Posted on August 04, 2010 by infogrip-computer-support
All the common browsers are subject to exploits that use the auto-complete feature to force them to give up personal data, as presented at Black Hat security conference last week. Computer World reports that the presentation “Breaking browsers: Hacking Auto-Complete” is by Jeremiah Grossman, the CTO of WhiteHat Security. None of the techniques used were that difficult and the data that can be gathered from auto-complete includes names, addresses, e-mail addresses, and sometimes passwords, credit card numbers, and search entries. That data can be used to break into bank or email accounts, or to set the victim up for more malware that can get more data out of them. The best way to avoid the attack is to turn auto-complete off. Grossman was able to hack the auto-complete of different versions of Internet Explorer, Safari, Chrome and Firefox, including Internet Explorer 6 and 7 which sadly account for a third of all browsers in use. He had to come up with different ways to hack each browser and he thinks that the browsers can be patched, he contacted each browser company but they didn’t tell him definite plans for updates. The exemption is Apple which pushed out a quick update to Safari’s auto-complete problem the day before the presentation.