Information Security Asked by sfrj on January 13, 2021
Today I was on Steam and someone sent me a link and asked me to vote for him in some online gaming league. I clicked on it and the browser told me that this could be an unsafe link so I didn’t proceed further. Then I opened in another browser to see if it was a legit site.
I see that this was a domain registered today and on it there are some game related content but it looks very suspicious. What I am curios about is if I am at risk? Can they steal browser content such as bookmarks or saved passwords and cookies by just navigating to a website?
In short, password managers (including the ones built into browsers) are designed to prevent this from happening, so it shouldn't happen. If it does, then something else has gone wrong.
To expand on this, though, password managers have to find a balance between ease of use and security, and certain design choice can affect this balance.
One of the main and most important jobs of a password manager is only to pre-fill or automatically log in when it can be sure it is the same website as you were on when you saved that password. Because, if it does it on a different website, it may just inadvertently leak your password to some other site, and therefore to someone else that should not be given your password.
So to address your question, if this fake site is completely unrelated to any genuine site you have a saved password for, including a different domain name, there is no way it can get any of your saved passwords.
The difficulty is, the boundary for what defines a website can vary. In some cases, a website can have multiple domain names. Some password managers can know about this and let your login work across a network of domain names regardless of which one you initially saved it on. This is convenient, except if the password manager accidentally gets one wrong, and that one falls into the wrong hands. In other cases, websites with the same domain may be owned and controlled by totally different people, which is the case with shared web hosting where clients don't get their own domain name - sometimes they may have a subdomain with a shared domain, and sometimes even a subdirectory under the same host. Password managers can try and be smart about this by maintaining a record of domains which can be used for separate sites on different subdomains or directories. Or, they can take an overall more conservative approach and only match a site if it has the exact same hostname (including subdomain) and path to the login screen. Or, take an approach somewhere in between where if there is any discrepancy the user is prompted to confirm whether it's the same site.
Then there is the issue of site security itself. A password manager cannot know if a site's been hacked and taken over by hostile parties. It can know if a site uses https making some kinds of attacks (man-in-the-middle) more difficult though.
What all this boils down to is that there is some amount of art to the algorithm that a password manager uses to determine if the site you're visiting is authorised to be given a password you've saved before. You can help protect yourself to some degree:
Answered by thomasrutter on January 13, 2021
I don't think it is a question of can it steal your passwords already there as others stated, it is more a question of can it install malware that get your passwords next time you type them in. Before clicking links you should scan them first on securi scan or something similar. I would advise that you format the computer before doing anything that could reveal sensitive information.
However regarding passwords already there, it would be a 0 day exploit by the sounds of it so they would gain more by turning it in for a bug bounty and it would be a little bit of a waste to use it on most people.
Answered by Coderxyz on January 13, 2021
I clicked on it and the browser told me that this could be an unsafe link so I didn't proceed further. Then I opened in another browser to see if it was a legit site.
That likely hasn't to do with your password, but perhaps more about personal data harvesting or fishy/deceptive content.
The reason why the browser says the link is unsafe is that it was reported on a blacklist of malware sites. Reason for reporting is unknown here.
There is a huge list of bad things that could happen
Unlikely to steal your passwords from browser anyway. But the worst you could do yourself is to subscribe to a new service reusing an existing password. It doesn't get stolen, you are providing it.
Answered by usr-local-ΕΨΗΕΛΩΝ on January 13, 2021
If your browser auto-fills passwords, then it is possible that add-ons/extensions/plugins can harvest your credentials even when you're not using it to log in.
Additionally, some password managers may have keyed passwords on the URL in the <form action="…">
of a site rather than the URL hosting that page, allowing an attacker to harvest credentials with a login form to the target site, perhaps rendered out of view. I'm not sure if this is still much of a risk.
See also Should web sites disable form autocomplete on all forms?
Answered by Adam Katz on January 13, 2021
If it was that easy, we wouldn't be using browsers. However, if your browser has a vulnerability, then things like this may happen.
Keep browsers up-to-date and run script blockers, like no-script, to prevent this type of attack.
Answered by schroeder on January 13, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP