1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spoofing warning for Firefox

Discussion in 'News' started by wagnerk, Jan 9, 2008.

  1. wagnerk
    Highly Decorated Member Award

    wagnerk aka kitkatninja Moderator

    10,831
    357
    341

    Spoofing warning for Firefox



    Users of Mozilla Firefox are vulnerable to phishing attacks because the pop-up dialogue box for password entry in the latest version of the web browser can be spoofed, a leading security researcher has warned.

    Aviv Raff claims a vulnerability in the way that Firefox displays authentication dialogs allows cyber criminals to obtain username and password information by deceiving users into thinking they are giving their details to a reliable source.

    For the rest of the article, see here.

    -ken
     
    Certifications: CITP, PGCert, BSc, HNC, LCGI, PTLLS, MCT, MCITP, MCTS, MCSE, MCSA:M, MCSA, MCDST, MCP, MTA, MCAS, MOS (Master), A+, N+, S+, ACA, VCA, etc... & 2nd Degree Black Belt
    WIP: PGDip
porta2_tags:

Comments

    1. greenbrucelee
      greenbrucelee
      I use FF but never allow it to remember my passwords nor would I ever let a browser do such a thing, I am too concerned about security to do that.

      Cheers for the info.
    2. Alex Wright
      Alex Wright

      I concur. It's never worth the risk no matter how small.
    3. tripwire45
      tripwire45
      The only place I store my passwords is in my head.
    4. greenbrucelee
      greenbrucelee
      yep its the only place you should store them, you can't be too careful.
    5. Theprof
      Theprof
      Thanks for the heads up. Also like GBL and Trip mentioned I don't like to save passwords in firefox, not safe at all.
    6. BosonMichael
      BosonMichael
      I also store my passwords in Trip's head; mine is out of space.
    7. zebulebu
      zebulebu
      I got so many of 'em I'm thinking of getting a fibre card put in the back of my head and plugging into a SAN when I go online
    8. wizard
      wizard
      You wouldn't want to store anything in my head, too many strange things going on in there :D
    9. tripwire45
      tripwire45
      Then stop complaining when I forget your passwords. You know I only have room for my own. :wink:
    10. BosonMichael
      BosonMichael
      I stopped complaining when you accidentally gave me your bank account password instead of mine. 8)
    11. tripwire45
      tripwire45
      Fortunately, I remembered your credit card information and used it for a shopping spree on Amazon so we're even. :wink:
    12. Fergal1982
      Fergal1982
      I use the head of a Thai hooker to store all my information. No risk of her misusing it though, she cant get to the computer from the cage in the cellar.

      On topic, GBL, you realise that the article says that they spoof the password box, they prompt you for a login name/password. They arent taking the password from the memory of the browser. They are making the users think that they have to enter their details to log in. It doesnt matter if you let FF save the details, since the entered details are being submitted to the address specified by the hackers.
    13. greenbrucelee
      greenbrucelee
      yes I know what you mean, when I login youtube or CF yes I am using the FF browser when I'm at home, but I have script enabled on FF (can't remember what it is) that will tell me if I've logged into a fake page its happened once when I was loggin into you tube.

      I have no password for FF itself.

      Edit: hopefully no scripts, and my anti phising software is working, I haven't had any problems yet.

    Share This Page