| Author |
Message |
K'
You can win any war if you start a year early
Gender:
Joined: Jul 13 2006
Posts: 271
Location: Southtown
Offline
|
 Posted: Thu Nov 23, 2006 12:12 pm Post maybe stupid Post subject: IE and Firefox blighted by fake login flaw |
 |
 |
|
|
Source.
| Quote: |
MyPhish.com
By John Leyden ג†’ More by this authorPublished Thursday 23rd November 2006 14:02ֲ GMTGet The Register's new weekly newsletter for senior IT managers delivered to your inbox, click here. The latest versions of both Firefox and Internet Explorer are vulnerable to an unpatched flaw that allows hackers to snaffle users' login credentials via automated phishing attacks.
The information disclosure bug affects the password manager in Firefox 2.0 and its equivalent in IE7. Firefox's Password Manager, for example, fails to properly check URLs before filling in saved user credentials into web forms. As a result, hackers might be able to swipe users credentials via malicious forms in the same domain, providing users have already filled out forms on this domain.
Samples of attacks utilising the flaw have already been reported on MySpace. Firefox 2.0 users might be more at risk from the flaw because IE7 does not automatically fill in saved information. Security notification firm Secunia advises users to disable the "remember passwords for sites" option in their browsers pending the delivery of patches.
This so-called reverse cross-site request flaw was discovered by security researcher Robert Chapin, who explains the issue in greater depth in an advisory here. ® |
|
|
| Back to top |
|
 |
Maverick
Age:40
Gender:
Joined: Feb 26 2005
Posts: 1521
Location: The Netherlands
Offline
|
| Posted: Thu Nov 23, 2006 4:11 pm Post maybe stupid Post subject: |
|
|
|
|
ouch that sucks 
I'm using FF's password manager 
_________________
|
|
| Back to top |
|
|
Quan Chi2
Member of "Sexy Teenagers that Code" Group
Age:34
Gender:
Joined: Mar 25 2005
Posts: 860
Location: NYC
Offline
|
| Posted: Sat Nov 25, 2006 6:21 pm Post maybe stupid Post subject: |
|
|
|
|
| Oh my god that's awesome. Nice find. |
|
| Back to top |
|
|
daresay
Newbie
Joined: Nov 24 2006
Posts: 8
Offline
|
| Posted: Sun Nov 26, 2006 3:34 am Post maybe stupid Post subject: |
|
|
|
|
| Anything that fucks with myspace emokids is okay in my book. |
|
| Back to top |
|
|
Animate Dreams
Gotta buy them all!
(Consumer whore)
Age:37
Gender:
Joined: May 01 2004
Posts: 821
Location: Middle Tennessee
Offline
|
| Posted: Sun Nov 26, 2006 11:53 pm Post maybe stupid Post subject: |
|
|
|
|
Hmm.
I have a list of about 400 Myspace passwords from this VERY same exploit.
Not my own endeavors, but I have the list anyway. |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Statistics
Register
Profile
Login to check your private messages
Login
TT bug 
