It appears you have not yet registered with our community. To register please click here...

 
Go Back [M] > Madshrimps > WebNews
Chrome is a security nightmare, indexes your bank accounts Chrome is a security nightmare, indexes your bank accounts
FAQ Members List Calendar Search Today's Posts Mark Forums Read


Chrome is a security nightmare, indexes your bank accounts
Reply
 
Thread Tools
Old 4th September 2008, 15:27   #1
Madshrimp
 
jmke's Avatar
 
Join Date: May 2002
Location: 7090/Belgium
Posts: 79,022
jmke has disabled reputation
Default Chrome is a security nightmare, indexes your bank accounts

To see all of this in action, just open up Chrome and log in to your favorite financial website. Like most important sites, it should be protected with HTTPS/SSL encryption and that should be evident in the address bar of the browser. Do the stuff you would normally do like look at your balances and gawk at your latest transactions and then open up a new tab in Chrome by clicking the “+” symbol. In the right-hand history search box, enter a few keywords and see what they get you. Surprised? I bet you are. No luck? Then try something simple like oh Visa, Mastercard, balance and account. Also try out the names and abbreviations of months like September, Sept and Sep.

If you’re like me, you probably saw account balances and some transaction details, but if you further refine your keywords you’d be able to see a lot more. We first discovered this “problem” by browsing the forensicfocus.com forums. “Problem” is in quotes because we’re not sure if this is a true vulnerability or Google Chrome’s search function working as intended – in this case, just too damn good. While playing around with the forensic implications of Chrome, “Jelle” on the forums posted that he and his partner noticed the browser was indexing information from HTTPS sites.

http://www.tgdaily.com/content/view/39176/108/
__________________
jmke is offline   Reply With Quote
Reply


Similar Threads
Thread Thread Starter Forum Replies Last Post
Access two Gmail accounts at once in the same browser jmke WebNews 1 6th August 2010 17:48
Microsoft Security Bulletin Summary for September 2008 jmke WebNews 0 9th September 2008 20:20
S3 Graphics' Chrome 440 GTX Video Card Announced jmke WebNews 0 30th May 2008 14:57
S3 Graphics Launches Chrome 430 GT in the U.S. Market jmke WebNews 0 27th March 2008 16:54
S3 unviels new GPU, Chrome 400, DX 10.1 capable jmke WebNews 1 16th February 2008 10:22
Microsoft Security Bulletin Summary for August 2007 jmke WebNews 0 14th August 2007 23:21
Online Thieves Empty Bank Accounts Sidney WebNews 0 17th June 2004 04:36
NVIDIA and AMD Deliver Improved Security to Protect the PC Desktop Sidney WebNews 0 3rd June 2004 05:46
HP and Microsoft Expand Security Solutions Portfolio Sidney WebNews 0 25th May 2004 07:28
AMD AND microsoft to provide customers new security technology jmke WebNews 0 29th February 2004 14:22

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


All times are GMT +1. The time now is 17:07.


Powered by vBulletin® - Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO