On 22/03/2012 20:15, Yvan Boily wrote: > Firefox already maintains a database of auto-complete fields, and over > time a user will have a set of data that could potentially be used to > warn the user when they are sending 'sensitive' fields over insecure > channels.
By bizarre coincidence, I was talking about exactly this with jorendorff, shorlander and Tanvi on Wednesday. This is an interesting idea that's been done before (see Trusteer's Rapport and PrevX's SafeOnline products). The approach these products take involve tying 'sensitive' data to allowed domains and warning the user if attempts are made to enter these fields away from these domains, or in contexts with other security issues (SSL problems, mixed content, etc). I only looked in detail at one of these products; the issues Adam describes with the attacker capturing much of a field before the user is warned was present (although, as others have said, some protection is better than nothing) but there were more serious issues that arose from the need to check these 'sensitive' fields quickly. For example, one of the protected field types was site passwords; because all possible values for all protected fields had to be checked for each user input (and the performance characteristics required), the designers inadvertently made offline attacks against their users extremely trivial... I expect something useful could be done without repeating the mistakes made in the product I reviewed, but we'd need to think carefully. -mgoodwin _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
