Have a suggestion?

Click here to suggest a blog item.

Newsletters Archive

Catch up with DonationCoder by browsing our past newsletters, which collect the most interesting discussions on our site: here.

Editorial Integrity

DonationCoder does not accept paid promotions. We have a strict policy of not accepting gifts of any kind in exchange for placing content in our blogs or newsletters, or on our forum. The content and recommendations you see on our site reflect our genuine personal interests and nothing more.

Latest News

July 2, 2024
Server Migrations Coming

  • Donationcoder server migration is slowly proceeding, expect some hiccups as we get all our ducks in a row..

July 19, 2022
Software Update

Jan 3, 2022
Event Results

May 13, 2020
Software Updates

Mar 24, 2020
Mini Newsletter

Dec 30, 2019
Software Updates

Jan 22, 2020
Software Updates

Jan 12, 2020
Newsletter

Jan 3, 2020
Event Results

Jan 2, 2020
Software Updates

Dec 30, 2019
Software Updates

April 27, 2019
Software Updates

Feb 26, 2019
Software Updates

Feb 23, 2019
Software Updates

Feb 14, 2019
Software Updates

Jan 6, 2019
Event Results

Dec 2, 2018
Software Updates

Nov 13, 2018
Software Releases

July 30, 2018
Software Updates

June 24, 2018
Software Updates

June 6, 2018
Software Updates

Apr 2, 2018
Fundraiser Celebration

Apr 2, 2018
Software Updates

Feb 24, 2018
Software Updates

Jan 14, 2018
Major Site News

Jan 10, 2018
Event Results

Latest Forum Posts
Computer Shopper Magazine say give it a try
Give Find and Run Robot a try, and you'll never spend more than a few seconds looking for anything on your PC again.

Read more…

A. Safford in Computer Shopper Magazine
A. Safford in Computer Shopper Magazine image

Our daily Blog

This page spotlights the most interesting posts collected from our forum every day.

You are viewing a specific blog item. Click here to return to the main blog page.

Firefox form filler vulnerability - definitely watch out for this one

Screenshot - 11_23_2006 , 8_38_19 PM_thumb.png
Yikes!

We reported back in October that a phishing attack had hit MySpace, creating fake login forms that looked like the real thing. These appeared on 3000 profile pages, according to Mashable Labs. They worked by using MySpace’s popular html editing features (an essential part of the MySpace layouts craze) to display a login form - once you’d entered your login details, the creators could hijack your profile page, creating another fake login form and sending out spam bulletins. What’s more, we noted briefly that Firefox identified these as real MySpace login pages, and automatically filled in your details.

Now CNET and others are picking up on the story, pointing out that this is a major flaw with the Firefox Password Manager. The flaw affects both Mozilla Firefox and Internet Explorer 7, but it’s being said that Firefox is more vulnerable. Firefox sees “http://www.myspace.com” in the address bar and assumes that the form is a genuine MySpace login page - it doesn’t check, however, where the login details are sent to once you submit them. But what’s even more worrying is that this can be done without a visible login form: a site can hide the login form from view, and have the details automatically submitted when you click a link. Mozilla are working on a fix, but for now the solution is not to use the Password Manager to remember your passwords.

http://mashable.com/...lights-firefox-flaw/

posted by mouser donate to mouser
(permalink) (read 1 comment)


Share on Facebook
submit to reddit