tag:blogger.com,1999:blog-13756280.post6346928201694539593..comments2024-02-08T03:44:23.780-08:00Comments on Jeremiah Grossman: I know who your name, where you work, and live (Safari v4 & v5)Jeremiah Grossmanhttp://www.blogger.com/profile/05017778127841311186noreply@blogger.comBlogger75125tag:blogger.com,1999:blog-13756280.post-25887443204121708262016-11-15T06:38:57.011-08:002016-11-15T06:38:57.011-08:00do you want to study in abroad today or in the nex...<br />do you want to study in abroad today or in the next intake. we are the best and top rated study abroad consultancies in <a title="usa study abroad consultancies in hyderabad" href="http://rakabroad.in/usa-study-abroad-education-consultants/" rel="nofollow">usa foreign education consultants in hyderabad</a> india with good visa assurance.we help you in filing the f1 visa for you in very less time. we are also help you with information needed to apply for the college university. <br />taiseerhttps://www.blogger.com/profile/06640706068951962972noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-62327791159370909342016-11-03T07:33:21.770-07:002016-11-03T07:33:21.770-07:00Explore flexispy software that would be also extre...Explore <a href="http://trackingapps.org/flexispy/" rel="nofollow">flexispy software</a> that would be also extremely useful for keeping your devices' security on high level.Anonymoushttps://www.blogger.com/profile/02036141162168507103noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-19488412090162197612016-10-29T09:23:57.371-07:002016-10-29T09:23:57.371-07:00thanks for the information, great blog, i love it....thanks for the information, great blog, i love it.amarres de amorhttp://hechizosdeamor.biz/noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-71845250678223982142011-10-02T05:25:52.404-07:002011-10-02T05:25:52.404-07:00SAFARI IS SAYING THAT I BROWSE WEBSITES THAT I DID...SAFARI IS SAYING THAT I BROWSE WEBSITES THAT I DID NOT AND THAT THEY ARE MY FAVORITES. CAN SOMEONE TELL ME WHAT'S GOING ON HERE??Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-80430075493379133142011-10-02T05:23:24.320-07:002011-10-02T05:23:24.320-07:00SAFARI HAD BEEN SAYING AND LISTING WEBSITES THAT T...SAFARI HAD BEEN SAYING AND LISTING WEBSITES THAT THEY SAY I VISITED OR ARE MY FAVORITES. I DID NOT VISIT MORE THAN HALF OF THESE WEBSITES. CAN SOMEONE TELL ME WHAT IS HAPPENING HERE??Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-30468609674020201652011-07-06T07:40:29.233-07:002011-07-06T07:40:29.233-07:00Glad to find that there is a patch, but this still...Glad to find that there is a patch, but this still doesn't make me feel any better about the folks working on Safari.Mike Ciuccihttp://www.BuyingCharlestonRealEstate.comnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-59909407660087778372011-07-01T20:56:39.581-07:002011-07-01T20:56:39.581-07:00This can seemingly affect Chrome/Chromium too. In ...This can seemingly affect Chrome/Chromium too. In that it's not so clear how to delete things from autofill... efox-shopDual Sim Androidhttp://www.efox-shop.com/handys-android-handys-c-110_115noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-34750703342584859672011-03-20T07:53:10.263-07:002011-03-20T07:53:10.263-07:00I've been using google chrome for a while but ...I've been using google chrome for a while but then i had to recover my pc and when i downloaded it again when i search in the toolbar where u put in websites it takes me to yahoo instead of google. how can i change that so when i write something it takes me automatically to google??hechizoshttp://www.hechizosyencantos.com/noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-88739065850619718932010-09-24T12:21:11.021-07:002010-09-24T12:21:11.021-07:00@anonymous this particular issue is now patched. b...@anonymous this particular issue is now patched. but see here for the newer version:<br />http://jeremiahgrossman.blogspot.com/2010/09/safari-autofill-hack-lives.htmlJeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-21249988550733733742010-09-24T12:19:14.366-07:002010-09-24T12:19:14.366-07:00Safari 5.0.2 under SL here, did not extract any of...Safari 5.0.2 under SL here, did not extract any of my info, "Using info from my Address Book card" was checked in prefs.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-12273017127004023472010-08-15T19:02:07.895-07:002010-08-15T19:02:07.895-07:00In the current beta of Chrome, 6.0.472.33, there a...In the current beta of Chrome, 6.0.472.33, there are new autofill options (see http://googlechromereleases.blogspot.com/search/label/Beta%20updates). Is this affected?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-14340448841147612992010-07-30T08:07:54.901-07:002010-07-30T08:07:54.901-07:00Yes, fixed in Safari 5.0.1 with credit to Jeremy, ...Yes, fixed in Safari 5.0.1 with credit to Jeremy, see:<br />http://support.apple.com/kb/HT4276<br /><br />(CVE-ID: CVE-2010-1796)Manfredhttps://www.blogger.com/profile/01610682555247947788noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-76434471592857514892010-07-30T07:39:09.764-07:002010-07-30T07:39:09.764-07:00@Naccio @Anonymous: correct, it looks like the pat...@Naccio @Anonymous: correct, it looks like the patched solved the immediate problem. Over the next couple days / weeks, I'll try some tests to see how comprehensive it really is.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-32028976841798523232010-07-28T12:11:39.030-07:002010-07-28T12:11:39.030-07:00It seems that Apple fixed this bug in Safari 5.0.1...It seems that Apple fixed this bug in Safari 5.0.1.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-41873114623667478612010-07-28T09:15:41.168-07:002010-07-28T09:15:41.168-07:00I tried again with Safari Version 5.0.1 (5533.17.8...I tried again with Safari Version 5.0.1 (5533.17.8) and apparently they solved the problem.Nacciohttp://www.agenciabubba.comnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-20651144178454145702010-07-26T09:37:20.223-07:002010-07-26T09:37:20.223-07:00IOW...the security hole lies within autofill NOT j...IOW...the security hole lies within autofill NOT javascript. hint: don't use autofill.patrickhttp://neveranullmoment.comnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-22152242398468643422010-07-26T05:50:57.594-07:002010-07-26T05:50:57.594-07:00I think it's not a high critical issue, howeve...I think it's not a high critical issue, however it's good for everyone to know issues like that,<br />Actually malware authors looking for such alike delicate problems to do something malicious, btw, it's cool .__Genius__https://www.blogger.com/profile/10932582064271311514noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-24046686067172656972010-07-26T04:40:11.823-07:002010-07-26T04:40:11.823-07:00Checked the exploit under MacOS X 10.5.8 Dutch :
...Checked the exploit under MacOS X 10.5.8 Dutch :<br /><br />Safari 5.0 Dutch : fetches my name, city, country and e-mail<br />Chrome 5.0 Dutch : my name and e-mail appear briefly but are not autofilled or fetched<br />Opera 10.60 Dutch : exploit doesn't work<br /><br />ps : Thanx 4 the warning!Hendriknoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-39221802529986557222010-07-25T21:21:17.366-07:002010-07-25T21:21:17.366-07:00@Tom: thanks for the plug. going to attempt to bre...@Tom: thanks for the plug. going to attempt to break the blackhat record for number of attendees at a turbo talk. :)<br /><br />@Anonymous: both windows and os x are affected.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-82193648555747760122010-07-25T21:18:48.957-07:002010-07-25T21:18:48.957-07:00Is this just OS X related or does it affect window...Is this just OS X related or does it affect windows versions too?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-57901224417707986042010-07-25T20:49:20.595-07:002010-07-25T20:49:20.595-07:00interesting, looks like it is caused by webkit for...interesting, looks like it is caused by webkit for desktopOkionoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-77332820145460617562010-07-25T07:35:35.294-07:002010-07-25T07:35:35.294-07:00The Turbo talk at Blackhat should be fun "Jer...The Turbo talk at Blackhat should be fun "Jeremiah Grossman:Breaking Browsers: Hacking Auto-Complete"<br /><br />http://blackhat.com/html/bh-us-10/bh-us-10-schedule.htmlTom Brennanhttps://www.blogger.com/profile/17763780984670281558noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-54632015551393640792010-07-24T14:15:24.502-07:002010-07-24T14:15:24.502-07:00@anonymous: I tried entering numbers into the keyb...@anonymous: I tried entering numbers into the keyboard simulation, but for some reason any string data beginning with a number wouldn't populate in the form field. So I just took the numbers out of the loop for speed purposes. But don't worry, there is another technique that is much faster to pull all the data out -- numbers included. :)Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-74772682964575773662010-07-24T13:20:25.271-07:002010-07-24T13:20:25.271-07:00Fortunately any AutoFill data starting with a numb...<i>Fortunately any AutoFill data starting with a number, such as phone numbers or street addresses, could not be obtained because for some reason the data would not populate in the text field.</i><br /><br />What if the script not only sent A-Z but also 1-9 (and "(")? Would that flush out Phone Numbers and Addresses? Since it is triggering on the first character of the field, the failure to send a number would seem to me to explain the "safety" of these fields.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-85821657537958916372010-07-24T10:30:40.214-07:002010-07-24T10:30:40.214-07:00@Anonymous: Thank you.
@Marco: Yep, pretty easy t...@Anonymous: Thank you.<br /><br />@Marco: Yep, pretty easy to make this invisible and steal the data passively.<br /><br />@Frixhias: Thank you very much. I've gotten word from Apple security that they are doing something. Don't know what or when though.<br /><br />@Anonymous: No, the latest version of Chrome is NOT affected.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.com