Stealing Your Personal Information
- Category: Security & Privacy
- Posted On: 8/4/2005
- Views: 3,324
First of all, turn off your automatic form-filler!
Updates:
- Q: I read your post, but what does it all mean?
A: Any information you or your browser provide on a website, including information provided by automatic form-filler programs, could potentially be submitted without your knowledge to the website's servers. So, let's say you fill out your e-mail address to sign-up for a newsletter and before clicking the "Subscribe", you decide not to. Using JavaScript (and "AJAX"), a website can monitor the form field to see when you have entered your e-mail address and then automatically submit it without you! This is not normal behavior, but you should be wary, especially when an automatic form-filler program fills out form fields on your behalf containing personal and often private information.
- Q: Dare wrote that this is a false alarm. Surely he knows best. Is it?
A: You visit my test page and then tell me if you voluntarily submitted the information in the textbox, or if it was automatically submitted behind-the-scenes without your approval...
- Q: Is this actually feasible and should we be as concerned as Eric suggets?
A: Absolutely! Once again, check out my test page and see how that translates to your personal and private information. Do you want people to automatically store your information without your knowledge? Sure, you (or your browser) wrote it down, but that doesn't mean you wanted to submit it!
- Q: How come I don't see any additional information on the subject?
A: You WILL! I am attempting to spread the word. Also, an individual on the Open Web Application Security Project and employee of Foundstone, Inc., a Strategic Security company, is already working on publishing a white paper on the issue soon.
I wouldn't be suprised if you've heard the term AJAX recently. If you haven't, many websites are beginning to employ the family of technologies that collectively are called "AJAX" and you should be concerned.
Have you ever visited a website, completed a form, and submitted it only to have that information be redirected to another website? Browsers have warnings for this kind of activity. The newest browsers also have warnings for privacy-related concerns, alerting people to the fact that the website may use information inappropriately. Spybot, Ad-Aware, and other programs that seek out and destroy "spyware" often come with warnings of their own integrated within your internet browser, even blocking threatening activities.
But, wh
- Category: Security & Privacy
- Posted On: 8/4/2005
- Views: 3,324
Comments