Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

 



Forgot your password?
typodupeerror

Submission Summary: 0 pending, 7 declined, 1 accepted (8 total, 12.50% accepted)

Security

+ - Firefox 2.0 Password Manager Bug Exposes Passwords

Submitted by
zbuffered
zbuffered writes "Today, Mozilla made public bug #360493, which exposes Firefox's Password Manager on many public sites. The flaw derives from Firefox's willingness to supply the username and password stored on one page on a domain to another page on a domain. For example, username/password input tags on a myspace user's site will be unhelpfully propagated with the visitor's myspace.com credentials. It was first discovered in the wild by Netcraft on 10-27-06. As this proof-of-concept illustrates, because the username/password fields need not be visible on the page, your password can be stolen in an almost completely transparent fashion. Stopgap solutions include avoiding using Password Manager and the Master Password Timeout Firefox extension, which will at least cause a prompt before the fields are filled. However, in the original case detailed in the bug report, the phish mimicked the http://login.myspace.com/ site almost perfectly, causing many users to believe they needed to log in.

A description of this new type of attack is available from the bug's original author."
Slashdot.org

+ - Promoting a New Blog

Submitted by
zbuffered
zbuffered writes "For awhile now I've wanted to start my own weblog, but as I have nary a marketing or promotional bone in my body, I wouldn't know how to start building an audience/community. I'd be using Slashcode for the moderation system, and I think that once such a site got on it's feet that it would take off, but how do I gain that initial momentum?"

Real Programmers think better when playing Adventure or Rogue.

Working...