 
|
|
In partnership with:
|
7 January 2008 Firefox flaw allows password hack, says researcherJohn-Paul Kamath, Computer Weekly A potential flaw in the way Firefox web browser handles log-ons could be used by identity thieves to dupe users into disclosing passwords, a leading security researcher has warned. According to Aviv Raff, an Israeli researcher, the flaw in Firefox 2.0.0.11 - Mozilla's latest version - could redirect the username and password entered by the user to the hacker's server instead of the real one. An attacker could also create a web page with a link to a trusted website (for example, a bank, a PayPal account, webmail, etc.). When the victim clicks on the link, the trusted web page will be opened in a new window, and a script will be executed to redirect the new opened window to the attacker's web server, which will then return the specially crafted basic authentication response. A video which demonstrates the first attack vector can be found on YouTube. A better quality video can be download from here (Windows Media format). This article first appeared on the web-site of Computer Weekly, at http://www.computerweekly.com/Articles/2008/01/04/228740/firefox-flaw-allows-paypal-hack-says-researcher.htm. © Reed Business Information 2008.
Browser providers should admit flaws, says Mozilla (9 November 2007) RSA Europe 2007: Spyware cashes in quietly (25 October 2007)
|
|
