Firefox default "saved passwords list"
Firefox default "saved passwords list"
You know that shiny "remember password" function in Firefox?
Don't use it if you know what's good for you.
The older version of it is just a txt file with the username and password encoded in base64.
And then the newer version (>=3.0, don't know about 4.0) just stores it encrypted in an sqlite database in the profile folder, without a password for default use (and we all know that 99.9% of regular users keep default settings), meaning that you can just steal the database and open it (or just put it in your own profile folder for firefox), and steal the usernames and passwords of a user, if you have access to the machine that is.
Some people think that a "keyring" is a good defense against keyloggers, which in a sense is true, but then you have to make sure that no one can get into the damn keyring.
Don't use it if you know what's good for you.
The older version of it is just a txt file with the username and password encoded in base64.
And then the newer version (>=3.0, don't know about 4.0) just stores it encrypted in an sqlite database in the profile folder, without a password for default use (and we all know that 99.9% of regular users keep default settings), meaning that you can just steal the database and open it (or just put it in your own profile folder for firefox), and steal the usernames and passwords of a user, if you have access to the machine that is.
Some people think that a "keyring" is a good defense against keyloggers, which in a sense is true, but then you have to make sure that no one can get into the damn keyring.
"The best place to hide a tree, is in a forest"
Re: Firefox default "saved passwords list"
I use 'remember password' for a few sites, but I also use a master password... Am I in danger, too?
Re: Firefox default "saved passwords list"
ph0bYx wrote:I use 'remember password' for a few sites, but I also use a master password... Am I in danger, too?
Well, at least you are not in immediate danger I would think, but I haven't yet tried to crack a master password, but I guess it all depends on the strength of your password really.
"The best place to hide a tree, is in a forest"
-
- On the way to fame!
- Posts: 32
- Joined: 18 Jan 2011, 18:31
- 13
Re: Firefox default "saved passwords list"
Wow, thanks for the info!! That thing saves my life lol, I'm not too good remembering my passwords lol Is it a big enough problem, that you'd recommend not to use it?
Re: Firefox default "saved passwords list"
TheScottyTurner wrote:Wow, thanks for the info!! That thing saves my life lol, I'm not too good remembering my passwords lol Is it a big enough problem, that you'd recommend not to use it?
I can't really say that I have encountered any malware that has used it.
I think it's more dangerous if it's an aimed threat against a specific target (person/organization).
I know this out of own experience, since I wrote a backdoor a few days ago that exploits this to find passwords on a specific victims machine.
But yeah of course, if used "properly" it could become an even bigger threat to a bigger base of users.
"The best place to hide a tree, is in a forest"
Re: Firefox default "saved passwords list"
Are there other ways to protect your browser other than to disable saved passwords on firefox? Would an intrusion detection program detect this ,but mmm... depends on the attack meathod.Thanks for the info.cats wrote:I think it's more dangerous if it's an aimed threat against a specific target (person/organization).
I can use all the shells,so now I can finally hear the ocean
Re: Firefox default "saved passwords list"
A good alternative for this (which would work with more than just firefox) is a password manager such as keespass (keepassx for linux) which stores ALL of your passwords in an encrypted file. You use one master password to access all of them and it's easy to put on a flash drive and take wherever you are.
- Pong18
- Cyber Mushroom
- Posts: 357
- Joined: 20 May 2009, 16:00
- 14
- Location: Manila, Philippines
- Contact:
Re: Firefox default "saved passwords list"
thanks trick for including something for nux. how about Seahorse 2.32.0? what do you think about it?trickb0x wrote:A good alternative for this (which would work with more than just firefox) is a password manager such as keespass (keepassx for linux) which stores ALL of your passwords in an encrypted file. You use one master password to access all of them and it's easy to put on a flash drive and take wherever you are.
Re: Firefox default "saved passwords list"
You can also use firefox in conjunction with a fingerprint scanner to enter passwords.
~[Lykos]~
~[Lykos]~
Re: Firefox default "saved passwords list"
That is actually a pretty interesting topic for debatelykos wrote:You can also use firefox in conjunction with a fingerprint scanner to enter passwords.
~[Lykos]~
Code: Select all
http://appliedlife.blogspot.com/2007/04/why-biometrics-can-be-bad-identifiers.html
"The best place to hide a tree, is in a forest"
Re: Firefox default "saved passwords list"
It works extremely well. And its fairly easy to set up. Although it is a single point of failure if someone defeats the fingerprint scanning aspect.
~[Lykos]~
~[Lykos]~
Re: Firefox default "saved passwords list"
Agreed.lykos wrote:It works extremely well. And its fairly easy to set up. Although it is a single point of failure if someone defeats the fingerprint scanning aspect.
~[Lykos]~
It can be dangerous though, since you are more likely to get physical injuries that way ^^ (i.e. someone chops your fingers off or pokes your eyes out).
So far having the password safely stored in the brain is pretty safe, since we haven't succeeded in really extracting much information from there yet ^^
"The best place to hide a tree, is in a forest"
Re: Firefox default "saved passwords list"
Hopefully my finger doesn't get cut off and my eyes don't get poked out ^^
~[Lykos]~
~[Lykos]~
- hpprinter100
- Fame ! Where are the chicks?!
- Posts: 214
- Joined: 19 Oct 2007, 16:00
- 16
- Contact:
Re: Firefox default "saved passwords list"
http://www.slashgear.com/sony-mofiria-f ... d-0232716/" onclick="window.open(this.href);return false;
Hard to fool
Hard to fool
- z3r0aCc3Ss
- Fame ! Where are the chicks?!
- Posts: 700
- Joined: 23 Jun 2009, 16:00
- 14
- Contact:
Re: Firefox default "saved passwords list"
You can use KeyScrambler program. 99% protection against keylogging.
Beta tester for major RATs, all kinds of stealers and keyloggers.
Learning NMAP
Learning NMAP