MAAS History
Archives
« Adobe Reader and Acrobat | Main | APPLE-SA-2010-09-20-1 Security Update 2010-006 »
Saturday
Sep252010

Safari Auto Fill Flaw Can Still be Conducted Using Two Phase Process

Jeremiah Grossman's Auto Fill Flaw can still be exploited by socially engineering a user to perform staged clicks on a form or page. In his online example the users location is used to provoke the first key. Other examples can be simple trickery such as type "DuD" to prove your a human. He has posted the technical details on his blog, the result is that the users Auto Fill information is passed without the knowledge of the user.

Auto fill altthough viewed as a convenicnce to users can result in sharing information the user did not plan to disclose. In Safari you should make sure to turn these settings off including on iOS devices. 

Recommended Settings

When thinking about privacy and the sharing of any personal information educate users in the concepts of trust and verification. If the form is completed automatically the user skips triggering mechanisms that can prevent these kinds of information gathering attacks. 

PrintView Printer Friendly Version

EmailEmail Article to Friend

References (2)

References allow you to track sources for this article, as well as articles that were written in response to this article.

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.
Member Account Required
You must have a member account on this website in order to post comments. Log in to your account to enable posting.