Firefox can securely save passwords you enter in web forms to make it easier to log on to websites. By default the option “Remember passwords for sites” option is enabled but you will still be asked whether to save passwords for a site when you first visit it. Clicking the Remember button will save the login information, Not Now button to ignore it or Never for This Site, that site will be added to an exceptions list and will never prompt you to save the username and password for that site. This feature is available at every web browser and is offered as a convenience but also increases the risk of your login information being exposed.
I normally save most of the usernames and passwords on my laptop because I am the only user and that computer is not shared with anyone else. If the laptop is not stolen or Windows is not hacked, then my usernames and passwords are pretty safe. One big reason I never let anyone touch my laptop is because someone could just run either of the 2 free portable tools to grab all my website passwords. Of course, we can also put these 2 tools to good use such as recovering
the sign-on details when Firefox fails to open.
1. FirePasswordViewer
- FirePasswordViewer is the GUI version of popular FirePassword tool designed to decrypt sign-on secrets stored by Firefox. FirePasswordViewer tool can decrypt and display these secrets on the same lines as the Firefox built-in password manager. The main advantage of FirePasswordViewer is that it does not require Firefox to be running. Also FirePasswordViewer can be used to display sign-on secrets from different profile (other than current profile) as well as from the different operating system (such as Linux, Mac etc) altogether. This greatly helps forensic investigators who can copy the relevant files from the target system to test machine and view the credentials offline without affecting the target environment. The displayed sign-on information can then be saved to a file in standard HTML format which can be used as valuable and quick offline reference.
[ Download FirePasswordViewer ]
PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default, PasswordFox displays the passwords stored in your current profile, but you can easily select to watch the passwords of any other Firefox profile. For each password entry, the following information is displayed: Record Index, Web Site, User Name, Password, User Name Field, Password Field, and the Signons filename.
To protect yourself against these 2 tools, simple enabling and setting a Master password would stop this 2 tools from harvesting your login information. You can do that in Tools > Options > Security tab > check “Use a Master password” and enter the password twice.
Note: Here’s a weird case of false positives. According to VirusTotal, 27 out of 41 antivirus detects PasswordFox as hacktool/trojan but NONE detects FirePasswordViewer as a threat. Now both tool does the same thing, do you think that PasswordFox is infected or a false detection? To me, PasswordFox is a tool that’s more likely to be used by hackers because it can be ran with a command line using a backdoor trojan while the user is using the computer and he won’t know a thing about it. As for FirePasswordViewer, the hacker would have to run the program, click the Show button and then Export the results. You should read about what Nir Sofer has to say about the false detection on his programs.
0 comments:
Post a Comment