Wednesday, December 17, 2008

Internet Scam Series - Browser safety or lack of!

Major Web browsers fail password protection tests (Source: Znet)

Disclaimer - this is not original material rather a copy of a znet blog but the information is too important and timely not to share just because I did not author - Ryan Naraine wrote the material and the link to the original post is shown at the bottom of this blog post.

That nifty password management feature in your favorite Web browser could be helping identity thieves pilfer your personal data.

That’s the biggest takeaway from the results of this test which shows that all the major Web browsers — including IE, Firefox, Opera, Safari and Chrome — are vulnerable to a total of 20 vulnerabilities that could expose password-related information.  Among the problems are three in particular that, when combined, allow password thieves to take passwords without the user’s knowledge.  They are:

  1. The destination where passwords are sent is not checked.
  2. The location where passwords are requested is not checked.
  3. Invisible form elements can trigger password management.

Google’s shiny new Chrome browser was among the worst offenders.   According to the study,  Chrome’s password manager contains multiple unpatched issues that “form a toxic soup of potential vulnerabilities that can coalesce into broad insecurity.”

Apple’s Safari for Windows browser was also failed a majority of the tests (click image for full version):

Technical details of the test, which was conducted by Chapin Information Services, can be found here.

Ryan Naraine is a security evangelist at Kaspersky Lab, an anti-malware company with operations around the world. See his full profile and disclosure of his industry affiliations.

FolloRyan Naraine on Twitter

No comments:

Add to Technorati Favorites