2008 at 06:29 PM.
Reason: Automerged Doublepost
|
|
|
|
|
18-12-2008, 07:01 PM
|
#15 (permalink)
|
|
Wahahaha~!
Join Date: Dec 2006
Location: Pune/there
Posts: 7,686
|
Re: Calling all Fanboys (of all shapes and sizes) :D
cookie monster on stroll !
|
|
|
|
| Thread Tools |
|
|
| Display Modes |
 Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
|
