Business IT - Technology for your business

No. 1 Story

Cloud alliance sides with Optus on copyright

OzHub, the Macquarie Telecom-led cloud computing alliance, has come down firmly on the side of Optus over the copyright controversy surrounding Optus TV Now, warning that any moves to change the law "risk branding Australia a global luddite state."

 read more
StumbleUponSubmit to redditShare this on TwitterShare on facebook | Print |PDF 

More From

Safari data disclosure vulnerability disclosed

Stephen Withers
Friday, 23 July 2010 10:18

Business IT - Security

Page 1 of 2

A security researcher has disclosed a vulnerability in Apple's Safari browser that can be used to steal personal information.


Microsoft Office 365 Get your free Trial

Related Articles

As far back as I can recall, I've been in the habit of making sure that the AutoFill feature in Safari is disabled before I use the browser for the first time on a particular computer. I always felt there was a risk that it could be exploited to grab information without my consent or knowledge.

It turns out my suspicions were correct.

Jeremiah Grossman, chief security officer of WhiteHat Security, has released a proof of concept showing how AutoFill can be used to grab the name, work place, city, state, and email address of a visitor to a web page. No user action is required beyond navigating to the malicious page.

The exploit assumes that the 'Me' card in the user's Address Book is populated with real data, but that is common practice.

Grossmann notes that his exploit does not work with fields that start with a digit, so phone numbers and street addresses cannot be obtained this way.

In the blog entry that disclosed the vulnerability, Grossmann notes that he reported the issue to Apple a little over a month ago, but despite a follow-up email had received no response other than an automated reply to his original notification.

See page 2 to find out how to protect yourself against the vulnerability.



Start 1 2 Next 

Sponsored Announcements

Eaton’s Innovative Rack Power Distribution Solutions Offer High-Accuracy Power Monitoring and Management at the Individual Outlet Level

David Bass | Diversified industrial manufacturer Eaton Corporation has today launched a new set of enclosure power distribution units, ePDUs, that prov…

You may have missed


Advertisement

- sponsored feature -

The Death of Traditional BI: What’s Next?

How to Make Business Discovery Work for Your Business IP PABX BUYING GUIDE

Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more

Our Services for Technology Professionals

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases