Safari personal info hack

Posted on July 24, 2010 by Rob

Jeremiah Grossman recently published a security vulnerability in Safari that can steal your personal information. The gist of the problem is that an attacker can hide some inputs on their site with field names that normally get autofilled by the browser. Then using JavaScript the attacker can extract information about the user.

Check out this creepy demo in Safari. It found all my info successfully… Luckily I only use Safari for testing. If you want to avoid the problem disable AutoFill web forms in your Safari settings.

This entry was posted in Uncategorized and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

*


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre lang="" line="" escaped="">