Choose style:

Author Topic: Browser autofill used to steal personal details in new phishing attack  (Read 1092 times)

0 Members and 1 Guest are viewing this topic.

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 3933
  • Karma: 335
  • Soy un huevo, nada más.
    • View Profile
  • Peppermint version(s): Peppermint 10
Browser autofill used to steal personal details in new phishing attack:  Chrome, Safari, Opera and extensions such as LastPass can be tricked into leaking private information using hidden text boxes, developer finds

By Samuel Gibbs for theguardian

https://www.theguardian.com/technology/2017/jan/10/browser-autofill-used-to-steal-personal-details-in-new-phising-attack-chrome-safari

This is when I REALLY wished that LastPass was open source.  I wonder how long it will take for this bug to get patched.  Firefox users, fortunately for you, you're ducking and dodging this problem for now, thank goodness.  ;)  See below:

Quote
Mozilla’s Firefox is immune to the problem, as it does not yet have a multi-box autofill system and cannot be tricked into filling text boxes by programatic means, according to Mozilla principle security engineer Daniel Veditz. A more complete autofill system is currently in development for Firefox, however. --Samuel Gibbs
We're all Peppermint users and that's what matters  ;).  -- AndyInMokum

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26466
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: Browser autofill used to steal personal details in new phishing attack
« Reply #1 on: January 11, 2017, 03:41:34 pm »
Thanks perknh .. people need to be aware of this.
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 3933
  • Karma: 335
  • Soy un huevo, nada más.
    • View Profile
  • Peppermint version(s): Peppermint 10
Re: Browser autofill used to steal personal details in new phishing attack
« Reply #2 on: January 11, 2017, 06:07:02 pm »
You're welcome.  ;)

I reported the issue to LastPass ... | and I received this response, along with the comment "WE ARE INVESTIGATING THIS REQUEST."

https://lastpass.com/support.php?cmd=showfaq&id=11012
We're all Peppermint users and that's what matters  ;).  -- AndyInMokum

Offline VinDSL

  • Administrator
  • Hero
  • *****
  • Posts: 5595
  • Karma: 1012
  • Peppermint Mod
    • View Profile
  • Peppermint version(s): Developmental Builds
Re: Browser autofill used to steal personal details in new phishing attack
« Reply #3 on: January 11, 2017, 06:35:07 pm »
Ctrl-Shift-Delete (with all boxes checked) is your friend !   ;)

Offline farms

  • Jr. Member
  • **
  • Posts: 70
  • Karma: 8
  • New Forum User
    • View Profile
  • Peppermint version(s): Peppermint 8 64 Bit
Re: Browser autofill used to steal personal details in new phishing attack
« Reply #4 on: January 12, 2017, 10:06:52 am »
I have to check in morning and i think i have been a victim .

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 3933
  • Karma: 335
  • Soy un huevo, nada más.
    • View Profile
  • Peppermint version(s): Peppermint 10
Re: Browser autofill used to steal personal details in new phishing attack
« Reply #5 on: January 12, 2017, 11:11:20 am »
I have to check in morning and i think i have been a victim .

Hello farms,

First, turn off all autofill capabilities in whatever Chromium-based browser you're using.   What clues do you have that you have been hacked?  Was it within Opera-beta?  Do you know how to become an advanced user (a Power user) in Opera in order to go deeper into the browser's settings? (I can help you with that.)

And here's the latest report I have received from LastPass.  LastPass' status is still termed as "Investigating."

https://lastpass.com/support.php?cmd=showfaq&id=11012

perknh
« Last Edit: January 13, 2017, 08:41:04 pm by perknh »
We're all Peppermint users and that's what matters  ;).  -- AndyInMokum