I’m tired so I’m just sitting here browsing through news and blogs that I have previously neglected. I found something silly: Schneier on Security: New Security Vulnerability: Clueless Users. Schneier links to an article from the BBC about a “security hole” in online banking.
Someone contacted the BBC claiming that “[t]he Morgan Stanley website allowed users to access account details after entering just the first digit of a credit card number.” This man had, apparently, enabled auto completion in his browser only to be surprised when his browser auto completed forms for him. To be fair, it appears that this is not supposed not work for password fields. Morgan Stanley seems to have made an error in the coding of the web page. However, the BBC article reports this as a security hole and fails to mention that the auto completion only works for someone using the actual computer that the information was saved on. It gives the impression that anyone at any computer could get access to sensitive data just by entering a digit in a form.
New security risk: clueless journalists creating mass hysteria.
![[FSF Associate Member]](http://www.cyberlaw.se/kalle/wp-content/upload/fsfbutton.png){kind=small}
![[Electronic Frontier Foundation]](http://www.cyberlaw.se/kalle/wp-content/upload/eff-button88x31.gif){kind=small}
leave a reply