Meanwhile,
Click diversion | pirated password:
There is not a day in the digital world without emerging a new threat. Moreover, The most recent: the extensions for browser of the main password managers. However, such as those of 1Password, Apple and Lastpass, can be easily thwarted by hackers thanks to a maneuver called diversion of click. However, Their users are invited to uninstall them immediately.
Posted at 11:57 a.m.
The European cybersecurity expert who discovered the fault even surprised. Consequently, other experts present at their conference during the cybersecurity event Defcon 33 which took place in Las Vegas at the beginning of August. Meanwhile, Password managers are generally recommended as one of click diversion | pirated password the best ways to protect themselves from phishing campaigns that allow. In addition, cyberpirates to extract personal information from somewhat distracted Internet users.
What worries experts these days is not only the nature of this vulnerability. nor the extent of the applications it affects. It is that even ten days after the publication of his discovery by the Czech researcher Marek Toth. their creators have still not published a corrective.
Among the affected password managers. the expert says are extremely popular tools, including 1Password, Bitwarden, the manager integrated into the iCloud platform of Apple, Lastpass and Logmeone, in particular.
Click – Click diversion | pirated password
The detailed flaw during the DEFCON 33 conference resorts to a lure technique called click diversion (“Clickjacking”). It would give illegal access via the web browser extension of password managers concerned click diversion | pirated password to protected information. such as user credit card details, telephone number, name and postal address.
Normally. the web browser extensions of password managers confirm that the address of a website visited corresponds to that saved in its database, before transmitting user identifiers.
In a context of click diversion. hackers use the HTML (code behind the web page) of the targeted site to modify its display by adding a transparent layer for the Internet user over its legitimate content.
The Internet user who sees only fire and who interacts with this layer thus shares his personal information.
The procedure unveiled by Marek Toth in Las Vegas showed how hackers could insert HTML code instead of the small overgrowing window that the extension of the password manager integrated in the browser normally. click diversion | pirated password automatically produce. The user then has the impression that he clicks on buttons that allow him to accept the use by the site of traceer witnesses (“cookies”). while in reality, he activates the automatic filling function of their manager.
The presentation of the Czech Cyberchercheurcheur takes up elements which he had already detailed in 2023, from the Nordpass password manager.
Questioned by the Socket online security firm. the creators of the 1PASSWORD application indicated that click diversion is a universal security problem that does not apply to our application. Our position is that if a user visits a vulnerable site. it is out of our control, like a malicious site or a device that would be compromised. »»
Further reading: Audresselles: A father dies drowned in front of his children – Audrey Crespo-Mara signs a high return to the TF1 news: 4.84 million viewers, an audience record – Aude fire: 16,000 hectares ravaged, the situation remains critical – Anderlecht begins his season against the Swedes of Häcken: ‘no excuse’, says Hasi – A suspect placed in police custody this Wednesday.
