This is one of the times when I ask myself: "Why have I never done this before?" The truth is, I just never thought of it. Until I stumbled across this bookmarklet, done by The Man in Blue: FormTextResizer, which makes it possible to resize any non-password, non-hidden text input fields or textboxes on any given website. It is very cool, you should check it out if you don't already know it.
Anyway, this got me thinking: isn't this a possible security risk or can it be exploited? Think about it: You save a couple passwords in firefox for, let's say your webmail, your weblog admin account, etc.
You're gone for a minute and one of your friends walks to your computer, goes to this website, creates a bookmarklet, goes to your webmail site (which is probably in your bookmarks somewhere already), the password is auto-filled, they click the bookmarklet and BAM, they have your password. pretty cool huh? and scary. I don't know if people just don't think of this or if it's really not a problem, but i found it very scary and created said bookmarklet.
After you execute the bookmarklet, any text field on the website that is a password will reveal its content. I also let it draw a red border around every revealed field, so you can't just 'prepare' a website and let your friends type their passwords in plain text. but still, i find the possibilities of this very threatening. If someone writes a similar bookmarklet that 'hijacks' the password inputs via AJAX and sends them to some server? again, threatening. Nuff said, now experience it for yourselves and discuss it.
Right-click here and "Bookmark" HtmlPasswordRevealer to access it anywhere, or click the link to try it out.
At the bottom of the page I created a password form for you to try out. Just enter anything and click.
contact email: , website: oelna.de