Monthly Archives: June 2013

IE always unsafer? Sometimes not.

Let’s assume you want to prank your friend on a forum or on another website by using his/her identity. You could, of course, try to guess their username and password. You try using the name of the dog, mother, or anything else coming to mind. Sometimes this approach works, but more often it won’t. Well, there’s an easier way to do it.

The hole in ‘safe’ browsers
We all know that using Firefox or Chrome is generally safer than using the much-targeted Internet Explorer. However, IE does something right the other two browsers don’t – the amount of effort it takes to reveal saved passwords. Here is how it works. The example below assumes the use of Firefox.

Go to your friend’s house and ask if you can access the Internet from his computer. I never got “No” for an answer, and probably you won’t either. Surf to your favorite webmail application, and ask for a drink. While your friend is on his way to the kitchen, quickly do the following:

1. At the top of the Firefox window, click on the Edit menu and select Preferences
2. Click the Security panel.
3. Click Saved Passwords (the Password Manager will open)
4. To see the passwords which were saved, click Show Passwords.
5. Copy what you’re looking for and mail it to yourself.

passwords

Done!

You can do the same when using Chrome (just google for it). To get all saved passwords out of IE is a bit more difficult and requires extra software. In a sense, that makes IE safer on at least one count.

Windows 8 ‘Secure Boot’ not that secure

At least booting Windows 8 was secure – or so we thought.

Windows 8 TrashWindows 8 Secure Boot is based on UEFI 2.3.1. Secure Boot is considered to be an important step towards securing platforms from malware compromising the boot sequence before the OS starts.

However, there are certain mistakes platform vendors could make which can completely undermine protections offered by Secure Boot. And, of course, hardware vendors make these.

At Black Hat USA2013 Yuriy Bulygin will demonstrate an example of full software bypass of Windows 8 Secure Boot due to such mistakes on some of the latest platforms and explain how those mistakes can be avoided.