You might want to think twice before you let someone borrow your computer.
The most obvious risk of allowing someone else access to your desktop
is that they can impersonate you, using any app where you’re already
signed in. They could send prank messages using your default email
client, or profess your undying love for Justin Bieber using your
logged-in Twitter account.
That’s annoying, but far from fatal.
But the situation becomes considerably worse if you use Google Chrome
to save and sync passwords for easy logins at your favorite websites.
An intruder who has unrestricted access to your computer for even a
minute can view and copy all of your saved passwords just by visiting an
easy-to-remember settings page: chrome://settings/passwords.
That link opens the local copy of your saved password cache, which is
synchronized to every machine where you sign in with your Google
account.
And the funny thing is, anyone who visits that page can see the
plaintext version of every saved password just by clicking a button.
The saved password list shows the web address, username, and password
for each saved set of credentials. Initially, the saved password is
displayed as a row of asterisks. But if you click the masked
password, you see a “Show” button that you can click to immediately
display the saved password.
A malicious or spiteful intruder who can lure you away from your
computer briefly can see your saved passwords, then close the settings
page. And you have no idea that your credentials have been compromised.
Source: ZD Net
No comments:
Post a Comment