Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 25

Thread: Is this a security issue?

  1. #11
    Join Date
    Dec 2008
    Location
    East of Eden (tx)
    Posts
    331

    Default Re: Is this a security issue?

    There is no way to tell about the javascript. All the passwords have been deleted, and Remember Passwords turned off. So forms are never populated and there is no auto-completion.

    I don't think there is any doubt at this point that the PW came from my browser. I know the fellow that runs we*****4u and feel certain he isn't doing anything on purpose. He doesn't know (or care) anything about programming, hacking or security at all so may be infected with malicious code and not know it.

    The question is how the we*****4u link gets it when no other link (or direct access) does and how it happens on only one computer and no other.

    These anomalies seem strange to me but I know I don't know enough to make a judgment about whether it is important or not.

    Cordially,
    TwoHoot
    #1 - openSUSE Leap 15.1; AMD A6-3670; Radeon(tm) HD; 8gb memory; 500 gb HD; KDE 5.12.8
    #2 - openSUSE Leap 15.1; Toshiba Satellite L70-A (Dual Boot - Win10); KDE 5.12.8
    #3 - openSUSE Leap 15.1; AMD A6-6400K; Radeon HD; 8gb memory; 1tb HD; KDE 5.12.8

  2. #12
    Will Honea NNTP User

    Default Re: Is this a security issue?

    Jim Henderson wrote:

    > With a password field, the only way that it would be pre-populated by the
    > browser is with a saved password. Since you found the user ID and
    > password in the saved passwords settings, at some point in that browser
    > or another one that has its settings sync'ed, it would have been
    > necessary to tell the browser to save the password.


    That opens another question: If a form contains the password, is that
    password saved (and re-displayed) as part of the form data? IOW, can/does a
    saved form know enough to differentiate the password and is the info stored
    encyrpted?

    --
    Will Honea

  3. #13
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    17,244

    Default Re: Is this a security issue?

    On Tue, 28 Aug 2012 19:46:03 +0000, TwoHoot wrote:

    > There is no way to tell about the javascript. All the passwords have
    > been deleted, and Remember Passwords turned off. So no form is ever
    > populated and there is no auto-completion.


    Well, there is a way to tell with javascript if the site is still on -
    disable javascript and visit the site, and see if the form is filled in
    for you.

    > I don't think there is any doubt at this point that the PW came from my
    > browser. I know the fellow that runs we*****4u and feel certain he isn't
    > doing anything on purpose. He doesn't know (or care) anything about
    > programming, hacking or security at all so may be infected with
    > malicious code and not know it.


    He may be, which is why I asked the question. If he's pulling headers/CSS
    from somewhere else or something like that, or if his site was
    compromised and an attacker added javascript, that's a possibility.

    > The question is how the we*****4u link gets it when no other link (or
    > direct access) does and how it happens on only one computer and no
    > other.


    Hard to say without a more in-depth analysis of the system in question,
    and it sounds like you've taken steps so at least from your system, it
    sounds like you're probably clean.

    Jim
    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

  4. #14
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    17,244

    Default Re: Is this a security issue?

    On Tue, 28 Aug 2012 20:02:19 +0000, Will Honea wrote:

    > Jim Henderson wrote:
    >
    >> With a password field, the only way that it would be pre-populated by
    >> the browser is with a saved password. Since you found the user ID and
    >> password in the saved passwords settings, at some point in that browser
    >> or another one that has its settings sync'ed, it would have been
    >> necessary to tell the browser to save the password.

    >
    > That opens another question: If a form contains the password, is that
    > password saved (and re-displayed) as part of the form data? IOW,
    > can/does a saved form know enough to differentiate the password and is
    > the info stored encyrpted?


    Password fields are identified specially (so they mask the password as it
    is entered), and that authentication information is stored in a secure
    way (if you use a master password, it'll be more secure).

    Jim



    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

  5. #15
    Join Date
    Dec 2008
    Location
    East of Eden (tx)
    Posts
    331

    Default Re: Is this a security issue?

    Quote Originally Posted by hendersj View Post
    Hard to say without a more in-depth analysis of the system in question,
    and it sounds like you've taken steps so at least from your system, it
    sounds like you're probably clean.

    Jim
    Ok. I'll go back to work and let you all figure out if this is a problem or not. You are getting over my head now. I will check back in and see how the thread goes.

    Do I need to worry about security at the website itself?

    It is hosted at iPower, a commercial hosting service that I trust to maintain overall security for the website itself. I only build, manage content and administer it from the computer we have been talking about.

    Cordially,
    TwoHoot
    #1 - openSUSE Leap 15.1; AMD A6-3670; Radeon(tm) HD; 8gb memory; 500 gb HD; KDE 5.12.8
    #2 - openSUSE Leap 15.1; Toshiba Satellite L70-A (Dual Boot - Win10); KDE 5.12.8
    #3 - openSUSE Leap 15.1; AMD A6-6400K; Radeon HD; 8gb memory; 1tb HD; KDE 5.12.8

  6. #16
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    17,244

    Default Re: Is this a security issue?

    On Tue, 28 Aug 2012 22:56:02 +0000, TwoHoot wrote:

    > Ok. I'll go back to work and let you all figure out if this is a problem
    > or not. You are getting over my head now. I will check back in and see
    > how the thread goes.


    There's probably not a lot any of us can do without information to
    duplicate the actual issue. Since it sounds like it was a one-off, or
    that the owner of the site in question fixed it (since you weren't able
    to dupe it), there's not a lot of actual investigation that can be done.

    > Do I need to worry about security at the website itself?


    Probably not, though if the site isn't SSL encrypted, the credentials are
    probably passing over the wire in the clear.

    Jim

    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

  7. #17
    Join Date
    Dec 2008
    Location
    East of Eden (tx)
    Posts
    331

    Default Re: Is this a security issue?

    Is it possible that if someone uses the we*****4u link to access betterbradynow.org and then logs in to bettrbradynow from there that a copy of the username and password is recorded at we*****4u?

    The reason I ask is that the poll page is different depending whether you log in directly from your browser or from the we*****4u link. Accessing the site from the link allows a person to vote more than once because previous voting is not detected. I think previous voting is detected by computer identification in this module but am not certain. I only know previous voting is detected if you access directly from your browser but not if you access via the link.

    Maybe you can duplicate this by going to BetterBradyNow.org, navigating to BBN Polls and voting. It is open to visitors so you don't have to log in to do that and I don't really care how you vote once. Refresh the page and it should tell you you have already voted and show results of the poll instead of a ballot.

    Now go to We*****4u.com (the asterisks are b itch) and scroll down the page to his 8 -26-2012 -- 5:05 AM posting and click on "this" in the first line. (that is the link in question). This will take you to a specific article at BetterBradyNow where you can navigate to BBN Polls. If yours is like mine, you will see the ballot again instead of results.

    Access BetterBradyNow directly from the same computer and you will see results and a reminder that you have already voted. Access it from the link on the same computer and you will see a new ballot for voting. This appears to be consistent and duplicates. No account or log in is required since these particular polls are open to all visitors.

    If these differences exist on the public poll page, isn't it possible they exist in other, less obvious places as well? The most obvious security problem would be if someone Logged In from the link accessed page and their username and Password were sent to some unknown third party. If the person that logged in had Special permissions at BetterBrdyNow, it could breech website security in a big way.

    If I am just worrying because I don't understand, please say so.

    Cordially,
    TwoHoot
    #1 - openSUSE Leap 15.1; AMD A6-3670; Radeon(tm) HD; 8gb memory; 500 gb HD; KDE 5.12.8
    #2 - openSUSE Leap 15.1; Toshiba Satellite L70-A (Dual Boot - Win10); KDE 5.12.8
    #3 - openSUSE Leap 15.1; AMD A6-6400K; Radeon HD; 8gb memory; 1tb HD; KDE 5.12.8

  8. #18
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    17,244

    Default Re: Is this a security issue?

    On Wed, 29 Aug 2012 00:36:02 +0000, TwoHoot wrote:

    > Is it possible that if someone uses the we*****4u link to access
    > betterbradynow.org and then logs in to bettrbradynow from there that a
    > copy of the username and password is recorded at we*****4u?


    Does the link from the first site (which is being affected by the forums'
    filters in some way, so I can't go to the link) to betterbradynow.org
    contain anything other than the URL itself?

    If it doesn't, then disable javascript on both sites in your browser and
    see if the form is populated.

    Jim



    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

  9. #19
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    17,244

    Default Re: Is this a security issue?

    On Wed, 29 Aug 2012 01:45:03 +0000, Jim Henderson wrote:

    > Does the link from the first site (which is being affected by the
    > forums'
    > filters in some way, so I can't go to the link) to betterbradynow.org
    > contain anything other than the URL itself?


    Oh, right, you already covered that - yeah, that would be a word that's
    filtered by the forum software.

    Jim

    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

  10. #20
    dd@home.dk NNTP User

    Default Re: Is this a security issue?

    On 08/29/2012 12:56 AM, TwoHoot wrote:
    > Do I need to worry about security at the website itself?


    isn't that where the folks from .ru created accounts?

    if it were me, i'd alert the host (iPower) about concerns on those accounts.

    --
    dd

Page 2 of 3 FirstFirst 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •