1. chaau's Avatar
    There are some web sites (mostly Australian news sites) that when navigating make the touch keyboard appear for a split second during loading. I assume that during loading of some ads a Javascript displays some input boxes and puts the input focus on them.

    What occurred to me that these scripts may have create some smart iframes with url address of real websites (e.g. Amazon) with the username and password fields. Then the Edge's autocomplete would fill the fields and the script would steel it.

    Is it technically possible? Have anyone seen this behaviour?
    07-24-2016 11:19 PM
  2. Maurizio Troso's Avatar
    Exactly. That's the point. I am not concerned about twitter, as I don't have one. However, what if they create forms that trick the browser that it is a login form of some banking website. If the autocomplete is not smart enough it will be quick to fill the form and expose the password. (not that I ever save my banking passwords)
    Autocomplete is smart enough, considering phishing works only thanks to victim collaboration (a click or a tap to send).
    If the victim does anything, nothing happens
  3. Chintan Gohel's Avatar
    autocomplete would only work if you had initially posted some info yourself, right? Autocomplete won't fill in my name on twitter username because I've never used it so it doesn't have anything to fill -that's an example
    Maurizio Troso likes this.
    07-25-2016 01:12 AM
  4. chaau's Avatar
    Exactly. That's the point. I am not concerned about twitter, as I don't have one. However, what if they create forms that trick the browser that it is a login form of some banking website. If the autocomplete is not smart enough it will be quick to fill the form and expose the password. (not that I ever save my banking passwords)
    07-25-2016 03:03 AM
  5. Maurizio Troso's Avatar
    Exactly. That's the point. I am not concerned about twitter, as I don't have one. However, what if they create forms that trick the browser that it is a login form of some banking website. If the autocomplete is not smart enough it will be quick to fill the form and expose the password. (not that I ever save my banking passwords)
    Autocomplete is smart enough, considering phishing works only thanks to victim collaboration (a click or a tap to send).
    If the victim does anything, nothing happens
    07-25-2016 03:21 AM

Similar Threads

  1. Has Double tap to wake up arrived for the AT&T Lumia 950?
    By Wang Shun in forum Microsoft Lumia 950
    Replies: 47
    Last Post: 09-07-2016, 10:31 AM
  2. My windows 10 mobile preview
    By Ahmed Hany2 in forum Windows 10 Mobile
    Replies: 34
    Last Post: 07-27-2016, 04:40 AM
  3. Old network stills shows up: Why is this this?
    By Windows Central Question in forum Ask a Question
    Replies: 2
    Last Post: 07-25-2016, 01:59 PM
  4. Why does my windows 10 has missing icons and thumbnails?
    By Windows Central Question in forum Ask a Question
    Replies: 2
    Last Post: 07-25-2016, 01:08 AM
  5. Replies: 2
    Last Post: 07-24-2016, 09:51 PM
LINK TO POST COPIED TO CLIPBOARD