Jeremiah Grossman: I know who your name, where you work, and live. Appalling unfixed vulnerability in Safari 4 and 5 —if you have the “AutoFill web forms using info from my Address Book card” feature enabled (it’s on by default) malicious JavaScript on any site can steal your name, company, state and e-mail address—and would be able to get your phone number too if there wasn’t a bug involving strings that start with a number. The temporary fix is to disable that preference.
Sign in with 
OpenID
I may sound paranoid, but I never allow browsers I use to store any of that stuff. Never save passwords, never save form values, never auto-fill. I'll type my info when needed, thankyouverymuch.
That said, I've several times tried to set up civilians with systems to manage passwords -- domain-specific bookmarklet, keepassx, 1password. All failed. People just will not, in general, put up with a hassle in return for security.
It's like we need usable security or something. ;-)
Jeremy Dunck - 22nd July 2010 14:54 - #
You can do a similar thing with Firefox's auto-filled usernames and passwords; obviously it's limited by domain, but that doesn't help if the site has an XSS vulnerability.
I wrote about it on my site 2 years ago, but nothing has changed - not surprising, as Mozilla's approach to the issue at the time was "I don't think we should sacrifice usability this much just to slightly mitigate the effect of a successful XSS attack."
Richard Terry - 23rd July 2010 10:06 - #
thank you for share the good knowlege. So beautiful posts,all I like,hope to be better then,
and enjoy yourself,good luck in your life. Thanks for your ideas to something. Great post,
thanks very much, please write more and more about this.
Tim Thomas Jersey - 21st October 2011 02:02 - #
Your blog is very informative.This is obviously one great post.i keep on reading articles from here.
thanks for sharing..
Zdeno Chara Jersey - 21st October 2011 02:03 - #
I really like this website, And hope you will write more ,thanks a lot for your information.
Milan Lucic Jersey - 21st October 2011 02:04 - #
I’m still learning from you, but I’m improving myself.
Nathan Horton Jersey - 21st October 2011 02:05 - #
Excellent stuff from you, man. I’ve read your things before and you are just too awesome. I adore what you have got right here. You make it entertaining and you still manage to keep it smart.This is truly a great blog thanks for sharing
ugg boots sale - 26th October 2011 07:50 - #
7Rq0eY Hooray! the one who wrote is a cool guy..!!
OEM software online - 7th November 2011 11:11 - #
r7gpy4 A unique note..!!
Buy cheap software - 9th November 2011 12:42 - #