Researcher Warns of IE Auto-Complete Flaw

Auto-complete, the feature in a browser that remembers and fills in entries on Web forms, is has become a staple of users’ Internet activity. Websites remember shipping addresses, passwords and credit card and bank account numbers. But that could also make the feature a ripe target for criminals.

At the Black Hat security conference, the CTO of Whitehat Security described a proof-of-concept code that demonstrates how to intercept the auto-complete content stored in a user’s browser. The auto-complete vulnerability only affects Internet Explorer 6 and 7, but Microsoft has yet to issue a patch. Datamation has the story.

LAS VEGAS — Not every speaker at the Black Hat security conference wears a black hat. Jeremiah Grossman, founder and CTO of Whitehat Security, is using the show as the venue to disclose an unresolved issue in Microsoft’s Internet Explorer browser versions 6 and 7.

In an interview with at Black Hat ahead of his session titled “Hacking Auto-Complete,” Grossman said that IE 6 and 7 are both at risk.

Read the full story at Datamation:

White Hat Educates Black Hat Crowd to Not Use Browser Auto-Complete

News Around the Web