Ars Technica reports on a security issue for Internet browsers that could affect the privacy of your online passwords:
Be careful what you type on your computer while surfing the Web. It very well could be funneled to a script kiddie who has appropriated a handful of lines of code and inserted it into his site.
Proofs of concept here and here show how this method could be used to trick people into divulging their password or credit card number respectively. The pages pose as lists that catalog leaked user data and invite visitors to search it to see if their information is included. [...]
There are at least two possible solutions to reduce threats like these. One is tweaking the user interface so search boxes are in a part of the browser that can’t be confused with Web content. Browser designers who wanted to adopt this approach might be able to learn from changes Microsoft has made to recent versions of Windows that cause Web content to be shaded when sensitive system messages are being displayed. An alternate fix could involve displaying a warning when sites call preventDefault to cancel events registered as a browser key binding.
Given the frequency of posts purporting to contain passwords, credit card numbers, and other details leaked from popular websites, it’s not a stretch to think plenty of people use the search feature to see if their personal information is included. If you’ve ever typed data into a browser search box that you wouldn’t want outsiders to see, you’re in good company.
No related posts.