• Sign in to Neowin Faster!

    Create an account on Neowin to contribute and support the site.

Sign in to follow this  

Autofill flaw lets scam websites steal internet users' credit card and contact details

Recommended Posts

+warwagon    12,823
Quote

 

As the use of multiple usernames and passwords across different sites becomes common online practice, people increasingly turn to password managers and browser autofill in order to log in. While this is the recommended way to stay safe online, a newly discovered flaw in popular browsers and password managers could let scammers steal sensitive information, a researcher has found. 

 

The flaw affects the autofill function, which saves personal information and automatically pastes it to prevent repetitive typing, on browsers including Google's Chrome and Apple's Safari. It also affects some plugins and add-ons including the LastPass password manager. 

 

When a user starts to input information into a website, such as their name, autofill suggests information to paste into other boxes on the page. Once the user clicks on one of the suggestions the function automatically pastes information into text boxes on the site. 

 

 
 

http://www.telegraph.co.uk/technology/2017/01/10/autofill-flaw-scam-websites-steal-internet-users-credit-card/

 

So you may want to Disable Autofill in your browser, or at a minimum check to see what information it has.

  • Like 1

Share this post


Link to post
Share on other sites
+Zag L.    684

Saw this demoed on Security Now. Really is an excellent CSS 'expoit'  that has a lot of potential for bad things. Browsers just need to be changed to do a check to see if the auto-fill field is in the visible bounds of the view port before filling it.   

  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.