Hi All,
Something odd happened today at work. Not really Fox related.
Our app (C#, WinForms) has a feature where on some screens you can embed a web browser in a tab to display a user definable webpage. The trouble is, the control is based on IE6 (?). We're in the process of updating this to Microsoft Edge WebView2.
My tester contacted me today saying there's a funny folder with rude words in it. Swear words. What!??
I took a look. WebView2 will create a browser cache in the application folder unless otherwise specified. We can fix that. But what about the swear words?
It turns out that she was using www.googlemaps.co.uk as a test. If you open this in a browser (*DO NOT DO THIS*) you get redirected to maps.google.com and all looks fine.
In the cache folder a file called passwords.txt contains 30,000 passwords which are clearly the most common passwords (123456, password, etc). It also contains words like 'motherfucker'. There are other files with common male/female names and TV shows.
So apparently googlemaps.co.uk redirects you to google maps and attempts a dictionary attack on your Google account. Nice!
Enable 2 factor authentication folks!
On Fri, Mar 11, 2022 at 2:07 AM Paul Hill paulroberthill@gmail.com wrote:
Hi All,
Something odd happened today at work. Not really Fox related. ... In the cache folder a file called passwords.txt contains 30,000 passwords which are clearly the most common passwords (123456, password, etc). It also contains words like 'motherfucker'. There are other files with common male/female names and TV shows.
So apparently googlemaps.co.uk redirects you to google maps and attempts a dictionary attack on your Google account. Nice!
You need a program to do a dictionary attack. I wonder whether the program was written in Javascript, loaded when you load googlemaps.co.uk ... Did your virus scanner sound an alert?
On Sun, 13 Mar 2022 at 11:41, Man-wai Chang changmw@gmail.com wrote:
On Fri, Mar 11, 2022 at 2:07 AM Paul Hill paulroberthill@gmail.com wrote:
Hi All,
Something odd happened today at work. Not really Fox related. ... In the cache folder a file called passwords.txt contains 30,000 passwords which are clearly the most common passwords (123456, password, etc). It also contains words like 'motherfucker'. There are other files with common male/female names and TV shows.
So apparently googlemaps.co.uk redirects you to google maps and attempts a dictionary attack on your Google account. Nice!
You need a program to do a dictionary attack. I wonder whether the program was written in Javascript, loaded when you load googlemaps.co.uk ... Did your virus scanner sound an alert?
Must be Javascript based. No virus scanner alert as far as I know. Enable two factor authentication folks!
I can't be sure it was a dictionary attack but I can't see why google would have a huge list of common passwords.
-
Man-wai Chang -
Paul Hill