miCRoSCoPiC^eaRthLinG
Nov 23 2006, 05:18 PM
Those who are using Firefox 2 or IE7 might be at a risk of loosing their login credentials to various sites, if they're using the in-built Password Manager of either browsers. Apparently, Firefox 2 users are more at risk. The basic concept is, phishers can utilise spoofed URLs belonging to the same domain for which you'd saved login information to capture your login credentials when you try to login again. Apparently, none of the browsers check for the validity of the URLs prior to filling up the forms on the page - thus disclosing your credentials to spoofed pages (and consequently to the phishers) as long as the URLs are under the same recognised domain. Read more about this bug (??) .... QUOTE(theregister.co.uk) The latest versions of both Firefox and Internet Explorer are vulnerable to an unpatched flaw that allows hackers to snaffle users' login credentials via automated phishing attacks. The information disclosure bug affects the password manager in Firefox 2.0 and its equivalent in IE7. Firefox's Password Manager, for example, fails to properly check URLs before filling in saved user credentials into web forms. As a result, hackers might be able to swipe users credentials via malicious forms in the same domain, providing users have already filled out forms on this domain. Samples of attacks utilising the flaw have already been reported on MySpace. Firefox 2.0 users might be more at risk from the flaw because IE7 does not automatically fill in saved information. Security notification firm Secunia advises users to disable the "remember passwords for sites" option in their browsers pending the delivery of patches. Source: http://www.theregister.co.uk/2006/11/23/fake_login_flaw/As for me I never trusted the browser based password managers and have always been using this tool called AI Roboform over the past 2 years. Never gave me a chance to complain 
Comment/Reply (w/o sign-up)
knight17
Nov 23 2006, 05:35 PM
Opera do not have any such problems it work flawlessly and efficiently.Both Internet Explorer 7 and Firefox 2.0 become vulnerable within weeks of their public release.As things get popular new security loop holes will be discovered, it is same for windows too.
Comment/Reply (w/o sign-up)
Mark420
Nov 23 2006, 06:00 PM
LOL!!! Yet another bug in Firefox hahahah when are people going to stop jumping on the Firefox bandwagon? Get a decent browser FFS!!! www.opera.com
Comment/Reply (w/o sign-up)
xboxrulz
Nov 23 2006, 10:00 PM
Opera's not invisible either. I never use the password manager, I hate this technology btw. xboxrulz
Comment/Reply (w/o sign-up)
Quatrux
Nov 24 2006, 05:24 AM
I always use the Opera password manager, for me personally it is very useful. I am the only one who am using my computer and every time I visit a site I just push ctrl+enter and thats all, I get logged in into any of the sites I saved the password and it is so easy, you log in the for the first time and the browser ask you to remember or not now and you can choose for the entire domain or only for that page.. Moreover, if the site has two account, say usually like google, gmail, adsense, I just need to choose which username to use. For me it is one of the most useful tools in the browser. And I usually logout/signout from any site.  I just don't like, for example, when I reinstall windows and the password manager again is empty, even though it was a long time ago.. I don't like to do all over again to save the session. But one bad thing about password managers is that it really is much easier to forget the username+password you're using. I have about 4-5 main passwords usually with the same username, but sometimes I just forget where which one I use, due to the password manager usage, that is why I am using the great program KeePass, to save all my passwords and of course if I ever have a computer failure, I have them somewhere on my notes The bad things about having passwords on a note, you leave the paper on your desk or something like that and invite some friend to your house for a beer or something and usually they can see it if they will want to, that is why it is better to keep them in a save place. 
Comment/Reply (w/o sign-up)
Jimmy89
Nov 24 2006, 12:12 PM
Thanks for the tip! i have never trusted the built in password managers - as a matter of fact, i've never really trusted any type of password managers. You can never trust computers with confidential information like passwords and card numbers!
Comment/Reply (w/o sign-up)
toby
Nov 24 2006, 01:49 PM
I love this love for Opera. Theres only two or three places where I need it(because it logs me out, sessions), but I still store a lot in there. Though 9.00 and 9.01 weren't around for long, I went from 8.5-something to 9.02.
Comment/Reply (w/o sign-up)
CaptainRon
Nov 24 2006, 03:25 PM
hmm... this is scary! blog sites will be the worst affected domains. any site that lets you customize itself is at risk i guess.
Comment/Reply (w/o sign-up)
WeaponX
Nov 24 2006, 06:20 PM
I'm also not a fan of these browsers that have these password managers built-in. But I have actually used them recently due to the time it saves me having to remember all my usernames and passwords for sites I visit a lot. I remember trying out AI Roboform as it's become very popular but it didn't support Opera. I didn't know it supported Firefox either (maybe just recently). Just did a search and see that they have the extension for it on their site. Switching back and forth on Opera and Firefox as I love both browsers Firefox has an extension called SpoofStick but I don't think the author updated it to support more recent Firefox versions. Found another one called Petname Tool that will help users avoid those phishing/scam sites. This should users help weed out those suspicious looking sites.
Comment/Reply (w/o sign-up)
xboxrulz
Nov 25 2006, 12:56 AM
It's best to never write down passwords or even store them in your computer. It's best to commit it to memory. xboxrulz
Comment/Reply (w/o sign-up)
Arbitrary
Dec 15 2006, 03:46 AM
QUOTE I use about 6 or so different passwords, so if I loose one, I don't loose security in everything I do online. I use several different passwords as well, but I tend to divide my passwords among the sites. For instance, if I find a site to be important, say my Gmail account, then I give it a secure password that I don't reuse. But if I find that I don't care about what I do on a site or that my identity is not at stake, then I just give it one of my regular passwords. Also, after the recent switch away from password managers, I've discovered that it's a lot easier now to recall passwords when I'm away from my computer. Before whenever I was at school trying to log in to some account, I'd always forget the password and try digging through my email for it. But now, no such thing happens anymore. Ahh, the wonders of breaking away from a bad dependency. XD
Comment/Reply (w/o sign-up)
beatgammit
Dec 13 2006, 09:13 PM
I never use any kind of password remembering software or write anything down. For every website I go to, I can either reset my password or have them send it to me. I don't want to risk getting my passwords stolen, but I have taken measures to reduce the effects of them getting my password. I use about 6 or so different passwords, so if I loose one, I don't loose security in everything I do online. I live with a couple of roommates, and they swear by the password remembering thing. I can't stand this, because if they don't type it in every time, they will not remember it. They are limited in their passwords because they do not use them everyday. They would be left rather helpless if they had to use somebody else's computer because they wouldn't know their passwords. This is why I use a variety of passwords and do not write them down or have any programs store this information. I don't trust Microsoft (that is what I use mostly)
Comment/Reply (w/o sign-up)
Arbitrary
Dec 8 2006, 12:35 AM
QUOTE
So if you have to do the final submission to login, so I don't see why password managers are bad!
But let's say you visit a site that doesn't have good intentions (aka a phishing site) and they decide to get the passwords from your password manager. If the browser were secure, then these sites should be unable to retrieve your password. However, if the browser were poorly designed, then the site might be able to get a list of your passwords when you submit a form on the site. That's why password managers are problems--they leave all your passwords out in the open instead of just one if you get tricked to visit and fill out a form at a phishing site. Ex: Let's say there's a phishing site built similar to Gmail. You go there, thinking it is Gmail and fill out your Gmail username and password. If the password manager was secure, you'd only be giving the phishing site your Google username and password. However, if the password manager was insecure, you'd not only be giving away your Google username and password, you'd also give away all other usernames and passwords inside your password manager. Which makes the problem a lot worse. EDIT: Does anyone here know if the Gmail manager is a secure extension? I've been using that for quite some time and it has proved to be very useful for me. However, I'm not sure if I should continue using it because of its security. It is, after all, run by a third party, and one can never figure out their intentions. I'm inclined to say it has positive intentions, but I'll never know....
Comment/Reply (w/o sign-up)
Quatrux
Dec 4 2006, 06:22 PM
QUOTE(seec77 @ Dec 3 2006, 11:37 PM) 
Well, from what I've understood, Opera pastes the username/password only if you press a key combination of Ctrl+Enter. On Firefox, the moment that you browse to a site it finds in its password manager, the login fields get automatically filled out. You have to do the final act of logging in by yourself, though. If you have numeral users in your password manager, you will have to fill out the username field yourself, and it will fill in the password automatically for entries it recognizes.
So if you have to do the final submission to login, so I don't see why password managers are bad! Say you got to a page which wants to steal your password as been said, not ../login.html but ../login_x.html, you don't see it, you write the username and password yourself and push the login/submit button, your password is taken by someone, whola! a password manager, just fills the form with your username and password, you do the same, push the submit/login button and whola, your password is taken. The only difference is that using a password manager is much faster, you and only you yourself need to know where you login and it is not a password manager fault, it is just a program written for you to make your life easier, more simple.
Comment/Reply (w/o sign-up)
HellFire121
Dec 4 2006, 07:53 AM
I use the opera password manager for some of the sites that i don't care if i lose my password or i need a quick login. The password is encrypted and you can choose if you want to save the password for just that page, the whole server or never. It's a handy feature and in my opinion opera's version is pretty secure. I've never had any passwords leaked or hacked plus you can set a master password each time you want to access the password manager/fill out a login form. -HellFire
Comment/Reply (w/o sign-up)
Similar Topics
Keywords : firefox, 2, and, ie7, beware, built, password, manager
- E-mail - Firefox
(6)
Load Firefox Faster
(1) I've been researching how to load firefox faster. So better follow this steps: 1. Go to the
schortcut of firefox and click on it. 2. Then put this in the target tab /Prefetch:1 so the line
will look like this : C:\Program Files\Mozilla Firefox\firefox.exe" /Prefetch:1 Note: use space
between exe" and /prefetch:1 It really works on me.....
Firefox Updated To FX Ver 2.0.0.1
Just today ... 12/20/2006 (6) For those who are using Firefox 2.0, there is an update reccomendation issued today for some fixes
to the Firefox Browser. Head over to the Download site and install a new version to have the fixes
added to your copy. http://www.firefox.com ....
Make Sure, Your Name Will Be There On Firefox 2 Wall
Share Firefox with your friend. If your friend downloads Firefox befor (7) We all love Firefox, then Share Firefox with your friend. If your friend downloads Firefox before
September 15, you’ll both be immortalized in Firefox 2!! Make Sure, your name will be there
on Firefox 2 Wall!! Check it out friends!! www.worldfirefoxday.com/en/ Its great idea from
Mozilla Foundation na!! /laugh.gif" style="vertical-align:middle" emoid=":lol:" border="0"
alt="laugh.gif" /> Well some of you, may already noticed some small Orange color button on
Firefox Start page ! Just click on that to find out more! Become a Friend of Fire....
Firefox Or IE (New Version): Which One Is Better?
Which one is better? (71) Ok, as the title says which one is better???? The new IE version has navigation by tabs and stuff
like Firefox Firefox is kinda same Which one is better? In my opinion IE tried to copy Firefoz This
Time....
Firefox Update
Anyone else having trouble with Flash player now? (12) I recently updated Firefox, my favorite browser. Now, it will not install the flash player.
Didn't notice if it was when Adobe picked up Macromedia or if it's the Firefox update.
Anyone else having similar problems?....
What Is Firefox ?
(2) what is Firefox? A friend was telling me about it and I'm just trying to get a little more
educated.....
Ie Tips: To Delete Lost Supervisor Password
(1) Microsoft Internet Explorer Tips and Tricks To delete lost Supervisor password 1- click Start menu
> Run > and type “regedit” in dialog box to run Windows Registry Editor 2- find and go to following
key “HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies” 3- Delete the
Ratings key To remove toolbars click Start menu > Run > and type “regedit” in dialog box to run
Windows Registry Editor Find and go to following: • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Toolbar • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explore....
Make Firefox Look Like Internet Explorer
(12) hi Now you can make Firefox look like Internet Explorer!!? /cool.gif' border='0'
style='vertical-align:middle' alt='cool.gif' /> Here is screen shot
http://johnhaller.com/jh/mozilla/firefox_i...rer/screenshot/ just go to below website and follow
steps http://johnhaller.com/jh/mozilla/firefox_internet_explorer/ /cool.gif' border='0'
style='vertical-align:middle' alt='cool.gif' /> ....
Why You Should Use Firefox...
Disscussion & why you should use firefox (6) Why You Should Use Mozilla Firefox... 1. Great Popup Blocking /smile.gif' border='0'
style='vertical-align:middle' alt='smile.gif' /> 2. Tabs To Open Multiple Web Pages In One Window!
/biggrin.gif' border='0' style='vertical-align:middle' alt='biggrin.gif' /> 3. Customize Icons &
It's Look With Themes /ohmy.gif' border='0' style='vertical-align:middle' alt='ohmy.gif' />
4. Search Box Built In For Searching Google, Yahoo!, Alexa, Ebay, Merriam Webster, & Much Much More!
/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif' /> 5. Dow....
How To Disable Password Expiration (xp)
Windows XP (8) How to Disable Password Expiration By default, In Windows XP passwords have an expiration date and
Windows XP user Passwords will expire after 42 days, and when you try to log on, Windows XP display
below message: "Your password will expire in 14 days.....". To disable Password Expiration: Go to
Control Panel > Performance and Maintenance > Administrative Tools > Computer Management or Click
Start > Run > and type control userpasswords2 and click OK to run User Accounts Click the advanced
tab, and then press the advanced button. Select Users in the Local Users and ....
Assign Keyword To Firefox Bookmarks
just type a word in addressbar (3) Assign keyword to Firefox bookmarks You can assign keywords to Firefox bookmarks Click on
bookmarks menu > right click on your favorite bookmark > select properties In dialog box in the
Keyword field, enter the keyword you want, for example: Asta In address bar type keyword instead of
the site address and press Enter and enjoy! /cool.gif' border='0' style='vertical-align:middle'
alt='cool.gif' /> ....
Modem Missing In Device Manager
(8) Hi, I usually don't have problems like this, but this one has got me stumped (at least for the
time being). I was trying to see what was the problem with this computer (it's my mom's
co-worker's PC) that's not allowing it to go online. They said it's been like this for
months already so I went by today and took a look at it. I did everything including remove the
spyware which I hope was preventing them from going online, but to no avail. I then thought about
removing the modem drivers via the Device Manager and did so. Restarted and it didn&#....
Batch Challenge
Find the password in the file (Easy) (18) Astahost I have fallen into the likeing of Hacking Challenges and made my own. Its very easy if you
know how to edit batch files. Please do not give to many hints and please if you find the password
in the file PM me it and do not post it here. Ill edit this post with the names of people who have
completed the challenge. Now for the file Challenge Good Luck People who have completed my
challenge Jipman vizskywalker Dragon5225 Moonwitch wanhafizi Philywiskaz overture
runefantasy operator goose ....
Several Homepages ( Your Favorites) In Firefox
(3) How to make several homepages ( your favorites) in FireFox if you are perofesonal internet user and
read news,weather every morning you can make several hompages for your browser (firefox), for this
just: go to Tools >> Options ,click on «General »; in HomePage Click on «use current page ». now
if you press Home botton,firefox will open your favorites.....
Looking for firefox, 2, and, ie7, beware, built, password, manager
|
See Also,
*SIMILAR VIDEOS*
Searching Video's for firefox, 2, and, ie7, beware, built, password, manager
|
advertisement
|
|
