Firefox 2/IE7: Beware Of Using Password Manager - Open Discussion & Free Web Hosting

Welcome Guest ( Log In | Register )

Open Discussion & Free Web Hosting » General Discussion » Computer Talk


	Web Hosting Guide

3 Pages

1 2 3 >

Firefox 2/IE7: Beware Of Using Password Manager

Options

miCRoSCoPiC^eaRt... miCRoSCoPiC^eaRthLinG View Member Profile	Nov 23 2006, 05:18 PM Post #1
PsYcheDeLiC dR3aMeR Group: Admin Posts: 2,248 Joined: 29-January 05 From: Bangkok, Thailand Member No.: 2,411 myCENTs:19.10	Those who are using Firefox 2 or IE7 might be at a risk of loosing their login credentials to various sites, if they're using the in-built Password Manager of either browsers. Apparently, Firefox 2 users are more at risk. The basic concept is, phishers can utilise spoofed URLs belonging to the same domain for which you'd saved login information to capture your login credentials when you try to login again. Apparently, none of the browsers check for the validity of the URLs prior to filling up the forms on the page - thus disclosing your credentials to spoofed pages (and consequently to the phishers) as long as the URLs are under the same recognised domain. Read more about this bug (??) .... QUOTE(theregister.co.uk) The latest versions of both Firefox and Internet Explorer are vulnerable to an unpatched flaw that allows hackers to snaffle users' login credentials via automated phishing attacks. The information disclosure bug affects the password manager in Firefox 2.0 and its equivalent in IE7. Firefox's Password Manager, for example, fails to properly check URLs before filling in saved user credentials into web forms. As a result, hackers might be able to swipe users credentials via malicious forms in the same domain, providing users have already filled out forms on this domain. Samples of attacks utilising the flaw have already been reported on MySpace. Firefox 2.0 users might be more at risk from the flaw because IE7 does not automatically fill in saved information. Security notification firm Secunia advises users to disable the "remember passwords for sites" option in their browsers pending the delivery of patches. Source: http://www.theregister.co.uk/2006/11/23/fake_login_flaw/ As for me I never trusted the browser based password managers and have always been using this tool called AI Roboform over the past 2 years. Never gave me a chance to complain

knight17 View Member Profile	Nov 23 2006, 05:35 PM Post #2
Advanced Member Group: Members Posts: 145 Joined: 6-October 05 Member No.: 8,941	Opera do not have any such problems it work flawlessly and efficiently.Both Internet Explorer 7 and Firefox 2.0 become vulnerable within weeks of their public release.As things get popular new security loop holes will be discovered, it is same for windows too.

Mark420 View Member Profile	Nov 23 2006, 06:00 PM Post #3
The Modernator Group: Members Posts: 486 Joined: 6-August 06 From: The Interweb! Member No.: 15,021	LOL!!! Yet another bug in Firefox hahahah when are people going to stop jumping on the Firefox bandwagon? Get a decent browser FFS!!! www.opera.com

xboxrulz View Member Profile	Nov 23 2006, 10:00 PM Post #4
Colonel Panic Group: [MODERATOR] Posts: 3,050 Joined: 25-March 05 From: Toronto, Ontario, Canada Member No.: 3,233 myCENTs:62.45	Opera's not invisible either. I never use the password manager, I hate this technology btw. xboxrulz

Quatrux View Member Profile	Nov 24 2006, 05:24 AM Post #5
the Q Group: [HOSTED] Posts: 1,307 Joined: 13-July 05 From: Lithuania, Vilnius Member No.: 7,059 myCENTs:30.66	I always use the Opera password manager, for me personally it is very useful. I am the only one who am using my computer and every time I visit a site I just push ctrl+enter and thats all, I get logged in into any of the sites I saved the password and it is so easy, you log in the for the first time and the browser ask you to remember or not now and you can choose for the entire domain or only for that page.. Moreover, if the site has two account, say usually like google, gmail, adsense, I just need to choose which username to use. For me it is one of the most useful tools in the browser. And I usually logout/signout from any site. I just don't like, for example, when I reinstall windows and the password manager again is empty, even though it was a long time ago.. I don't like to do all over again to save the session. But one bad thing about password managers is that it really is much easier to forget the username+password you're using. I have about 4-5 main passwords usually with the same username, but sometimes I just forget where which one I use, due to the password manager usage, that is why I am using the great program KeePass, to save all my passwords and of course if I ever have a computer failure, I have them somewhere on my notes The bad things about having passwords on a note, you leave the paper on your desk or something like that and invite some friend to your house for a beer or something and usually they can see it if they will want to, that is why it is better to keep them in a save place.

Jimmy89 View Member Profile	Nov 24 2006, 12:12 PM Post #6
Living at the Datacenter Group: [HOSTED] Posts: 711 Joined: 30-June 06 From: Australia Member No.: 14,219 myCENTs:27.01	Thanks for the tip! i have never trusted the built in password managers - as a matter of fact, i've never really trusted any type of password managers. You can never trust computers with confidential information like passwords and card numbers!

toby View Member Profile	Nov 24 2006, 01:49 PM Post #7
Super Member Group: Members Posts: 611 Joined: 29-September 06 Member No.: 16,228	I love this love for Opera. Theres only two or three places where I need it(because it logs me out, sessions), but I still store a lot in there. Though 9.00 and 9.01 weren't around for long, I went from 8.5-something to 9.02.

CaptainRon View Member Profile	Nov 24 2006, 03:25 PM Post #8
Premium Member Group: Members Posts: 238 Joined: 9-September 05 Member No.: 8,400	hmm... this is scary! blog sites will be the worst affected domains. any site that lets you customize itself is at risk i guess.

WeaponX View Member Profile	Nov 24 2006, 06:20 PM Post #9
Way Out Of Control - You need a life :) Group: Members Posts: 1,086 Joined: 21-June 05 From: New York Member No.: 6,440 myCENTs:86.41	I'm also not a fan of these browsers that have these password managers built-in. But I have actually used them recently due to the time it saves me having to remember all my usernames and passwords for sites I visit a lot. I remember trying out AI Roboform as it's become very popular but it didn't support Opera. I didn't know it supported Firefox either (maybe just recently). Just did a search and see that they have the extension for it on their site. Switching back and forth on Opera and Firefox as I love both browsers Firefox has an extension called SpoofStick but I don't think the author updated it to support more recent Firefox versions. Found another one called Petname Tool that will help users avoid those phishing/scam sites. This should users help weed out those suspicious looking sites.

xboxrulz View Member Profile	Nov 25 2006, 12:56 AM Post #10
Colonel Panic Group: [MODERATOR] Posts: 3,050 Joined: 25-March 05 From: Toronto, Ontario, Canada Member No.: 3,233 myCENTs:62.45	It's best to never write down passwords or even store them in your computer. It's best to commit it to memory. xboxrulz

« Next Oldest · Computer Talk · Next Newest »

3 Pages

1 2 3 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum