|
|
|
|
|
|
by peterwwillis
4695 days ago
|
|
|
Right-click page Click 'View page info' Click 'Security' Click 'View Cookies' I just bypassed your Firefox/Safari/etc master password and owned your session. OH NOES, SECURITY FLAW!!!! (I also downloaded a rootkit and installed it in your user's home directory, but you probably don't find that as much of a flaw as me getting your cookies. Right?) I will say that encrypting the passwords on-disk is a nice thing if you care about cold-rebooted disk attacks and don't implement disk encryption yourself. But the game is mostly over if they have access to your machine. If the machine is still on, a DMA or cold boot attack is probably going to net them the passwords even on a master-password-locked browser, because the browser still needs to access the passwords for forms without prompting you every time. |
|
|