Slashdot Mirror

← Back to Stories (view on slashdot.org)

Safari Privacy Bug May Be Leaking Your Data

Posted by timothy on from the problem-with-software-is-that-it-sucks dept.

richi writes "If you use Safari, your browser may be leaking your private information to any website you visit. Jeremiah Grossman, the CTO of WhiteHat Security, has discovered some Very Bad News. I have some analysis and other reactions over at my Computerworld blog. The potential for spam and phishing is huge. A determined attacker might even be able to steal previously-entered customer data." In short, autofill for Web forms is enabled by default in Safari 4 / 5 (and remotely exploitable), and the data that this feature has access to includes the user's local address book — even if the information has never been entered into a Web form.

4 of 152 comments (clear)

  1. Re:Apple has fumbled the ball by pandrijeczko · · Score: 0, Flamebait

    Apologies but could you repeat your message as I missed it the first time?

    I was out with friends spending lots of money on a social life & beer since I don't spend it on overpriced designer hardware that makes me feel part of an elitist little club with permission to sneer derisively at anyone outside that club.

    --
    Gentoo Linux - another day, another USE flag.
  2. Re:So..'many eyes make bugs shallow'? by DaveV1.0 · · Score: 0, Flamebait

    No, a web browser doesn't need to do most of what you have listed. In fact, it probably shouldn't be doing most of what you listed.

    Web browsers need to display text, and maybe pictures. None of the rest of that stuff is needed. JavaScript, Flash, playing video and audio, plug-ins, spellchecker, etc. just aren't necessary and just leads to people use the browser to do things is just isn't suited to do. Even Java is iffy when it is used to run applications in the browser.

    People treat the browser as their best, if not only, tool and use it even when it is not appropriate, much like using a hammer to drive screws.

    --
    There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
  3. Re:"If you use Safari, by L4t3r4lu5 · · Score: 0, Flamebait

    Anyone who uses Safari certainly should be "taken care of."

    --
    Finally had enough. Come see us over at https://soylentnews.org/
  4. Re:So..'many eyes make bugs shallow'? by DaveV1.0 · · Score: 0, Flamebait

    Really? How many browsers use webkit? Thought so.

    Form follows function? Really? A web browsers function was originally reading hyper-linked text. But people decided that it would be neat if one could see pictures. Then, hear sound. Then games, movies, etc.

    Now, dumbass programmers try to use the browser as the interface to everything, regardless of whether it is appropriate. The other day on slashdot, there was someone asking about the best way to print from a browser because he was writing an inventory management system for a company that used a web browser as the interface rather than write an appropriate interface.

    I have no doubt you are of the same mind set. You have a hammer and treat everything like it is a nail.

    --
    There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.