| Thread Tools |
4th September 2008, 15:27 | #1 |
Madshrimp Join Date: May 2002 Location: 7090/Belgium
Posts: 79,022
| Chrome is a security nightmare, indexes your bank accounts To see all of this in action, just open up Chrome and log in to your favorite financial website. Like most important sites, it should be protected with HTTPS/SSL encryption and that should be evident in the address bar of the browser. Do the stuff you would normally do like look at your balances and gawk at your latest transactions and then open up a new tab in Chrome by clicking the “+” symbol. In the right-hand history search box, enter a few keywords and see what they get you. Surprised? I bet you are. No luck? Then try something simple like oh Visa, Mastercard, balance and account. Also try out the names and abbreviations of months like September, Sept and Sep. If you’re like me, you probably saw account balances and some transaction details, but if you further refine your keywords you’d be able to see a lot more. We first discovered this “problem” by browsing the forensicfocus.com forums. “Problem” is in quotes because we’re not sure if this is a true vulnerability or Google Chrome’s search function working as intended – in this case, just too damn good. While playing around with the forensic implications of Chrome, “Jelle” on the forums posted that he and his partner noticed the browser was indexing information from HTTPS sites. http://www.tgdaily.com/content/view/39176/108/
__________________ |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Access two Gmail accounts at once in the same browser | jmke | WebNews | 1 | 6th August 2010 17:48 |
Microsoft Security Bulletin Summary for September 2008 | jmke | WebNews | 0 | 9th September 2008 20:20 |
S3 Graphics' Chrome 440 GTX Video Card Announced | jmke | WebNews | 0 | 30th May 2008 14:57 |
S3 Graphics Launches Chrome 430 GT in the U.S. Market | jmke | WebNews | 0 | 27th March 2008 16:54 |
S3 unviels new GPU, Chrome 400, DX 10.1 capable | jmke | WebNews | 1 | 16th February 2008 10:22 |
Microsoft Security Bulletin Summary for August 2007 | jmke | WebNews | 0 | 14th August 2007 23:21 |
Online Thieves Empty Bank Accounts | Sidney | WebNews | 0 | 17th June 2004 04:36 |
NVIDIA and AMD Deliver Improved Security to Protect the PC Desktop | Sidney | WebNews | 0 | 3rd June 2004 05:46 |
HP and Microsoft Expand Security Solutions Portfolio | Sidney | WebNews | 0 | 25th May 2004 07:28 |
AMD AND microsoft to provide customers new security technology | jmke | WebNews | 0 | 29th February 2004 14:22 |
Thread Tools | |
| |