Mozillowned.
I was all geared up to write a post about how it is a poor idea to have Firefox save your passwords since there is plenty of password field “unmasking” software floating around out there. In theory all a malicious user would need to do is go to the login page of one of your saved password sites, load up the unmasking software, unmask the password field (which has been auto-populated by the browser) and be on their way.
I figured it would be wise to make sure this actually worked before ranting about security flaws; imagine my surprise to discover Firefox (v3) seems to have taken this tactic into account. The unmasking software I was trying had no effect on stored password fields. I was curious to see what the mechanism for this was, so I downloaded the FF3 source code. I didn’t dig in too deeply, but was nevertheless amused to see the XML namespace they were using was “there.is.only.xul”. Clever.
Also, I went to the Obama rally on Saturday. It was amazing to see 100,000 people come together like that. Go-bama!