Saved passwords vulnerability still exists in some web browsers

 

Say you are on the Gmail login page and the web browser, as always, has auto-filled the username and passwords fields for you.

This is convenient because you can sign-in to your account with a click but because you have not been typing these saved passwords for a while now, you don’t even remember the Gmail password anymore.

All web browsers, for security reasons, mask the password fields in login forms behind asterisk characters thus making it impossible for passersby to see your secret string.

There’s however an easy workaround that will let you convert those asterisks into the actual password and you don’t need any external utilities or bookmarklets for this. Here’s how:

Full Story at Labnol

Google grants $3,500 for Chrome security holes this time around, version 21

Google Chrome development team has released the newest version of Chrome today, version 21. You can get this update installed now as such:

• Hit the Wrench Icon in the top right corner of the browser.
• Select About Google Chrome.
• It will automatically check for and install the update.
• Once done, it will ask the relaunch the browser. Please do so to make sure it finishes installing.

When you check the About Google Chrome again, you should see that it’s updated as such:

This update fixes three critical security updates. According to Naked Security by Sophos:

The first, CVE-2012-2866, fixes a problem in which Chrome failed to properly perform a cast of an unspecified variable during handling of run-in elements. If left unpatched, it could allow attackers to cause a denial of service (or worse) on a vulnerable Chrome instance using a specially-crafted document.

The second security hole rated “high,” fixes a fault, CVE-2012-2869, in which Chrome improperly loaded URLs which could allow remote attackers to create a denial of service or, possibly, take additional actions on a vulnerable system.

The third vulnerability with a “high” rating, CVE-2012-2871, fixes a problem with libxml2 2.9.0-rc1 and earlier, a standard Google Chrome component. Earlier versions of that library don’t properly support a cast of an unspecified variable during XSL transforms – a process in which webpage style sheets are rendered when a page is loaded.

When Google began its bounty programs for bug finding, a flood of new security vulnerabilities have occurred. It’s now getting easier for software testers to make some extra cash.

 

Ad: Spyware Doctor delivers powerful protection against spyware and adware threats. Click Here

Firefox 15 Fixes over 2,200 bugs

After a little over a month since the release since Firefox 14, version 15 got released yesterday fixing about 2,200 bugs. Other than that, 16 critical security vulnerabilities have been addressed. Of course, the normal memory management tweaks were made to make the user experience smoother and more responsive. It continues to utilize the hidden update features, making the updates for it silent. Then, afterward prompts you to restart Firefox to finish updating. This version is most recommended, and you should update now to protect against security threats and exploits.

You can update now at: https://www.mozilla.com

 

Related articles

• Firefox 15 released: Seven critical vulnerabilities patched and stealthy updates too! (nakedsecurity.sophos.com)
• Debunking A Misconception About Firefox Releases (mozilla.org)

Test How Secure Your Browsers Are

Depending on the addons, which you may have installed in your browser, or the type of browser – will declare how secure your browser really is, and how private the information is, as well!

There are many free services that you can test each of your browsers (no specific order):

1. Learn what your browser shares with other websites.
2. Check to see if your browser has security issues.
3. This tool takes a fingerprint of your browser, seeing how unique it is. Depending on how unique a browser is, will depend on how websites can track you. The more rare/unique the fingerprint, the less possibility to be tracked.
4. Over 60 tests: find out what information is shared between websites and the browser.
5. General browser security testing, seeing how it does with scripts, etc.

 

So, go on! Test them out!

Tip: Keep Firefox Plugins up to date!

Notice: All images belong to their respective owners!

 

SonicWALL Anti-Spam Desktop