futuregre.blogg.se - Brave web browser virus

I’m not sure how that will prevent local attacks any more than the method described in the article. “…and do use an external (but not cloud-connected) passwords manager.”

Of course, memory has everything, urls, passwords, cookies info, everything… but it sounds really unrealistic to think a random person will see it and know where things belong to. So while this looks wrong, let’s be realistic, it will be like not something people are going to really use to get information or will not be the best. I remember trying popOS and used the same profile I had on windows, and the browser didn’t even complain about how it wasn’t the same OS installation or anything, so it was even more insecure. If someone has physical access to a computer. I mean, it is not even hard to get a lot of sensitive information with the unsecured profile data of a browser. The thing about this is how the person has to even know your password, yeah, it is on plain text, but the person won’t know much about where it belongs to, that means that if people don’t use familiar names or numbers that can be searched and used like a password generator, then it will make it harder for people to access the info. As far as I know, only Yandex offers a feature to create a master password to protect the passwords. I mean, if someone has physical access then, nothing matters, and saying how ‘loads in memory’ it’s really irrelevant if most people will save their passwords in their browser anyway, so that means, instead of lookin in memory, the person can just look in the password manager. Of course, in the time where people give random ‘support’ people access to their computers, this is the least of the problems. Well, until they don’t show how to ‘extract the data remotely’ then, it is just speculation. The reason given is that Chromium won't fix any issues that are related to physical local access attacks. The issue was reported to Google and it received the "wont fix" status quickly.

All cookies belonging to a specific web application (including session cookies)Testing your browsers.

All URL + username + password records stored in Login Data.

URL + Username + Password automatically loaded into memory during browser’s startup.

Username + password used when signing into a targeted web application.The security researcher describes several different types of clear-text credential data that can be extracted from the browser's memory. Two-factor authentication security may not be sufficient to protect user accounts either, if session cookie data is also present in memory extraction of the data may lead to session hijacking attacks using the data. While it is necessary for the user to enter credential data such as usernames and passwords before they can be extracted, Zeev Ben Porat notes that it is possible to "load into memory all the passwords that are stored in the password manager".