http://akibjorklund.com/2009/supergenpass-is-not-that-secure web generalist Tue, 21 Jun 2011 07:03:10 +0000 hourly 1 http://wordpress.org/?v=3.3.2 http://akibjorklund.com/2009/supergenpass-is-not-that-secure#comment-20943 lankycoder » Blog Archive » A Fruitless Search for a Password Bookmarklet Wed, 15 Jun 2011 07:41:07 +0000 http://akibjorklund.com/?p=1497#comment-20943 [...] alas, SuperGenPass (and any other simple bookmarklet) is not secure in the face of a malicious website that contains JavaScript designed to sniff entry of the master [...] [...] alas, SuperGenPass (and any other simple bookmarklet) is not secure in the face of a malicious website that contains JavaScript designed to sniff entry of the master [...]

]]> http://akibjorklund.com/2009/supergenpass-is-not-that-secure#comment-20650 Chris Mon, 31 Jan 2011 20:25:20 +0000 http://akibjorklund.com/?p=1497#comment-20650 Just a note to say that the use of a JavaScript filter like <a href="http://noscript.net/" rel="nofollow">NoScript</a> will prevent this kind of attack on untrusted websites. SuperGenPass, as a bookmarklet, is implicitly trusted while the malicious code is blocked. However, this protection is limited since tyour determination of which sites are "trusted" might be flawed. Just a note to say that the use of a JavaScript filter like NoScript will prevent this kind of attack on untrusted websites. SuperGenPass, as a bookmarklet, is implicitly trusted while the malicious code is blocked. However, this protection is limited since tyour determination of which sites are “trusted” might be flawed.

]]> http://akibjorklund.com/2009/supergenpass-is-not-that-secure#comment-20315 Karolis Pocius » Slaptažodžių valdymas: SuperGenPass vs LastPass Tue, 11 Jan 2011 15:31:40 +0000 http://akibjorklund.com/?p=1497#comment-20315 [...] anksčiau skaitytą straipsnį apie galimą SGP saugumo spragą, tačiau ta saugumo spraga manęs neįtikino, juolab, kad jos galima nesunkiai išvengti naudojant [...] [...] anksčiau skaitytą straipsnį apie galimą SGP saugumo spragą, tačiau ta saugumo spraga manęs neįtikino, juolab, kad jos galima nesunkiai išvengti naudojant [...]

]]> http://akibjorklund.com/2009/supergenpass-is-not-that-secure#comment-19990 Using a shell version of supergenpass from vimperator/pentadactyl « ChMD Mon, 20 Dec 2010 17:37:55 +0000 http://akibjorklund.com/?p=1497#comment-19990 [...] supergenpass is not that secure. Any script executed in the page you are executing supergenpass into is able to see your master [...] [...] supergenpass is not that secure. Any script executed in the page you are executing supergenpass into is able to see your master [...]

]]> http://akibjorklund.com/2009/supergenpass-is-not-that-secure#comment-18591 geeknik Tue, 21 Sep 2010 04:15:21 +0000 http://akibjorklund.com/?p=1497#comment-18591 Your demo doesn't work with the latest version of SuperGenPass and Firefox 4.0b7pre. Your demo doesn’t work with the latest version of SuperGenPass and Firefox 4.0b7pre.

]]> http://akibjorklund.com/2009/supergenpass-is-not-that-secure#comment-18477 Tim Anderson Tue, 14 Sep 2010 06:07:11 +0000 http://akibjorklund.com/?p=1497#comment-18477 steve lewis: in order to open the page in an iframe, some DOM manipulation procedures need to be called. These procedures can be overwritten to steal your password by changing the 'local' page to one on a remote server. Even if it did work, the portion of the iframe isolated from the evil stuff on the page would be isolated from SGP. steve lewis: in order to open the page in an iframe, some DOM manipulation procedures need to be called. These procedures can be overwritten to steal your password by changing the ‘local’ page to one on a remote server. Even if it did work, the portion of the iframe isolated from the evil stuff on the page would be isolated from SGP.

]]> http://akibjorklund.com/2009/supergenpass-is-not-that-secure#comment-18462 steve lewis Mon, 13 Sep 2010 17:08:41 +0000 http://akibjorklund.com/?p=1497#comment-18462 If SGP was changed to open a HTML file in an Iframe saved on the computer containing the application, that portion of the DOM might be isolated from the suspect page. The bookmarklet could possibly pass the domain as a parameter to the HTML file. Would this work as sort of a "secure" version of SGP? If SGP was changed to open a HTML file in an Iframe saved on the computer containing the application, that portion of the DOM might be isolated from the suspect page. The bookmarklet could possibly pass the domain as a parameter to the HTML file. Would this work as sort of a “secure” version of SGP?

]]> http://akibjorklund.com/2009/supergenpass-is-not-that-secure#comment-18403 Aki Björklund Thu, 09 Sep 2010 04:39:43 +0000 http://akibjorklund.com/?p=1497#comment-18403 Yes, it will. Yes, it will.

]]> http://akibjorklund.com/2009/supergenpass-is-not-that-secure#comment-18402 c Wed, 08 Sep 2010 22:44:23 +0000 http://akibjorklund.com/?p=1497#comment-18402 If I use the applet in a blank tab and then paste in the password, will it be secure? If I use the applet in a blank tab and then paste in the password, will it be secure?

]]> http://akibjorklund.com/2009/supergenpass-is-not-that-secure#comment-17236 Tim Anderson Wed, 14 Apr 2010 10:16:18 +0000 http://akibjorklund.com/?p=1497#comment-17236 @Andres Riofrio That doesn't work in firefox 3.5.6 @Andres Riofrio That doesn’t work in firefox 3.5.6

]]>