Using Safari? I know who you are and where you live…

Jeremiah Grossman recently posted an article explaining how the Safari browser (versions 4 & 5) auto-populates a user’s first name, last name, work place, city, state, and email address by default. All an attacker would have to do to get this information from unsuspecting Safari users is to create simple web form (probably hidden from the user via CSS) and use JavaScript to simulate keystrokes. Once the fields are populated it is easy for an attacker to retrieve it. Someone has even taken the liberty of writing the proof-of-concept code to demonstrate that this actually works.

Luckily, protecting yourself from this potential attack is relatively simple. You only need to uncheck one button under Preferences:


I am surprised no one discovered this sooner, then again, cyber attackers are probably already aware of it….

Related Posts:

Post a comment

You may use the following HTML:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>