Belgian ethical hackers find a leak in Firefox

A team of Belgian ethical hackers, NoBot, has managed to find a leak in the security of passwords of Internet browser Firefox. "The risk exists that someone can enter your mailbox and steal sensitive information. If he succeeds, he can destroy your smartphone", warns Cedric Devroey of NoBot. 

If you surf to a website and have to log in, you must always enter an e-mail address and password. To make this easier, the manufacturers of browsers have developed a "smartkey". With the Firefox browser, passwords are kept in a so-called "master password". When you log into the website, the browser will keep track of your e-mail address and password and link them together.

In order for strangers not to have access to your personal information, that information is encrypted. If people with bad intentions want to steal your password, they would not be able to do much with it. Your password is encrypted. Instead of text, symbols are shown.

"At least if they don't have "hacker skills". One of my colleagues discovered the leak earlier by accident. He is studying cybercrime and his job was to find traces on a computer. When he tried to find out the passwords, he noticed, to his great surprise, that these passwords could simply be read in text," says Cedric De Vroey.  

Always choose different passwords

All specialists agree: choose as many different passwords as possible. According to De Vroey, we have to keep an eye on two things : "First, it is important to update regularly. Secondly, the user must always work with a two-stage authentication: a password that is stored in a "smartkey"."

With 11 percent market share, Mozilla Firefox is less prominent than its major competitor Google Chrome, but there are still millions of PCs, laptops, smartphones and tablets. Cedric De Vroey explains : "In addition, a hacker can steal the password from your Gmail account. By doing so, he can enter your smartphone and even take over it. Then we're talking about identity theft."

In the meantime, Mozilla has launched an update for the leak.

Top stories