A Finnish hacker by the name of Viljami Kuosmanen has exposed a new type of phishing attack that utilizes a web browsers ability to autofill text fields to get personal information. The Guardian has details:
The phising attack is brutally simple. Kuosmanen discovered that when a user attempts to fill in information in some simple text boxes, such as name and email address, the autofill system, which is intended to avoid tedious repetition of standard information such as your address, will input other profile-based information into any other text boxes – even when those boxes are not visible on the page.
It means that when a user inputs seemingly innocent, basic information into a site, the autofill system could be giving away much more sensitive information at the same time should the user confirm the autofill. Chrome’s autofill system, which is switched on by default, stores data on email addresses, phone numbers, mailing addresses, organisations, credit card information and various other bits and pieces.
As it stands, the only web browser that can’t be exploited using this exploit is Mozilla Firefox. Pretty much every other browser out there is vulnerable. Also vulnerable are password managers such as LastPass which have plug ins that do the same sort of thing. There’s a site that demonstrates the exploit which you can visit so that you can see it in action, but you should disable the autofill function within your browser to protect yourself until this attack is fixed within the browser of your choice. Alternately, you can switch to Firefox to protect yourself.
Like this:
Like Loading...
Related
This entry was posted on January 11, 2017 at 1:58 pm and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Browser Autofill Exploit Revealed…. Only Firefox Is Immune
A Finnish hacker by the name of Viljami Kuosmanen has exposed a new type of phishing attack that utilizes a web browsers ability to autofill text fields to get personal information. The Guardian has details:
The phising attack is brutally simple. Kuosmanen discovered that when a user attempts to fill in information in some simple text boxes, such as name and email address, the autofill system, which is intended to avoid tedious repetition of standard information such as your address, will input other profile-based information into any other text boxes – even when those boxes are not visible on the page.
It means that when a user inputs seemingly innocent, basic information into a site, the autofill system could be giving away much more sensitive information at the same time should the user confirm the autofill. Chrome’s autofill system, which is switched on by default, stores data on email addresses, phone numbers, mailing addresses, organisations, credit card information and various other bits and pieces.
As it stands, the only web browser that can’t be exploited using this exploit is Mozilla Firefox. Pretty much every other browser out there is vulnerable. Also vulnerable are password managers such as LastPass which have plug ins that do the same sort of thing. There’s a site that demonstrates the exploit which you can visit so that you can see it in action, but you should disable the autofill function within your browser to protect yourself until this attack is fixed within the browser of your choice. Alternately, you can switch to Firefox to protect yourself.
Share this:
Like this:
Related
This entry was posted on January 11, 2017 at 1:58 pm and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.