tag:blogger.com,1999:blog-34454975.post2049783381977641536..comments2023-06-28T16:58:41.189+02:00Comments on Web Reflection: Internet Explorer Security Hole - A Better ExampleAndrea Giammarchihttp://www.blogger.com/profile/16277820774810688474noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-34454975.post-56082083746790922972008-09-09T18:40:00.000+02:002008-09-09T18:40:00.000+02:00Ok, it does work. But you need to have very specif...Ok, it <I>does</I> work. But you need to have very specific Auto Complete settings. And the password field wasn't exposed, no matter how much I tried. To be fair, credit card info is never a password field, so this <I>is</I> a problem.<BR/><BR/>(In case it matters, I'm using XP SP2 and IE7 with all the latest patches.)<BR/><BR/>Go to Tools -> Internet Options -> Content -> AutoComplete Settings. There are four (4) checkboxes there: <BR/><BR/>* Web addresses, <BR/>* Forms, <BR/>* User names and passwords, and <BR/>* Prompt to save passwords.<BR/><BR/>In my tests, the script picked up my user name <I>only</I> if "Forms" was checked. Somewhat unexpectedly, the "User names and passwords" checkbox had no effect.Alejandro Morenohttps://www.blogger.com/profile/01919561706249913721noreply@blogger.comtag:blogger.com,1999:blog-34454975.post-42296524757944897242008-09-09T13:55:00.000+02:002008-09-09T13:55:00.000+02:00It's not only about entire logins, it is about pri...It's not only about entire logins, it is about private user data that could be easily grabbed from malicious sites.<BR/><BR/>As I told before, it is not that "magic" that spammers can obtain in such easy way our email addresses.<BR/><BR/>Fortunately, I am using FireFox since its name was FireBird :geek:Andrea Giammarchihttps://www.blogger.com/profile/16277820774810688474noreply@blogger.comtag:blogger.com,1999:blog-34454975.post-35541322645977977492008-09-09T13:26:00.000+02:002008-09-09T13:26:00.000+02:00I read the article last week and I was impressed t...I read the article last week and I was impressed that IE6 had such a horrible issue. (Yes, impressed that M$ didn't fix it yet.)ryanmrhttps://www.blogger.com/profile/17405235997434926754noreply@blogger.com