Friday, November 24, 2006

Serious Safari and Firefox Security Flaw Discovered

I have always refrained from using the Safari and Firefox password storage features. Both Web browsers sport the ability to store and auto-fill passwords used to log in to secure Web pages. This feature has been pulling at me to use it because of the considerable convenience it offers.

As mentioned previously, I have been using the Mac application Wallet for storing all my passwords in encrypted form separate from my browsers. When shopping online or logged into a forum, I would look up passwords in Wallet. I never stored passwords in Safari or Firefox. A vague inclination not to trust my passwords outside of Wallet prevailed.

Now we all have a concrete reason not to use the password storage capabilities of these browsers. As reported by Newsfactor and Heise Security, both Safari and Firefox are subject to password hacking. Malicious Web sites can easily extract passwords stored in the auto-fill features found in both browsers.

Heise Security created an online dummy demonstration of how passwords stored in your browser can be easily extracted for nefarious purposes.

The take-home lesson for today is, do not use the auto-fill feature of any Web browser to store your online passwords. Bad idea.

<< Home

This page is powered by Blogger. Isn't yours?