browser securitySecurity and convenience are often at the opposite ends of the balance. And today’s browsers are no exception.

Most of the browsers have the Auto-Complete feature, which allows users to fill the online forms data like Username, Passwords and even Credit Card Numbers automatically, once you visit the login page. But there are chances, specially when you are using an old version of your favorite browser, that this data can be stolen and used against you.

In a talk scheduled for next week’s Black Hat security conference in Las Vegas, Jeremiah Grossman, CTO of White Hat Security, plans to detail critical weaknesses that are enabled by default in the browsers. He has talked about a trick, where a javascript is used to fill the first character in the field, triggering the autocomplete feature of the browser to fill the entire data. Once the data is filled, it can be captured, stolen and sent to a distant server.

Apple’s Safari and a few earlier versions like IE6 and IE7 of Internet Explorer are found to be most vulnerable to this trick. This is yet another reason, why we recommend the use of a robust Password manager like Roboform.

Read an interesting story on the issue here.