Some hackers are going Phishing on MySpace and catching Safari and FireFox users (including Windows)... PING!
If you want on or off the Mac Ping List, Freepmail me.
Some hackers are going Phishing on MySpace and catching Safari and FireFox users (including Windows)... PING!
If you want on or off the Mac Ping List, Freepmail me.
15:25 EST Another critical new security problem could reveal passwords stored by your web browser, as Chapin Information Services and others describe:
CIS Finds Flaws in Firefox v2 Password Manager
Chapin Information Services (CIS) has discovered a new flaw in the Mozilla Firefox web browser that exposes saved passwords to clever attackers.
Given the new nature of this type of attack, CIS has named this a Reverse Cross-Site Request (RCSR) vulnerability.
This flaw could affect anyone visiting a weblog or forum website that allows user-contributed HTML codes to be added.
A proof-of-concept demonstration is available at the CIS website.
RCSR attacks are also actively targeting Microsoft Internet Explorer, however a flaw in Firefox makes the attack much more likely to succeed.
The Password Manager component of FireFox can be exploited to send a username and password combination to an attacker's computer without the user's knowledge.
Users of both Firefox and Internet Explorer need to be aware that their information can be stolen in this way when visiting blog and forum websites at trusted addresses.
Firefox Password Manager Information Disclosure (SA23046)P
A vulnerability has been discovered in Firefox, which can be exploited by malicious people to conduct phishing attacks.
The vulnerability is caused due to the Password Manager not properly checking the URL before automatically filling in saved user credentials into forms. This may be exploited to steal user credentials via malicious forms in the same domain.
The vulnerability is confirmed in version 2.0.0. Other versions may also be affected.
Solution: Disable the "Remember passwords for sites" option in the preferences.
Critical Firefox hole allows password theft
The flaw lies in Firefox's Password Manager software, which can be tricked into sending password information to an attacker's Web site, said Robert Chapin, president of Chapin Information Services Inc. For this attack to work, attackers need to be able to create HTML (Hypertext Markup Language) forms on the Web site, something that is allowed on blogging and social networking sites.
The attack was used in a MySpace phishing attack reported in late October. In that attack, users registered a MySpace account named login_home_index_html and used it to host a fake log-in page that exploited the flaw.