Calling all Fanboys (of all shapes and sizes) :D

Status
Not open for further replies.

NucleusKore

TheSaint
Major Web browsers fail password protection tests

Source: *blogs.zdnet.com/security/?p=2305
Test: *www.info-svc.com/news/2008/12-12/

That nifty password management feature in your favorite Web browser could be helping identity thieves pilfer your personal data.

That’s the biggest takeaway from the results of this test which shows that all the major Web browsers — including IE, Firefox, Opera, Safari and Chrome — are vulnerable to a total of 20 vulnerabilities that could expose password-related information. Among the problems are three in particular that, when combined, allow password thieves to take passwords without the user’s knowledge.

Read On........

*s269.photobucket.com/albums/jj44/visio159/Unismilies/38large.png
 

Hitboxx

Juke Box Hero
My Firefox results are one up theirs :p

Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.4) Gecko/2008111217 Fedora/3.0.4-1.fc10 Firefox/3.0.4
Test Performed Result
Action Authority Checked on Retrieval PASSED
Action Authority Checked on Save PASSED
Action Authority Raises Warnings FAILED
Action Path Checked on Retrieval FAILED
Action Path Checked on Save FAILED
Action Scheme Checked on Retrieval PASSED
Action Scheme Checked on Save PASSED
Action Scheme Raises Warnings FAILED
Action Scheme Prevented if Unsafe FAILED
Autocomplete=Off Prevents Form Fills PASSED
Invisiblility Prevents Form Fills FAILED
Method Checked on Retrieval FAILED
Method Raises Warnings FAILED
Multiple Paths Per User Per Authority FAILED
Multiple Ports Per User Per Host PASSED
Multi. Schemes Per User Per Authority PASSED
Page Path Checked on Retrieval FAILED
Random Name Attr. Prevents Form Fills FAILED
User Required for PW Retrieval FAILED
User Required for PW Save FAILED
Valid URIs Don't Break Anything PASSED
 

gxsaurav

You gave been GXified
I use something full proof for my passwords. My Brain, that is impossible to hack I guess
 

amitava82

MMO Addict
I use secure login extension for FF which does not fill up login boxes automatically when the page loads.

* Prevents malicious JavaScript code to automatically steal your login data.
* Provides an option to protect your login data from all JavaScript code during login.
* Can prevent cross-site scripting (XSS) attacks to steal your passwords without having to deactivate JavaScript.
* Helps to protect you from phishing.
 
^^In final few steps and I feel sleepy and irritated. DAMN you NucleusKore. Did you have to give such a stupidly loooooooooooooooooooooooooooooong test to spoil my day ?

wooooooooosh... yeah, here it goes:



Code:
Report
Test Performed	Result
Action Authority Checked on Retrieval	PASSED
Action Authority Checked on Save 	PASSED
Action Authority Raises Warnings 	FAILED
Action Path Checked on Retrieval 	FAILED
Action Path Checked on Save 	FAILED
Action Scheme Checked on Retrieval 	PASSED
Action Scheme Checked on Save 	PASSED
Action Scheme Raises Warnings 	FAILED
Action Scheme Prevented if Unsafe 	FAILED
Autocomplete=Off Prevents Form Fills 	PASSED
Invisiblility Prevents Form Fills 	FAILED
Method Checked on Retrieval 	FAILED
Method Raises Warnings 	FAILED
Multiple Paths Per User Per Authority	FAILED
Multiple Ports Per User Per Host 	PASSED
Multi. Schemes Per User Per Authority	PASSED
Page Path Checked on Retrieval 	FAILED
Random Name Attr. Prevents Form Fills	FAILED
User Required for PW Retrieval 	FAILED
User Required for PW Save 	FAILED
Valid URIs Don't Break Anything 	PASSED

I never liked password save function anyway, nor did I ever consider using it.
 
Last edited:
Status
Not open for further replies.
Top Bottom