Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Test Finds Google Chrome, Apple Safari Weakest in Browser Password Management



 By: Brian Prince
2008-12-15
Article Rating:starstarstarstarstar / 38


There are 3 user comments on this Network Security & Hardware story.


  Table of Contents:
  1. Test Finds Google Chrome, Apple Safari Weakest in Browser Password Management
  2. Other Password Security Issues

Rate This Article:
Poor Best
Test Finds Google Chrome, Apple Safari Weakest in Browser Password Management
( Page 1 of 2 )

A test of the security of password managers in Google Chrome, Microsoft Internet Explorer, Apple Safari, Opera and Mozilla Firefox finds all five browsers do a poor job of protecting user passwords. Opera and Firefox receive the best marks, but pass only seven of 21 tests performed by Chapin Information Services. Google Chrome and Safari pass only two tests.

A test by IT consulting company Chapin Information Services has turned attention toward what is perhaps an undervalued element of browser securitypassword management.

The company took a look at all the major browsers: Internet Explorer 7, Opera 9.62, Firefox 3.04, Safari 3.2 and Google Chrome. According to the study, each browser was susceptible to a number of vulnerabilities that could expose password information. Of the five, Opera Software's Opera and Mozilla Firefox fared the bestmeaning they passed seven of the 21 tests. Internet Explorer passed five tests, while Google Chrome and Apple Safari passed only two.

Resource Library:

Three issues were cited by CIS as being problems that, when combined, could allow cyber-thieves to steal passwords without a user's knowledge. The first two are whether the browsers check the destination where passwords are sent and the locations where they are requested.

According to CIS, none of the browsers' password managers checked the action path when passwords were retrieved or saved. In addition, only Opera and Firefox prevent the browsers' password manager from delivering a password to a domain other than the one to which the password was delivered when it was saved.

"Intuitively, this is something that should happen all the time," said Robert Chapin, president of CIS. "If I go to Google.com and I save a password there, and the next day I go to log in again, if Google is telling my browser to send my password to [the] Yahoo Web site, most of these browsers couldn't care less where that password is being sent to."

All this matters, Chapin said, because if there is a Web site that is either compromised or that intentionally allows users to inject their own HTML, users are vulnerable to having their information stolen. However, Ian Fette, a security project manager at Google, correctly pointed out that users in those scenarios would be vulnerable to a number of different attacks.





  Reader Comments: Google Chrome and Apple Safari Lead Poor Showing by Browsers in Password Management Test
>>> Post your comment now!
A user comment on this article
Too right Jeff. I don't use them either.
Posted At: 12-16-08
By: Fenrir
A user comment on this article
Someone needs to brush up on thier URI / DNS termi ology. It sounds like this 'expert' does not even know the difference between a hostname and a...
Posted At: 12-16-08
By: Anonymous
I don't use the password manager
Personally, I don't trust these password managers anyway, because if somebody gets access to my computer, they can just start browsing away and the...
Posted At: 12-16-08
By: Jeff
>>> Post your comment now!
 


 
 
>>> More Network Security & Hardware Articles          >>> More By Brian Prince
 


x}r6*(gL=RJ64ԩRQ$$1H-I29O7t$_&6Fh4#I"nZΘt\snS?úO Y'w>{ &(ɑԫ1m3HnwݶN=gP'^> \?g3Q;Y| H>`7sIzV@h ɠæ&q/!꟔Cp`iFSKjkF=Ķ|hG'3:tV ̿{k׳Cݸ{1ܳL`E-"GlR =y7uBaH&5\O, E&sؗCYͼAeȆ}{RM*QR,הbYrӽm˙?XYp?/.iR.W9(֝[p nKVj0u=;yظ}  Vb}" @D%\.I"0i5&ttڽ~H}AFI?j|%R+ iɥzd$Y3)N,ԐXۭlji][W^['7bٚXC ji@e$X]FHwAբ}yڽ鑳59m}lzH ܹGtHM Wh:w -N/7#?!&w󁭡_OHN‰,O? `HBi۲ܺ̑\ yka(7f`XӀ7? eR2|&r, ߱n\S'G`h__ѬZxka 4+@_x0ND9fIs(,eg{ MH#kM`3R˼ĿIK2_VJ-ɿEh+dԌTwIQa#wax̌_,ʹcc^IR]E6\a>PY<8~vwܬ,U$*մ޹-~4ҢKsqnUOV|ǫ # EHYf7-vI0ꨦUʵt ~J jGExQo+ rOLf[ԑpl uu<|0 ZG>OtvϧԴPwӐ?: M/G˥qn1@ Lna V8; uCuӹga {>0kJY=D%7 l"&q}s)к`y&nAY@[S衟#j{7t( u,/= 0/ Zm 88ʼE]ubsBݷ|{閭-L<ģܠ>̨C|'s\(L7^ S2(%E2G4.'P(AH 9k \99~ޑvZ*&RPJnOq$]cwJ"ڹ&,S,ЂW-Kᗄtfh(L=?j1!UG,D`v9r,L.Y ϴJy[+R4dT(9 +ZIQQ#U^;L}Cas#̡#&IjKiSwӿh |kV Spć 9E#rQϚX %<.ƲB"57&QH OzBneHSy%ew{RgaE8F2b5i%nQ/|KĝR48%'1NasW|]Ө5@ӬYKuooE[9(ĿKӺJjp -H#oh koռE_xue8Hi K-CrB`}.E6Gh?40%Ϳl]pZ#>{+UVj'G&,m+Vod~4EiZ\-}s4  9P8)mʥʫ ;qg4-=f~o0=}:/L'|BJmw6q J[Y,,b3*4j+T=Ckab恈7_E3ka{68c@u\Xtf²익ה])/_(g׭v*> 0f&6X#˦>oُgWKhAf2,ƸL~6=2eX]2XrGm٘Autn\?09CL-:,YCfç! c$Dk_(+ `k_.szm>S? !ܕVR5󈻬SwhlrKxcJREu l{ Qքc'M}XtyyWӀ!as`Ez . Z H }"T0|*UTˈ`mS@@kSU Փ.E^~~ V%btXQH =j={e|h3<2 yәZ Jo3:*GERWt~GOgԀA_~~j ,4/}RjzCG>s@.y >{VN0aE>yLLZ<|˰"U~o }BZ_(ƨOMqѡ,u` tV8V;<@? v: lhCxR &`j@$p LM{6jJvg `\~שgQ!'܏p<7L M "]մRb/9EW|6t+l`̧v_`ju 2 \S 1|&Uc2~z:i0-aNx[2|'@ dѪ9O'A(՚\2ZVj,aڝNC7E$79`ܘGpXH;QOp/e?f#tM-lu*%\.Yi {2u9pg埍~a51t&]X碚I0['迌USxPR6Z|b\)3Gzz`WPjjz D*>ɇMC 7ѐZ[G#^$G{EY(,.nDMP*jIIz,pevd iW&{\x&\_{sƋbo)Q^r+Gs;"ʊg b|r{q>'F{lj>c+jBgEr @͎os-$NM6fIJ}A>0Tlʪ+> tVB gI= cF􀮢e4qyh7(۞jMY@h# ;wkʁnUR'|(VVJr=H2M#gD)jeѓEO*'mJPp,g( ,O$%,t9q[6E),8{Je%[ ir}e$ $"zR#.=2a7ZPf#991u/x߹~Ъۣ)ln |+ C7&{Cal8e~u{ݴO燤me_:kvt zuO_u{~{y[|D[( ^-Ըa@C~ڗE/ﯻ.OvO50osV=; J@cG$=ĸ}/gvj/K6Ep0\<!9n8I{eKJ:^w9"!5//Yz G]9h5óOM1k&05hCp0S`0#!9ϫ|1}~XU*۽N H1@gq?Klظ2U(sXsw{{eB s?݁CO6r=ICo6OG2M .`=w>`LM\g7hG(V=w-h*1 rXsg Zt gcBxa1~hSrpr%>i^[פyb@c$H~ `@wGL|5zÿ§G' r;kgƭtGo;vkm,da3f/k_; ?-l-8t砞CTϏ%ɘNBAWU-u+lko(rY9sJeOVr{ѡhd,#Qd1׭P2QY:pGҤscmf<ݸw[f1rfio}|} ~ ]=PI=w)~=Ғ(r_&ZD Np5Q{qI9.p}?,r`\TzH^8؈ڃ} uU6m>=-3hL Z6;x6tY AAXy !h79; 91lPfpvn ֘@lll4Rbh,r9٦pr[0\9f>m` \qĨ`box?GX#o<:Qgup]&?uru_,)fGL3;ZLxakF2lڷc£({+_ ZAQiİ]tpysXK  ֗ Pa񙸉ҀA(b]/?jy?"됰IX3ƛTC^->C+x95;)6zb;9|'Cq$e0X2.Բg:Qml'1aȾȂ ^A>w量Blfd5mhwVh׆.c[ 8ج=zg[Q*S?ZgYElHT _pS'9-5aY;O8H,Ilvũe= @80=R*j|?7E,WRzTJR<2֧ecNn,m)/r[&ax&ʡQ?OE!;ϓ eDc OoX 5x<>̓* ? ˾ v~<ʜ ӛEEA+%&\+|3cX޼I2$~$g3i 4 o~PwOw굢R+&7;F)b"obrXl>&P<FYmkȺ6忥>=K*JxdK^*DoZ_$RZS, ~Y#J8\R$!\,%LLȆw>Œɒ,fB<'|K(jo3hO{IX* 9x-+fxܗC)ޒZ(6˞8X"X*e vGI*H"ct3yLdGMܹmJgT/V*j%2p<#Ax1> {&*B,8nw'*-Qp| FK{Q:-4PT]$#1cC펫n4-VN" r𐊷'0 ,onKT3<ީ 嚲@'"͛[Eb*a'R1"WGJ2'yQ]d+38R.s/s/s/s/Gˀ|X/oxk|_ܒ^]wn{`y_4E~JnSfآ|]Mӟ{CW&:-Ҟ<|+Lem 1h3' >& q_~%$"%x [kKucu#f@uenPIjKN9ťy!QwH:Sa:]^u' җ^"\[R拹xzfT(/Q/I@uӼVCP)+RUvO8xJuQHOV $k-F#'˙Srڎ5t%a^ `c$>PJ D#U$l@$$;5I&IY_ ~I.kH`9, } -%AjN]tp껳Й'"S}&K%R[C1Ox v%iV^4tRcWބUXMjiՂY1׾JysV:?wIG6ʥu{Tn6T7:g[̂7Ek&M j \247866zZ6H$Ȟ\+ꢫV HCFw2H_Ѵ?Ii]x}P1t,"ፉUc/ϩ=RJ{ !P!IED*D2xҾӘ)#]RgM2kg}[HM _M4J8~|ict;978qad>GMQxR/p]S ҩ~Ue}'>/W3/D,6ColWK{"ڏ\MmLˑ;v!LMFEpY}iSgL?䖴 KjoB;Tߚ'4<S{MmP!JwkΡk1OZ_˚LHj~ж}A˽=V4Q mY[`cXhE >*qdy,;rmV)?jhk+1}yԺ zlï^Bif-e։5V(4N5s+x (0N7z:xb>8\BO~{0K m_}Ǵ=\[&ܹ34]|_ڋK۪_x أIe^쯦m/'IFO刻uXL,3;g(ÌJds!JT7pcдt+ZֿFʼn߳yx^(Z@L7४ ~Z+ Rd }q4,zD?SM=1>>4V8E-96i[>&$&Jjid}$F:tyϽgDhG꨺X/[a0V&gB8AXJrXD Ň^ "K&5kPFPxAҼKCvm.95͂E /w tMs95jW(5u5b?=ptG(zdqK2// #|Й>&^*"r\餷 GgTGr6R(M)=Zj>kxaSsܴ5̈ Zkaf qJ;7u6.W@O[jkwhDP"ͪND`h*yŐ#mQNa)7~c,pX\HX2vCmj|)5,\ <\πJ*jA4`}"oR$|y;_{P)Okv(9 :}yjUS*ZYQ#<&ߑԃR%:H@bB .xړGF^Gly rj-ݳyf8,֠K&,_=DZ<<}Q,턂R!Fғ'3FO'-/( +cn5XQWK+g`8Q`}xoޝKj߶$|pROs'<َM݆õnOt)@P\'`e#/Vkў`.,9)[d0̊~%U$x[jhwIL &N&#9ݱX N@G"(Mg~R?o:,=W0r"``J$ .&ڰkW1JZ,]|B<1ES)<8/$  Ĉ[ bU&wܠ~z*ڟO9e^fsB =Jl~C&u*2;-[6˞hZ]t Mx =7aT0|LC}x+VzK"?{| ̋XH t4*$:Ұm;e6\Ix##k3`1tH*K_!ݰ,VI m{7R[ $y?ZĮEH' q2?=4uӻhzxX29k ACߑ7Ž0L~cOI<Rd( YR GGy7=C.7,Mh[:L8!iN5?/ח=0&}A~b C:΁ Z(8F(ЄG#OscMZsxXҚ ^C. Q?F0;1˼QPiFczy 19ӈų;ot6:=ccZ|,{{GǙ;fQsƾ¬TG_%)'HC3"V2![C<7b/Rjs# a/x]` 3 l:Lma`t.t?OgGA~2?t:&ZR5KޝQ>ɖàzEQt#ߛ3,ȏ]WKlݜ(8&ãjq$!%H$`x=9`6A2߰(3ʰLXUKcʗ!ͲG2qυ&JZ 0@V0`A='i92bg4t\K ,C? &O=lF(Dwn`9ͫO{M"ǽUݽ$ǭ V¶V-r5uwO?t>/[W>=Sf&E`9y22 gN)sS9lꌹ4WdȀW.}QX\m0o/6`JT/!jbTձ/.~ecV yzzllŵv|vuQ5#'!uԦF p7@Q`1D GM& Ip4ħEO\#4[EEF/PKFPkF5_/?i63ʻP(GJ/?2Od},?3X_~5ۧF4gڗvF2?A">hF'c~:0N;oO賓AN}"^f#(?A2;P(̘K ̘..ȟn|fȗ+ 2޿Π11>_?/!>BǬrnj}} dd  M%u$e!(ofY Nogr z)A^d_~*%YFy 3YY zvAeX^e\512ௗeߧdnleھ:&R+ ]Q%5-{[I2}ח c|U(X2M*!#(,8%Y}MNJ 4tk 7b[y@YAI{R}tEI>t𞫫qLw<_[nNJ>s\ȜH8VɴV !SԮHD1KA1_wQ"/L2~0I0 > ۓ{ g_Ew9MAw2[`\xP[ЙqeMޢD)Fy5-g4o?JnAmz'4`/{̧dA]eGӠ[Y"B8Cw_a%ɠ1zIf'!45EL=C>jpO_i{sn 90l H$7rQӊj~JR}'\#aڌbxUUEVro VVjb`"! *s>P`26UJ` z!J1 =4c֭dK_c(wp E#Уc yw̺H˘1͛YȌ*æȗᄽNگ!ā` }pTB Pcoq =s] YI4Oܹ?|@6VI2hؐC ؒ9N-# N>@O'ÙCwHX&38W"f .@c d߻C!ϖC <:,e` NWN^$pgB-ҋKt!aPeD˺U;:՞/sn:aKƈ DMKIn_!mx'G5Ī"9C%uocOail@ꃧrSY`_GBb +M O'L8B2,%؉GCuhB :.p+DN焽HaC+F2}ju"趯Hϵ=8X0Em5;yYwf1c~s$Fƭ0:\5m$$&b3@ gQlVxRDNK`RJz+L9(مnoh"$E a'_! TL,sD?>K:![S1Q)jkA/?iwI3軱fKN%%}YQ v.yH#eUI;.~=M^T>IxrHqpC>~EE#`A]eD$@g ߅ϩnC>XYc:9ebV)qdFӧ-[@O"C24A خ;Oq^' 3>Ƌrx{Go/{oSsL%:Ɛ=-)0p,\ftO#m<` G&ʖ$߀)0t1Fq:h /Asl+ 6[ +"ۂ JmӴ>u¹"UXJٍ , ~:3_O[ƝMQ ~.9-Bu6 ^|:uGW=Q'FaжJWt{%!ҮT)Vx)z\n2?>Şi3^|@ =( of8`y%K@44{W q얢U.nDl a^o1n%/ـ9&@6G:qSr2M ѨpSTؕE'ds^k'gymE]Y>Ѝ5ϰ|3'5K\C =[=܋;ɾ ^f+3suVOR6Ȥ{ y2 !δyyU~ҥ^.I,g`cQd+8*)ؐrk`4bO1,,oԛN*)Asa#Dl ;ApN7\29LgѼGgd#V+KVw6k+[Ѐ7H>Y;PE"1ԛa:(/z0 s͹!׆) a+cPOYjcL1GfY{L 52lv* X>!ˣŬ"&D0Ȯ'R:tsh{h۟sT*La$R3 Ej z.t3\04yqBa0SSQ2JѬd;j 9#3N~q `\YG7^Ekb~g!g˾t/>Jz`g^VXvQJedv=̭q;f¦[HHdžIkckjFW;,