Browser security

Browser security 2862384550 a3f5669008 300x110The SecurityFocus web sites has been running a series of articles on web browser security.  The articles target the two major browsers, IE (6 and 7) and (strangely) older versions of Firexfox (1.5 and 2.0).  The current article looks at attacks on Password Managers. The user is given a false sense of security because they “expect that the browser, possibly in conjunction with the operating system, will protect their information”. The major take away was that these browsers are not to be trusted to store personal information such as usernames, passwords and other stored form information.

Firefox’s password manager (version 2.0) as of Novermber 2006 has a software flaw that allows a user’s credentials (from the site being currently visited) to be posted to any URL if the user clicks a maliciously crafted link.

And IE( 6 or 7) has this issue:

Internet Explorer is usually a prime target for malware infection. …… these vulnerabilities converge at a dangerous point where malware programs are specifically targeting AutoComplete information. These programs gain confidential information, and then send it back to the attacker.

So what we do to reduce the risks?  Fortunately the article provides some defensive strategies.  They suggest avoiding password managers altogher, using a strong ( not easy guessed ) password to protect the password manager, using an alternative password manager that support encryption, strong and unique passwords for every site, and even some programming tips for web developers.

On my Mac I use 1Password.  IPassword uses a master password, encrypts stored passwords and form data, and can generate unique random passwords for any site.  You can Download 1Password here and give it a test drive.

Liked this post? Follow this blog to get more. 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Feel free to comment on this story directly above, but you can also go to copies posted to social media on the left, and reply to or comment on them there. Your responses via Twitter, Facebook, and Google+ will appear below.

To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Learn More)