Thursday, November 13, 2014
How safe is your browser keeping you? Not something we think about in our day to day activities on the web. Register to a new website and your browser asks you if you would like to save the login information, out of sheer convenience most of us would say sure, go ahead. Not realizing the potential security risk they may have just put themselves in.
In the computer world there are four major browsers that almost everyone uses, we have Chrome, Internet Explorer, Firefox, and Safari. All of these browsers have the ability to save login details for website, and some can even go as far as saving credit card information, for easier shopping. But anyone that has access to your computer can gain access to all of your data. Using password revealers is nothing new to the industry, but if you feel the need to walk away from your computer and leave it up, anyone is able to come up behind you and reveal all of your stored login information from your browser with ease.
Another method that could be used for attackers is by using some types of malware that would be able to use a script to recover the stored passwords database, which if there is no master password stored in the browser for the rest of the password, it will most likely be stored in plain text. These database files resides on the PC in the browsers files structure. If the browser is unpatched or out of date this type of an attack would be common.
One other method that could be used is by an attacker using, what is called an XSS hole. XSS is short for cross-site scripting, and this can be used by an attacker by luring the user to go to a malicious website via email, or by phone, and clicking on a link that sends the XSS code to the browser to retrieve the stored passwords, stored cookies, user data, history, and others.
So as you can see there are multiple ways that attackers are able to retrieve your saved passwords from your browser without you ever really knowing. My recommendation would be to first, do not use the autocomplete or auto-save features in your browser and disable them. If you must use them make sure that the computer, and browser are always updated, and if the browser supports it, set a master password on your saved passwords list.