Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sun 18 Aug 2019, 08:49
All times are UTC - 4
 Forum index » Off-Topic Area » Security
How passwords get stolen from browsers
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [3 Posts]  
Author Message
labbe5

Joined: 13 Nov 2013
Posts: 1885
Location: Canada

PostPosted: Tue 23 Jul 2019, 17:23    Post subject:  How passwords get stolen from browsers
Subject description: by Kaspersky
 

https://securelist.com/how-to-steal-a-million-of-your-data/91855/
Any user data — from passwords for entertainment services to electronic copies of documents — is highly prized by intruders. The reason is simply that almost any information can be monetized. For instance, stolen data can be used to transfer funds to cybercriminal accounts, order goods or services, and, if the desire or opportunity is lacking to do it oneself, it can always be sold on to other cybercrooks.

This thirst for stolen data is confirmed by the statistics: in the first half of 2019, more than 940,000 users were attacked by malware designed to harvest a variety of data on the computers. For comparison, in the same period of 2018, slightly less than 600,000 users of Kaspersky products were attacked. The threat’s called “Stealer Trojans” or Password Stealing Ware (PSW), a type of malware designed to steal passwords, files, and other data from victim computers.


Users often entrust all critical data to the browser. After all, it’s convenient when passwords and bank card details are autofilled in the required fields. But we recommend against entrusting such vital information to browsers, since the methods of protection they use are no obstacle to malware.

The popularity of malicious programs hungry for browser data is showing no sign of slowing. Today’s crop of Stealer Trojans are actively supported, updated, and supplemented with new features (for example, the ability to steal 2FA data from apps that generate one-time access codes).

We recommend using special software for storing online account passwords and bank card details, or security solutions with appropriate technologies. Do not download or run suspicious files, do not follow links in suspicious emails, and generally observe all security precautions.


Information such as the one provided by Kaspersky is a double-edge sword. On the one hand, you learn how to prevent stealing of data; on the other hand, you also learn how to do it.

But you have to know your enemy (hackers/scammers/fraudsters). And take defensive measures.

Live CD/DVD, VPNs, Firewall, containers such as Firejail (EasyOS), email clients such as Tutanota, Protonmail, staying away from big techs such as Google, Facebook, because they are the prime targets of hackers, using encryption tools as often as possible, staying away from Windows because it is the prime target of hackers, scammers and fraudsters, and staying well-informed about security and privacy.
Then, enjoy flying under the radar.

Further reading :
Password stealing malware on the rise as 60 percent more users are targeted
https://betanews.com/2019/07/23/password-stealing-malware-up/

Last edited by labbe5 on Tue 23 Jul 2019, 17:42; edited 2 times in total
Back to top
View user's profile Send private message 
8Geee


Joined: 12 May 2008
Posts: 2008
Location: N.E. USA

PostPosted: Tue 23 Jul 2019, 17:36    Post subject:  

Rule #1: DO NOT store passwords in any browser.

Rule #2: DO NOT use a master password stored in a browser.

Rule #3: The browser is the weak-link in security.

These rules apply to ANY browser. Pencil and paper are your friends.

Regards
8Geee

_________________
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."
Back to top
View user's profile Send private message 
8Geee


Joined: 12 May 2008
Posts: 2008
Location: N.E. USA

PostPosted: Thu 15 Aug 2019, 10:22    Post subject: Firefox passwd bug  

Mozilla has released Browser version 68.0.2 and esr version 68.2. Recent Firefox versions should consider the update.

It appears that the Master password is not needed to access/copy individual pswds.

The security update bug listing is here.

Regards
8Geee

_________________
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [3 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0505s ][ Queries: 11 (0.0257s) ][ GZIP on ]