It appears you have not yet registered with our community. To register please click here...

 
Go Back [M] > Madshrimps > WebNews
Chrome is a security nightmare, indexes your bank accounts Chrome is a security nightmare, indexes your bank accounts
FAQ Members List Calendar Search Today's Posts Mark Forums Read


Chrome is a security nightmare, indexes your bank accounts
Reply
 
Thread Tools
Old 4th September 2008, 14:27   #1
Madshrimp
 
jmke's Avatar
 
Join Date: May 2002
Location: 7090/Belgium
Posts: 79,001
jmke has disabled reputation
Default Chrome is a security nightmare, indexes your bank accounts

To see all of this in action, just open up Chrome and log in to your favorite financial website. Like most important sites, it should be protected with HTTPS/SSL encryption and that should be evident in the address bar of the browser. Do the stuff you would normally do like look at your balances and gawk at your latest transactions and then open up a new tab in Chrome by clicking the “+” symbol. In the right-hand history search box, enter a few keywords and see what they get you. Surprised? I bet you are. No luck? Then try something simple like oh Visa, Mastercard, balance and account. Also try out the names and abbreviations of months like September, Sept and Sep.

If you’re like me, you probably saw account balances and some transaction details, but if you further refine your keywords you’d be able to see a lot more. We first discovered this “problem” by browsing the forensicfocus.com forums. “Problem” is in quotes because we’re not sure if this is a true vulnerability or Google Chrome’s search function working as intended – in this case, just too damn good. While playing around with the forensic implications of Chrome, “Jelle” on the forums posted that he and his partner noticed the browser was indexing information from HTTPS sites.

http://www.tgdaily.com/content/view/39176/108/
__________________
jmke is offline   Reply With Quote
Reply


Similar Threads
Thread Thread Starter Forum Replies Last Post
Access two Gmail accounts at once in the same browser jmke WebNews 1 6th August 2010 16:48
Microsoft Security Bulletin Summary for September 2008 jmke WebNews 0 9th September 2008 19:20
S3 Graphics' Chrome 440 GTX Video Card Announced jmke WebNews 0 30th May 2008 13:57
S3 Graphics Launches Chrome 430 GT in the U.S. Market jmke WebNews 0 27th March 2008 15:54
S3 unviels new GPU, Chrome 400, DX 10.1 capable jmke WebNews 1 16th February 2008 09:22
Microsoft Security Bulletin Summary for August 2007 jmke WebNews 0 14th August 2007 22:21
Online Thieves Empty Bank Accounts Sidney WebNews 0 17th June 2004 03:36
NVIDIA and AMD Deliver Improved Security to Protect the PC Desktop Sidney WebNews 0 3rd June 2004 04:46
HP and Microsoft Expand Security Solutions Portfolio Sidney WebNews 0 25th May 2004 06:28
AMD AND microsoft to provide customers new security technology jmke WebNews 0 29th February 2004 13:22

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


All times are GMT +1. The time now is 00:14.


Powered by vBulletin® - Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO