|
| |
|
Wednesday, November 22, 2006 |
OriginalArlen writes, "In a story so surreal I had to check the primary source, the Register reports that the (London, UK) Metropolitan Police are trying out the use of eight tiny cams, mounted in the police helmet,
to provide 360-degree evidence gathering in the event that an officer
witnesses a crime. The press release also gives more evidence of the
stealth spread of ubiquitous ANPR systems across the country as a spin-off 'benefit' to the London car congestion-charging scheme, which is likely to be rolled out across the country in the next few years. Are we already living in a Panopticon Society?" --- According to this report from the information commissioner for Great Britain, yep. |
PermaLink
zbuffered writes, "Today, Mozilla made public bug #360493, which exposes Firefox's Password Manager on many public sites.
The flaw derives from Firefox's willingness to supply the username and
password stored on one page on a domain to another page on a domain.
For example, username/password input tags on a Myspace user's site will
be unhelpfully propagated with the visitor's Myspace.com credentials.
It was first discovered in the wild by Netcraft on Oct. 27. As this proof-of-concept
illustrates, because the username/password fields need not be visible
on the page, your password can be stolen in an almost completely
transparent fashion. Stopgap solutions include avoiding using Password
Manager and the Master Password Timeout
Firefox extension, which will at least cause a prompt before the fields
are filled. However, in the original case detailed in the bug report,
the phish mimicked the login.myspace.com site almost perfectly, causing
many users to believe they needed to log in. A description of this new type of attack, dubbed the Reverse Cross-Site Request (RCSR) vulnerability, is available from the bug's original author." |
© Copyright 1997-
2006
Paul Hardwick, with Web Hosting provided by MacRonin.com
.
Last update: 12/1/06; 4:40:56 PM .
Last update: 12/1/06; 4:40:56 PM .
