Bitcoin Forum

A few days ago (luckily) I read a PDF document that described a vulnerability in several password managers (like 1Passwprd, lastpass) that when they see say  "google.com" domain they will autofill gmail's password field and user name  (even if the fields are hidden on page) and when the user clicks on "continue"  or "vote" (if it was a poll  on the psge) the  passwords are sent to the hacker.

So today on twitter I saw this guy  

https://twitter.com/CoinMKTCap

giving a link to this page hosted on google.com

(be careful before clicking anything on the page)

https://docs.google.com/forms/d/1IZf5cBivam_93zENT_arFFuvWDidHGjWxoTMVmFSoWg/viewform

Now why on earth would this be on docs.google.com if this is anything legitimate? Why not on your own site?

Right click and "view source" and I do see things like on the page:

^(focus|focusin|submit)$/i,r=/^(input|textarea)$/i,s=/^password$/i,l=!!("placeholder"in x);l|

If this page steals gmails passwords (and I think most likely it does), I would have fallen for this  -- for sure --had I not read PDF that describes the hack just a few days before

https://www.isecpartners.com/media/106983/password_managers_nov13.pdf
  

Protip: don't use password managers.

Please move this thread to scam accusations or somesuch; it doesn't belong in securities (there's a link lower right).

Double steal?

Besides some potentially faulty features like auto fill-ins and such, what's your reasoning? And what solution do you suggest otherwise?

If it's in your head it's in your head. If it's stored by the password manager...well...then it's in there.

wait what are the benefits to read other people email. unless that one is super important, I dont see any goods for the thieves to do that ???

An email account can be used
to reset passwords of other accounts
to collect someome's personal information, pics and other important data,
to send spam messages.

There are many use of a hacked email account but it depends on who's the owner of that account.