Safari AutoFill flaw opens up Mac OS X address book to hackers

Discussion in 'iPad Apps' started by Drag Bunt, Jul 23, 2010.

  1. Drag Bunt
    Offline

    Drag Bunt iPad Fan

    Joined:
    Jul 13, 2010
    Messages:
    151
    Thanks Received:
    0
    Trophy Points:
    0
    Location:
    the 'burbs of @lanta
    Ratings:
    +1 / 0
    Original article from Jeremiah Grossman of WhiteHat Security
    Followup from betanews

    Be careful out there....

    Apple was notified on June 17th. Might be wise to disable AutoFill until a fix occurs.
  2. MikesTooLz
    Offline

    MikesTooLz Super Moderator Staff Member

    Joined:
    May 7, 2010
    Messages:
    2,364
    Thanks Received:
    19
    Trophy Points:
    0
    Location:
    Miami, FL
    Ratings:
    +20 / 0
    Or use a 3rd party auto fill like LastPass.
  3. 211ssw
    Offline

    211ssw iPF Novice

    Joined:
    Dec 27, 2011
    Messages:
    35
    Thanks Received:
    0
    Trophy Points:
    0
    Location:
    Southeastern PA
    Ratings:
    +0 / 0
    Ever have trouble using LastPass? I've used it for years on PC but downloaded it today on new iPad2 only to be reading "your
    settings have restricted you from logging in from this mobile device" and I have no clue what setting might be doing it as I have
    been very open in setting things up but clearly, something is not working. Of course, being very new to iPad2 has a whole lot to do with it. I find people who use LP with iPad2 so it has to be able to work but I've been working on this for hours with no luck. Hoping for ideas. Thanks in advance if you know what could be doing this. Bye, S
    I think it's solved. I followed directions from ask.com which enables bookmark bar in Safari, type login for LastPass into address bar. I saved it but had no idea entire thing would be shown here! And no idea how to edit.
    Contents
    Installing Bookmarklets
    Installing Bookmarklets on the iPad
    Using Bookmarklets
    Limitations
    Watch the Tutorial for Setting Up and Using Bookmarklets
    Learn How to Install Bookmarklets on an iPhone
    A 'Bookmarklet' is a special type of 'Favorite' or 'Bookmark' that executes code on the page you're viewing.

    If you are in the situation where you can't use a LastPass plugin, the LastPass Bookmarklets help you access your data easily and securely. You may want to use the Bookmarklets if you have a mobile browser, are traveling, or*are**using a browser other than Internet Explorer, Firefox, Safari, or Google Chrome.

    LastPass has three Bookmarklets: LastPass Login, LastPass Autofill, and LastPass Fill Forms.

    To begin, login to*https://lastpass.com/index.php?ac=1 and click on the Bookmarklets tab within the left-hand menu.

    You can then install the Bookmarklets using the links provided in the dialog box. Follow the instructions for your browser:

    Opera: You must right-click the link and bookmark, then set to Show on Personal Bar which is in Details. You may also have to check View -> Toolbars -> Personal Bar, if it isn't checked already.

    Konqueror: Bookmarklets are supported via Minitools. First, you'll need the konq-plugins package, if you don't already have it installed. Next, right-click 'LastPass Login!' above, and select 'Copy Link Address'. Then, go to Tools -> Minitools -> Edit Minitools. Click 'New Bookmark', and select the newly created bookmark. Type 'LastPass Login!' in the Name field, and paste the link you previously copied into the Location field (if http: is pre-populated in the Location field, remove it first). LastPass will now be available via Tools -> Minitools (you may have to restart Konqueror before you see it).

    We don't recommend the bookmarklet in Internet Explorer, Firefox, Safari, or Google Chrome, as the LastPass plugin is vastly superior. However, if you can't install the add-on somewhere or you are traveling, you may want to use them:

    Internet Explorer: Make sure Links or Favorites Bar is checked. You may also have to right-click the link and 'Add to Favorites', then put it under 'Links' or 'Favorites Bar'.

    Firefox: View -> Toolbars -> Bookmarks Toolbar to enable the toolbar.

    Safari: You'll need to click 'View', then show the Bookmarks Bar. For the iPhone, store this on your desktop browser and sync it to your iPhone. You may need to click on the device in iTunes, then go to the Info tab and ensure Sync bookmarks with is selected to the browser you saved the bookmarklet on.

    Chrome: You'll need to click on the wrench and hit 'Always show bookmarks bar'.

    For mobile devices, the best option is typically to install the Bookmarklets on your desktop browser and then sync your bookmarks over.

    1. Open up your desktop browser (you can do this with Internet Explorer and Safari).
    2. Make sure your Bookmarks toolbar is enabled by going to Tools > Toolbars and ensuring that "bookmarks toolbar" is
    checked/visible/enabled.
    3. Type https://lastpass.com into your browser address bar.
    4. Click on "Sign in" in the upper-right corner.
    5. Type your email and master password, and press "sign in".
    6. Click on "bookmarklets", the fifth option down in the left-hand "Actions" menu.
    7. Once the box appears, you'll see three links: LastPass Login!, LastPass Fill!, LastPass Fill Forms!
    8. Drag and drop LastPass Login! to the bookmarks toolbar. It should now appear on the bookmarks toolbar.
    9. Repeat for the following two, Lastpass Fill! and LastPass Fill Forms!
    10. Now that your bookmarks are in place, minimize the browser.
    11. Launch iTunes and connect your iPad.
    12. Click on your device in the left-hand column.
    13. Select the "Info" tab - the second over from the left.
    14. Scroll down to the 'Other' section.
    15. Click "Sync bookmarks with" and choose your browser.
    16. Click "Apply".
    17. Allowing syncing to the device to complete.
    18. Launch Safari.
    19. You will now see your three LastPass bookmarklets appear when you click on the Bookmarks button.
    20. Start surfing and using the bookmarklets to autofil and login!
    Using the bookmarklet is easy: simply click on the Bookmarklet you want to use and the action will be done, or a menu will appear to help you. If you're using the bookmarklets on a computer that you don't control (Internet cafe or friend's computer), you'll want to delete the Bookmarklets when you're done. You should logoff explicitly from the Bookmarklet if you do not want the computer to continue allowing logins.

    The bookmarklets have a few limitations that the Internet Explorer, Firefox, Safari, and Google Chrome plugins don't that you need to be aware of: Frame and Iframe based pages where the frames are in different JavaScript domain boundaries may not allow the bookmarklet to fill in your data. You may be able to find a different login page, or open the specific frame in a new window to allow your login.

    On your mobile device, the page displayed is often different than the non-mobile version, causing LastPass Fill! to not immediately work. You can usually force the fill and save the new copy of this page in LastPass.

    The Bookmarklets require cookies; if you are seeing that you're logged, you may need to enable 3rd party cookies to LastPass.com.

    For security reasons, LastPass Bookmarklets rely on your browser to send referrers, so this must be enabled in your browser's settings (for most browsers, this is enabled by default).

    If you change your LastPass Master Password, you will need to recreate your Bookmarklet. .
    Address bar, then it fills into bookmark and then it seems to make everything acceptable. Hard to believe it ate up that much time-frustration but I'm lost without it-it does spoil a person but now should be I place to do job.
    Last edited: Jan 18, 2012

Share This Page

Search tags for this page

disable autofill in osx 10.8.5

,

lastpass bookmarklet safari