Access Manager

[RodneyK]

Several times when transfering my password to an online form, the web-browser was directed to another site without my permission.

Ten minutes ago I saw a lovely picture of a young child who had the same name as my password.

I'm using access manager 2.0 free. I use Google as my search engine.
I use Firefox 1.0.6 web browser. I use LeechGet downloader (which monitors the clipboard) and I'm using WinXP SP2 uptodate and antispyware and AV programs.

I may have been sloppy with the mouse but didn't go anywhere near a link to another site.

Tell me this is not a fault in Access Manager.

[Richard]

Rodney,

I'm sorry to hear about your unfortunate experiences. It does sound like there could be some kind of problem.

I can assure you that Access Manager does not perform any other functions when copying & pasting or draggng & droping usernames and passwords to web pages, or any other application.

I would suggest trying another anti-spyware product to check that everything is ok.

[RodneyK]

Thanks for the reply Admin.
I appreciate the time taken and I was angry at the time.
New anti-spyware programs will be looked at.

[Chef]

The webpage being able to display your password most likely can be attributed to the fact that a malicious webpage can get the contents of the information in your Windows "clipboard" and not to any Spyware.

When you "drag & drop" or use the "Copy Username/Password buttons (I believe) that AM is in essence copying your info to the clipboard. Try it out yourself. Click in the username field and drag somewhere (you don't have to actually drop anyplace specific) then click someplace you can enter text and right click and select Paste. It will paste that entry's password. So when you drag and drop a username, AM seems to copy the password for that entry automatically to the clipboard.

These browser venerabilities make it very important to be smart and secure AM and your browser as they both have tools available to reduce the risk of this particular issue.

AM Tips:
1.) In AM Options>>Security Tab, make sure to select "Clear windows clipboard when closing"
2.) On the Taskbar Icon Tab, make sure you select "Automatically minimize to taskbar icon" and "Clear windows clipboard when minimizing". Also I suggest setting the "After X minutes of inactivity" to a short span of time like 1-3 minutes. Personally, I would like to see this setting have a seconds option so it would minimize after 15 or 30 seconds of inactivity but 1 minute is OK with me.
3.) On that same Taskbar Icon Tab, select "Minimize to taskbar icon when closing". This way, as soon as you are done using AM to enter your user/pass you can just hit close and it will clear your clipboard but still keep AM loaded and ready.

IE Tips:
To further protect yoruself from this issue if you are using IE, complete the following steps:
-Go to Tools->Internet Options.
-Click on the Security Tab.
-Click on "Custom Level."
-Scroll down to the Scripting section under Settings.
-Set "Allow paste operations via script" to Disable or Prompt.
-Press the OK buttons to close the dialog boxes.

To show/test this venerability you can visit:
http://www.jasons-toolbox.com/BrowserSecurity/javascript-clipboard.asp
Before you secure your browser with the above information, select some text somwhere and right click and select Copy to copy some info to your Windows Clipboard then run that test and you will see that with one short line of javascript you can steal clipboard info.

Doing these things will help ensure that your limiting access to your sensitive information. Hope this helps!

[RodneyK]

Thanks for the advice, Chef.

I've tried another password manager, KeePass, and it does the job proficiently via copy/paste, but AM2 a better product.

Also, using Maxtor Browser, which is a variation of IE, I've noticed that if text is highlighted and dragged/dropped then that text is sent to a search engine and a new tab is launched. Tricky for "drag/drop" using security programs.

People who spoof should have a field day.

I've also tweaked the settings of AM2 and Internet expl. as per your advice and will see if that helps with this problem.

RodneyK

[Richard]

Rodney,

It sounds like you might have the 'Super Drag Drop' option turned on in Maxthon. Go to /Options/Maxthon Options/Mouse Action/ and uncheck 'Use Super Drag Drop'. This should help.

[door268]