|
|
|
|
|
|
In Partnership with:
|
7 January 2008 Firefox flaw allows password hack, says researcherJohn-Paul Kamath, Computer Weekly A potential flaw in the way Firefox web browser handles log-ons could be used by identity thieves to dupe users into disclosing passwords, a leading security researcher has warned. According to Aviv Raff, an Israeli researcher, the flaw in Firefox 2.0.0.11 - Mozilla's latest version - could redirect the username and password entered by the user to the hacker's server instead of the real one. An attacker could also create a web page with a link to a trusted website (for example, a bank, a PayPal account, webmail, etc.). When the victim clicks on the link, the trusted web page will be opened in a new window, and a script will be executed to redirect the new opened window to the attacker's web server, which will then return the specially crafted basic authentication response. A video which demonstrates the first attack vector can be found on YouTube. A better quality video can be download from here (Windows Media format). This article first appeared on the web-site of Computer Weekly ( Click here to read ). © Reed Business Information 2008.
|
|
|
 |
Infosecurity US © Copyright 2008, Elsevier Ltd, All rights reserved. Your use of this service is governed by Terms and Conditions. Please review our Privacy Policy for details on how we protect information that you supply. |
Terms & Conditions | Privacy Policy |
