Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Who's got it? Who's giving it away? How to protect your privacy and steal it from other people. For intellectual privacy, personal privacy, and blackhats alike... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Firefox privacy leak
Posted by: buherator
Date: October 07, 2007 07:08AM

Today I did some research about the stored passwords in Firefox and found something interresting: If you log into a site the sites domain will be stored in the first part of signons.txt even if you don't want to save you passwords. This happens even if you choose "Not now" in the password saving dialog. These URLs only disappear if you delete all your saved passwords, or delete these lines manually.

So unfortuantely it is not enough to delete your browsing history and cookies to clear your path.

Options: ReplyQuote
Re: Firefox privacy leak
Posted by: Anonymous User
Date: October 07, 2007 07:58AM

I know, it sucks.

their whole authentication scheme sucks since day one, Grand Paradiso should tackle this issue very soon, just like the potential to show plaintext passes.
A password should be memorized in someone's brain, not on a disk is my opinion.



Edited 1 time(s). Last edit at 10/07/2007 07:58AM by Ronald.

Options: ReplyQuote
Re: Firefox privacy leak
Posted by: buherator
Date: October 07, 2007 08:16AM

I agree, but master password seems like a quite good security-comfort trade-off, and don't forget about the keyloggers which can be eliminated this way. Though I keep my sensitive passwords always in my head...

Do you know about similar issues in other browsers too (not in the question of stored passwords handling, but in the topic of piracy)?

Options: ReplyQuote
Re: Firefox privacy leak
Date: October 12, 2007 10:24PM

does anyone know what kind of encryption Firefox uses when storing the passwords when using master password?

Options: ReplyQuote
Re: Firefox privacy leak
Posted by: Anonymous User
Date: October 13, 2007 09:10AM

RC4 probably.

Options: ReplyQuote


Sorry, only registered users may post in this forum.