all InfoSec news
Leaking Passwords through the Spellchecker
Sept. 26, 2022, 11:08 a.m. | Bruce Schneier
Schneier on Security www.schneier.com
Sometimes browser spellcheckers leak passwords:
When using major web browsers like Chrome and Edge, your form data is transmitted to Google and Microsoft, respectively, should enhanced spellcheck features be enabled.
Depending on the website you visit, the form data may itself include PII—including but not limited to Social Security Numbers (SSNs)/Social Insurance Numbers (SINs), name, address, email, date of birth (DOB), contact information, bank and payment information, and so on.
The solution is to only use the spellchecker options …
More from www.schneier.com / Schneier on Security
Dan Solove on Privacy Regulation
22 hours ago |
www.schneier.com
Microsoft and Security Incentives
1 day, 22 hours ago |
www.schneier.com
Using Legitimate GitHub URLs for Malware
2 days, 18 hours ago |
www.schneier.com
Friday Squid Blogging: Squid Trackers
5 days, 12 hours ago |
www.schneier.com
Other Attempts to Take Over Open Source Projects
6 days, 22 hours ago |
www.schneier.com
X.com Automatically Changing Link Text but Not URLs
1 week, 1 day ago |
www.schneier.com
New Lattice Cryptanalytic Technique
1 week, 2 days ago |
www.schneier.com
Upcoming Speaking Engagements
1 week, 3 days ago |
www.schneier.com
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Information Systems Security Officer (ISSO) (Remote within HR Virginia area)
@ OneZero Solutions | Portsmouth, VA, USA
Security Analyst
@ UNDP | Tripoli (LBY), Libya
Senior Incident Response Consultant
@ Google | United Kingdom
Product Manager II, Threat Intelligence, Google Cloud
@ Google | Austin, TX, USA; Reston, VA, USA
Cloud Security Analyst
@ Cloud Peritus | Bengaluru, India