RE: Firefox Bypass Master password Vulnerability

[Lauren Twele <ltwele () symplified com>]

Even though the password function in Firefox is useful and convenient, it
is important to remember that this tool does not provide audit logs,
access control, reporting or provisioning. The Firefox password tool would
not meet compliance or security standards in many organizations. That is
why an identity and access management solution is needed, which often
comes with single sign on as well.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of hack2prison () yahoo com
Sent: Monday, July 26, 2010 5:59 AM
To: security-basics () securityfocus com
Subject: Firefox Bypass Master password Vulnerability

Firefox has a useful function: manage login information which allows users
remember their username and password.
When users browse the site which they saved login infomation it will auto
fill
login form.
Users can view the username and password saved by click Tools --> Options
-->
Security --> Saved Password.
That is not safe but Firefox has option to protect this infomation that is
"Use
a Master password" (Image 1):
http://www.shareapic.net/View-21364528-Use-Google-Chrome-to-hack-Firefox.h
tml

Once run Firefox and browse pages which saved login information, Firefox
will
ask Master Password. If type right Master password , Login information
will be
used (Image 2):
http://www.shareapic.net/View-21364535-Use-Google-Chrome-to-hack-Firefox.h
tml

More people believe this Master password but I detected that other person
can
use Google Chrome to "HACK" Firefox.

Install Google Chrome and browse a website (saved login information) and
you
will be surprised because login information are auto filled (Image 3):
http://www.shareapic.net/View-21364541-Use-Google-Chrome-to-hack-Firefox.h
tml

Discovered by Hack2Prison
Source: http://admindiscuss.com/forum/showthread.php?tid=35

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate.  We look at how SSL works, how it benefits your company and
how your customers can tell if a site is secure. You will find out how to
test, purchase, install and use a thawte Digital Certificate on your
Apache web server. Throughout, best practices for set-up are highlighted
to help you ensure efficient ongoing management of your encryption keys
and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f7
27d1
------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------