Hi all, Those who are saying virus can't access the saved passwords, consider this scenario, the virus installed its own add-on secretly, isn't it possible? Hell, you actually can access the saved passwords without any add-on, but from external process, a simple example will be http://www.nirsoft.net/utils/passwordfox.html . Remember browsers store every information somewhere, and any process with enough permission can read the files (for firefox, it is saved in signons.sqlite as encrypted, for FileZilla it is a non-encrypted text file, etc.).
A keylogger can easily guess your password, most of the time we type the user name and press tab to go to the next input option which is a password box usually. A keylogger can use this criteria along with timing. If the keylogger get some wrong user pass, it isn't a problem, if its target is to get some correct user pass. Yahoo has given free smtp+pop3 when they started new Yahoo! layout (not this one the previous one, maybe in year 2007/08). Many old accounts have also got access if they have tried the beta update when they are prompted. And also those who make viruses have enough programming power to scrap yahoo site and do auto-logins (yes I know there is a captcha system for wrong inputs). Hope I said everything correct. And please don't take anything personally and start attacking me. @Masnun bhai: Please don't think that everything said against windows is a hatred. Windows is a nice OS, yes, but there are some shortcomings of windows, accept them. Also the attacks I mentioned earlier are all possible for Linux, though when using Ubuntu, general users most likely to use software from trusted channel, so less virus attacks are possible than windows. And advanced users most of the time don't install software without checking. Also many times you do sarcasms by pretending you don't know anything about the topic/have no thoughts about the topic, and when someone talks about it/share his/her knowledge you just point out their errors. Please first share your opinions so that we can learn from them first, correct our errors, then add something if we have. I am not saying you should not point out our errors, you should, but first share your knowledge so that we can share less wrong info. If I hurt you then I am sorry, ignore my mail. I don't want to start another quarrel like the previous one between us (if you can remember) without any reason. --Enzam On Fri, Oct 14, 2011 at 10:07 PM, Junayeed Ahnaf Nirjhor < zombiegenera...@aol.com> wrote: > Hmm, > > First of all, it is not possible for any alien process to access a > browser's saved password. Not at least if you do not use any homebrew > browser. Then , I think the malware phishes a user to login to an identical > website or get read & write permission. > > After all, we don't always read all those jargon about permission and try > to > skip. It can happen mostly from porn site (Speaking from experience :P). > > Lastly, we'll never fully realize a virus mechanics. The moment we do, the > author will change the algorithm to keep it up to date with latest > loopholes. > > Hope I am correct. > > Peace be upon you - > Junayeed Ahnaf Nirjhor > Twitter - @Nirjhor > > > > > > -- > Ubuntu Bangladesh > https://lists.ubuntu.com/mailman/listinfo/ubuntu-bd > -- Ubuntu Bangladesh https://lists.ubuntu.com/mailman/listinfo/ubuntu-bd
