You are currently browsing the daily archive for November 23rd, 2006.
According to an article in Techtree:
There is a bug named as “Reverse Cross Site Request vulnerability” first discovered by “Robert Chapin” steals login-ID and Password from various sites like forums by presenting a fake Login page..
According to Robert Chapin:
Reportedly, the attack was first carried out from a profile page using a specially crafted HTML that hides the genuine MySpace content from the page, and displays the fake login page instead. The fake page is then sent to another Web site, along with information regarding MySpace users who visited the page using Firefox.
But its said that IE7 is Less Vulnerable than Firefox because of Firefox ability to remember the LoginID and Password..
According to the article:
The attacks seen on My Space.com are likely to move on to Firefox as well because the Firefox Password Manager automatically enters any saved passwords and user-id/s into the form, whereas IE is not capable of filling in the saved information automatically.
Therefore, Firefox is more likely to get affected by the flaw, as compared to IE.
