I can say I did not know about it until now!
All it took was faking your “Find” box. The box that comes up when you hit Ctrl+F or Apple+F on a browser.
How It Works
Though there is somewhat good news. This has only been done in proof of concept.
That is to say it was only demonstrated that it is possible as opposed to it actually happening.
However if it can be done as a proof of concept then who’s to say if you got told, “Your password may be listed on this site with a giant list of passwords?” At which point you panic, go to the site and do a Find for your password.
So what’s a person to do if not even their Find box is safe from having their password stolen? Well there’s the obvious don’t go to websites that seem suspicious.
But don’t use the Find box on your browser? I think I’d be asking for a bit much there.
Most of this problem falls on web browser developers to acknowledge this will be an issue at some point and change things on the browser itself. What they do and when, however is entirely up to them.
For now the only advice I can offer is be careful if you are told your password has been leaked and is listed on a website. If it happens, don’t go. It’s a trap.
This entry was posted on Monday, December 10th, 2012 at 11:34 AM and is filed under security. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.
Leave a Reply