---- Safari Vulnerability: Auto-complete Content can be Hacked!
tedster - 3:29 pm on Jul 23, 2010 (gmt 0)
No, sorry to say, that's not enough because the visitor doesn't actually see this hack happening on the screen. You've got to turn off the auto-complete function completely. Or better still, don't have any real data available for the browser to use.
In a talk scheduled for next week's Black Hat security conference in Las Vegas, Jeremiah Grossman, CTO of White Hat Security, plans to detail critical weaknesses that are enabled by default in the browsers, which are the four biggest by market share. The vulnerabilities have yet to be purged by the respective browser makers despite months, and in some cases, years of notice.