Thursday, May 31, 2007

Why Form Fillers Suck

Google Toolbar. Yahoo Toolbar. Opera Browser. What do they all have in common? No, not the fact that they are all seriously overrated. Besides that.

They all have so-called "Form Fillers," a terrible technology that should have been rejected long ago by the security community. It presents several risks in its use. Not only that, but I don't know of anyone who actually uses these things anyway.

The first problem is that of ID theft through a poisoned website. You visit a site, and it has some fields on it. As soon as the page has loaded, BOOM! Your personal information is entered. Spiffy! But wait. Now the page is doing something. It is sending your personal information back to its server, and you don't even know what this website is!

That reason is why most Form Fillers don't do auto-entering: they rely on the user to click a toolbar button to activate it instead. But this presents a new problem: any program can look at the data that has been entered into the Form Filler without permission and steal the data. Unless the Form Filler stores the info in encrypted format (which can still be broken), you are basically writing all your personal information on a 3x5 card, making 100,000 copies, and taping them all to helium balloons and letting the wind carry them away.

That's why Form Fillers suck.

Disagree with me? Do you use this technology all the time, or do you know something I don't? I would love to hear it. Just click the link below and send me a comment.

Labels: , , , , ,


Anonymous Anonymous said...

I use Roboform for basic stuff and it is password protected and would not work if my laptop was pinched however I am not sure how it would go in a tainted website.

Tuesday, September 25, 2007 12:46:00 AM PST  
Blogger Cubex DE said...

I agree, Roboform is probably the most secure of all form fillers.

Saturday, May 17, 2008 10:42:00 PM PST  

Post a Comment

<< Home