Wednesday, December 17, 2008

Major Web browsers fail password protection tests

December 15th, 2008

Posted by Ryan Naraine @ 12:29 pm

That nifty password management feature in your favorite Web browser could be helping identity thieves pilfer your personal data.

That’s the biggest takeaway from the results of this test which shows that all the major Web browsers — including IE, Firefox, Opera, Safari and Chrome — are vulnerable to a total of 20 vulnerabilities that could expose password-related information. Among the problems are three in particular that, when combined, allow password thieves to take passwords without the user’s knowledge. They are:

The destination where passwords are sent is not checked.
The location where passwords are requested is not checked.
Invisible form elements can trigger password management.
Google’s shiny new Chrome browser was among the worst offenders. According to the study, Chrome’s password manager contains multiple unpatched issues that “form a toxic soup of potential vulnerabilities that can coalesce into broad insecurity.”
Apple’s Safari for Windows browser was also failed a majority of the tests (click image for full version):

Technical details of the test, which was conducted by Chapin Information Services, can be found here.

No comments:

Post a Comment

You are not entitled to your opinion. You are entitled to your informed opinion. No one is entitled to be ignorant.

Harlan Ellison