|
Trojan forces Firefox to save web passwords
|
|
The following comments relate to this news article:
article published on 9 October, 2010
Webroot is warning about a change that a Trojan makes to Firefox files that change the way the browser handles password information entered in forms on websites. Trojan-PWS-Nslog is found to modify a file used by Firefox (nsLoginManagerPrompter.js) in such a way that the browser simply saves all entered passwords and does not prompt a user anymore on whether or not it should.
Computer ... [ read the full article ]
Please read the original article before posting your comments.
|
Member
|
9. October 2010 @ 22:45 |
Link to this message
|
Quote:
"SaLiLoG keylogger server made by Salar Zeynali - Salixem@Gmail.com."
Hahaha, oh wow.
|
|
Advertisement
|
|
|
|
|
GryphB
Member
|
10. October 2010 @ 00:50 |
Link to this message
|
LOL. Nice work id10t. Good thing I use linux and use Opera instead of FF.
|
Member
|
10. October 2010 @ 07:27 |
Link to this message
|
Originally posted by GryphB:
LOL. Nice work id10t. Good thing I use linux and use Opera instead of FF.
Me too. I have this file at:
/usr/lib64/xulrunner-1.9.2/components/nsLoginManagerPrompter.js
And let's see who owns it:
-rw-r--r-- 1 root root
So only root can touch/read/overwrite this file! So unless you're stupid enough to type the password in when an app says it needs root and you don't know why, you can rest assured this file is not tampered and cannot be tampered with, just like everything in /usr, /etc, etc.
|
Member
|
10. October 2010 @ 08:28 |
Link to this message
|
|
hahahaha lol
|
|
Blessedon
Member
1 product review
|
10. October 2010 @ 08:42 |
Link to this message
|
Firefox should do away with the option to save passwords altogether.
|
Member
|
10. October 2010 @ 09:28 |
Link to this message
|
|
I see nothing wrong with saving passwords in the browser. It saves a lot of time and hassle imo. Besides the only way to get these trojans is by being stupid anyway. If your security measures (and good common sense) aren't enough to combat installing malware to your computer you deserve what you get. Also as far as other people using your passwords, saving passwords to the browser on a public machine is equally stupid.
|
|
biglo30
Senior Member
|
10. October 2010 @ 14:26 |
Link to this message
|
Originally posted by Blessedon:
Firefox should do away with the option to save passwords altogether.
You do know that all browsers get you the option to save passwords right?
|
|
lissenup2
Suspended permanently
|
10. October 2010 @ 18:35 |
Link to this message
|
Originally posted by Ryoohki:
I see nothing wrong with saving passwords in the browser. It saves a lot of time and hassle imo. Besides the only way to get these trojans is by being stupid anyway. If your security measures (and good common sense) aren't enough to combat installing malware to your computer you deserve what you get. Also as far as other people using your passwords, saving passwords to the browser on a public machine is equally stupid.
What??????????????????????????????????????????????
Did you just get a computer and start using it????????????????
Trojans can come from illicit websites and saving your PW is the DUMBEST F'ING THING ANYONE COULD DO. The laziness of not wanting to type your passwords is about as lazy as not wanting to wash your hands after dropping the kids off at the pool.
Your decision making privileges have been officially revoked.
|
Senior Member
|
10. October 2010 @ 20:41 |
Link to this message
|
Originally posted by lissenup2:
What??????????????????????????????????????????????
Did you just get a computer and start using it????????????????
Trojans can come from illicit websites and saving your PW is the DUMBEST F'ING THING ANYONE COULD DO. The laziness of not wanting to type your passwords is about as lazy as not wanting to wash your hands after dropping the kids off at the pool.
Your decision making privileges have been officially revoked.
I'm afraid you miss the point of a password manager. One of their key purposes is to encourage strong, unique passwords, which are impossible to handle without some sort of password manager (or a photographic memory). Firefox's password manager also has an optional master password that encrypts your passwords so they can't be accessed without the master password.
A keylogger can retrieve your password whether you use a password manager or not. (In fact, it's actually more likely to nail you if you don't use a password manager, since you won't be using keystrokes with a password manager.) If you get a trojan, you're basically screwed either way, so don't get one in the first place.
This message has been edited since posting. Last time this message was edited on 10. October 2010 @ 20:42
|
|
Blessedon
Member
1 product review
|
10. October 2010 @ 21:34 |
Link to this message
|
|
Wait a second; answer me this:
Doesn't Informenter circumvent this Trojan, thus solving the problem?
|
|
wazzat
Junior Member
|
10. October 2010 @ 22:07 |
Link to this message
|
|
Thanks for this article. It reminded me to check my computer again. And yes. I use the master password w/ FF. Although it can be stubborn to open sometimes. Would use Pclinux or Mint or something else but they get corrupted after updating and before I can learn enough to use them well.
|
Member
|
11. October 2010 @ 01:05 |
Link to this message
|
Quote:
I'm afraid you miss the point of a password manager. One of their key purposes is to encourage strong, unique passwords, which are impossible to handle without some sort of password manager (or a photographic memory). Firefox's password manager also has an optional master password that encrypts your passwords so they can't be accessed without the master password.
A keylogger can retrieve your password whether you use a password manager or not. (In fact, it's actually more likely to nail you if you don't use a password manager, since you won't be using keystrokes with a password manager.) If you get a trojan, you're basically screwed either way, so don't get one in the first place.
lissenup2's status:
[ ] Untold
[✓] TOLD
|
|
lissenup2
Suspended permanently
|
12. October 2010 @ 23:54 |
Link to this message
|
Originally posted by nonoitall:
Originally posted by lissenup2:
What??????????????????????????????????????????????
Did you just get a computer and start using it????????????????
Trojans can come from illicit websites and saving your PW is the DUMBEST F'ING THING ANYONE COULD DO. The laziness of not wanting to type your passwords is about as lazy as not wanting to wash your hands after dropping the kids off at the pool.
Your decision making privileges have been officially revoked.
I'm afraid you miss the point of a password manager. One of their key purposes is to encourage strong, unique passwords, which are impossible to handle without some sort of password manager (or a photographic memory). Firefox's password manager also has an optional master password that encrypts your passwords so they can't be accessed without the master password.
A keylogger can retrieve your password whether you use a password manager or not. (In fact, it's actually more likely to nail you if you don't use a password manager, since you won't be using keystrokes with a password manager.) If you get a trojan, you're basically screwed either way, so don't get one in the first place.
I must say this because I can't believe that this type of hand-holding is still necessary.
A password manager is different from FF "remembering passwords" and I encourage everyone to use a password manager as do I. Password safe is my choice and others use their own.
As for my statement..........it stands........having FF remember your passwords is F'ing GD incomprehensibly stupid and ignorant. Who gives a sh*t about "seeing" them......if your systm gets hacked or compromised then someone needs only log into your banking institution or service acount and voila, they got what they need.
I feel like you and ROMaster didn't pay any attention to the details or what I was saying and frankly, defending the use of "remembering passwords" is a sign of lack of common sense.
|
Senior Member
|
13. October 2010 @ 01:00 |
Link to this message
|
Originally posted by lissenup2:
A password manager is different from FF "remembering passwords" and I encourage everyone to use a password manager as do I. Password safe is my choice and others use their own.
As for my statement..........it stands........having FF remember your passwords is F'ing GD incomprehensibly stupid and ignorant. Who gives a sh*t about "seeing" them......if your systm gets hacked or compromised then someone needs only log into your banking institution or service acount and voila, they got what they need.
I feel like you and ROMaster didn't pay any attention to the details or what I was saying and frankly, defending the use of "remembering passwords" is a sign of lack of common sense.
You're not making a whole lot of sense. Firefox's built-in "remember password" functionality is a password manager. You encourage its usage in one sentence and then discourage it in the next.
|
Member
|
13. October 2010 @ 01:40 |
Link to this message
|
Quote:
I feel like you and ROMaster didn't pay any attention to the details or what I was saying and frankly, defending the use of "remembering passwords" is a sign of lack of common sense.
Or perhaps the ones without common sense are people who don't take measures to PREVENT their computer's information being compromised in the first place regardless of the manager. Hell I use the password manager myself so I don't have to type it in every bloody time, but I'm secured enough with all my other privacy settings nothing can steal it (at least without me knowing).
Try me, you can't hack me since the all the exploitable (i.e. useless) files were removed in the installation.
|
|
Advertisement
|
|
|
Senior Member
|
15. October 2010 @ 23:58 |
Link to this message
|
We take precautions anyway but we still do All our financial transactions on Puppy Linux now. If they're that desperate to read my eMails and post on forums using my name... pffft.
Its a lot easier being righteous than right.
DSE VZ300-
Zilog Z80 CPU, 32KB RAM (16K+16K cartridge), video processor 6847, 2KB video RAM, 16 colours (text mode), 5.25" FDD
|
