The Omni Group
These forums are now read-only. Please visit our new forums to participate in discussion. A new account will be required to post in the new forums. For more info on the switch, see this post. Thank you!

Go Back   The Omni Group Forums > OmniWeb > OmniWeb General
FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
Is Password Saving in Omniweb save? Thread Tools Search this Thread Display Modes
Hi there!

I just stumbled accross some news about password and user data saving in Firefox. It seems that Firefox doesn't question to which location it's sending its saved user data if saved in the Firefox password manager.

Does anyone know if that problem applies to Omniweb, too?

Thanks.
Vincent
 
As I understand it, OmniWeb uses the Apple keychain, Firefox doesn't
 
That doesn't matter. OmniWeb still inputs usernames and passwords automatically, it just happens to take them from the Keychain whereas Firefox uses its own password manager. The exploit doesn't care where the username and password is pulled from, it only cares that they are inputted.

However, from the test site that they posted OmniWeb wasn't vulnerable to the exploit using my preferences. However, that isn't to say that it is invulnerable - it could be due to the way I have things set up relative to a default install. I'd wait to see what OmniGroup has to say.
 
:mad: Hi there.

In the meantime Heise Online set up a webpage to test the possibility for password fishing. My Omniweb fell for it and I don't quite know how to configure it right other than don't using saved passwords.

Here's the page. Let's hope there will be an update soon. I understand, that Safari has no more security problems if you're installing and usig the lates Saft update.
 
Quote:
Originally Posted by JKT
snip...snip...

However, from the test site that they posted OmniWeb wasn't vulnerable to the exploit using my preferences. However, that isn't to say that it is invulnerable - it could be due to the way I have things set up relative to a default install. I'd wait to see what OmniGroup has to say.

I just tested OW and it failed the test.

I played with OW preferences a bit and have not found anything in OW preferences that seems to make a difference.

It would be useful if you could identify what it is about your set-up that protects you.

Peter
 
Where is the test page or pages you guys are talking about?
 
Here's the german test page, the only I know. Maybe there's an englisch page too, but I don't know it.

For me OW fails the test, so I've turned off any saving of user names and passwords. Although for FF and Seamonkey. All of them are failing the test.
The latest Apple security update doesn't change anything.

So I prefer to stop all storing of my user data until there will be a fix of the problem.
 
In the meantime, I would recommend using 1passwd

It's not free except for a limited version, but it's a very nice app and prevents that test page from displaying your data (I'm not affiliated in any way)
 
I guess I don't see what the problem is. According to the Heise test:
Due to a lack of checking, a second, evil page on the same server could steal those saved passwords.

A lack of checking? When one chooses to save the password for that site, that's just what they're doing. By pressing the button one is saying "I want all pages on this site to have access to this l/p." If one is concerned that they may have an "evil page" on their site, they should click "Never for this website."

So I'm guessing they think that in case one page on the site is compromised, that could be an issue. Still, all the malicious user would have to do is have the data in the form submitted go to another site. Even if your browser didn't save passwords at all, this would still be an issue.
 
Quote:
Originally Posted by pheski
It would be useful if you could identify what it is about your set-up that protects you.
Hi, just tested it again and my set-up fails the test now. I mustn't have done the "correct" thing the first time around, or they tweaked the code of the page.
 
 


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Similar Threads
Thread Thread Starter Forum Replies Last Post
Password save for Safari does not work makesense Forums Feedback 0 2010-11-27 03:44 AM
Save password after login, not before mockman OmniWeb Feature Requests 3 2010-04-15 09:06 PM
Save this password? Never is a no-op Ward OmniWeb Bug Reports 3 2008-07-28 02:10 PM
Saving username and password sepandee OmniWeb General 1 2007-10-08 09:52 AM
How do you change setting to save password for website? jashugan OmniWeb General 2 2006-05-17 11:38 AM


All times are GMT -8. The time now is 09:45 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.