Phone apps/Browser security

650Skull

Cockytoo
Top Contributor
Messages
10,995
Reaction score
15,543
Points
813
Location
FNQ Australia
Come across this today, Copied and pasted

"It turned out that a number of web browsers, including Google’s Chrome, Apple’s Safari, Opera, as well as browser plugins and utilities like LastPass can leak your private information through hidden text boxes due to autofill feature, which might be inadvertently giving away your data to phishers.

A Finnish web developer has found out that certain browsers, including Chrome, Safari and Opera, along with certain extensions, can be tricked into leaking data through their profile-based autofill systems due to phishing attack. The latter is brutally simple: when you try to fill in information in some common text boxes, like name and email address, you browser autofill system will input other earlier saved information into other text boxes, even if you don’t see them on the page.

As such, when you input seemingly innocent information into a site, like you name, the autofill system could give away much more sensitive information if you confirm the autofill: for instance, Chrome’s autofill system (which is enabled by default) stores data on your credit card information. The developer even set up a special website to show how it works, demonstrating visible text boxes for a user’s name and email address, while text boxes for address and phone number were hidden from view but still autofilled by Google’s Chrome.

Good news for Firefox users: their browser is not affected, because it does not yet support a multi-box autofill and therefore can’t be tricked into automatic filling text boxes, according to Mozilla security engineer. Lagging behind here serves the good turn.

If you use one of the abovementioned browsers or plugins, you can protect yourself from this kind of phishing attack by disabling the autofill system in settings."
 
Thanks for that info 650Skull, on several occasions I had been annoyed that the computer would just pre fill boxes for me, was not aware that it could be turned off.
Two clicks in settings and my info may be a little harder to steal.
Given the huge amount of air play "hacking" is getting in this hemisphere, one wonders if anyone connected to the interweb has any privacy - but could we go back to writing letters and putting stamps on envelopes?
 
Try filling out an application without giving your SSN, DL#, DOB, full name and in some cases a picture ID is copied. Even if you do a paper application it will be transcribed, scanned, or copied. This could be for a credit application, new patient information, in the case of an employment application for a background or piss test, insurance, your DL requirements. Run, run all you want but you ain't gonna hide. Try not to lose sleep over it.
In the case of credit card information you aren't financially responsible if you report. If you aren't paying enough attention to report then it should be on you.
In the case of medical information not much can be done. Unless you decline to be treated.
Bank accounts? Have more than one and disperse monies from one that doesn't have an electronic signature or tie. In-house transfers aren't that hard or time-consuming.
Identity confusion on background checks can be a pain. Try to build some long-term relationships with financial, insurance, and community ties that can counteract.
I've often wondered how the survivalists who stock silver and gold think they will trade or barter? You can't eat it, it won't fuel anything, you can't shoot with it. In an apocalyptic situation, survival trumps vanity every time.
Sign me
Running naked on the interwebs and not losing sleep.
 
Thing is, anyone who hacks me will only discover that I'm boring and broke.
Had this conversation with a doomsaying co-worker:-
The pessimists are buying land and learning to speak Russian!
No, that's the optimists. The pessimists are buying ammunition and learning to speak Chinese.
 
Skull, I would be surprised to see Safari being susceptible to this, if your using a Mac, ditch Chrome and Firefox. I've just spent a day getting rid of a phishing attack, due to my daughter using Chrome on my Mac. One click, that's all that had taken....
Plugins need to be verified by the user beforehand, check extensions as well, not sure about windows users as I haven't used a windows pic for a very long time (TFFT).
A good find, do you have a link to the article ?

Mick
 
Hi WER, MacKeeper, bastard of a thing to get rid of!
The adware remover (free) Malwarebytes did the job, I tried really hard to manually get rid of it but one hidden file had me snookered and the bastard kept coming back...
 
Hmmm I thought MacKeeper was a utility software suite for macOS.
Yes malwarebytes is great software! I've been locked up twice in the last year with ransomware and malwarebytes was able to deal with it.
Maybe not so with this newest version?
https://www.bleepingcomputer.com/ne...he-most-sophisticated-payment-site-as-of-yet/

As for phishing sites lately, the red flag for me, surveys purportedly from vendors I use.
At the end, you are promised a "free" gift for participating but you pay to ship.
Yeah, no thanks.
 
WER, that's what it was started out as then all turned to crap years ago.
The days of the MAC being impervious to attack are gone. Beats windows hands down though
 
I would be naive to think my information is not getting out there. The best any one can do is remove/delete any unwanted software, that comes with an operating system that is not wanted/used. Don't open any emails without a personal heading and if i am corresponding with some one i tell them to use a heading i will recognize or the email goes in the bin. I never open any emails from any bank, paypal, ebay or any organization/business, especially when they are asking for some update on information.

I use add-block, Firefox set so it does not allow tracking, and i also use Firefox private browsing. Have cookies and temp files set to be removed when i go offline, I also open my Temp folder and remove all stored files after a session. Using add-block improves the speed of my Micky mouse laptop because its not opening up all the crap, (adds, auto open streams), on sites. I also use CCleaner to monitor the cookies left on the computer and remove.

I was having trouble opening a site, being both cautious and stupid i opened Chrome to open the site, Bang ransomware and i couldn't close chrome to run Malawarebytes. Shut down the computer and opened Firefox. It opened without the ransomware controlling it, ran malawarebytes, fixed.

Its about limiting the invasive actions of these guys.

I wouldn't post a link to the site i got that info from because, 1; its a pirate site. 2; and has malicious adds if accidentally clicked on, ( use add-blocker). Other nasties that i circumvent by using all of the things above. Wers link is about the same thing.
 
I was having trouble opening a site, being both cautious and stupid i opened Chrome to open the site, Bang ransomware and i couldn't close chrome to run Malawarebytes. Shut down the computer and opened Firefox. It opened without the ransomware controlling it, ran malawarebytes, fixed.

You had to do a hard shut down (power button)?
If and when it happens again you might consider disconnecting your modem, boot to safe mode and not opening any software.
I like to keep repair tools on a separate drive (USB) and run from there.
One of the reasons I consider windows systems superior. The used fruit has all but eliminated auxiliary accessories.
Did you happen to read that article on the newest ransomware? They are turning pirating into a legitimate business model :umm:.
 
^The message of the article is how easily information is obtained with a subpoena in hand, which doesn't bother me a whole lot. Not being able to leave your house without permission on the other hand...
 
I thought you read the article? it isn't a subpoena that yields the most information.


In the view of the FBI, however, WhatsApp is a wellspring of private user data. According to the FBI’s “Lawful Access” document, WhatsApp will provide more
practically real-time information about a user and their activities than nearly every other major secure messaging tool. A subpoena will yield only basic subscriber information, the FBI document says. Presented with a search warrant, WhatsApp will turn over address-book contacts for a targeted user as well as other WhatsApp users who have the targeted individual in their contacts, according to the FBI.
But WhatsApp is unique in how quickly it can produce data to law-enforcement agencies in response to a so-called pen register
— a surveillance request that captures the source and destination of each message for a targeted individual. WhatsApp will produce certain user metadata, though not actual message content, every 15 minutes in response to a pen register, the FBI says. The FBI guide explains that most messaging services do not or cannot do this and instead provide data with a lag and not in anything close to real time:
 
^It takes a subpoena. Why should we care how instant the response to the subpoena is?
 
I forgot. Pointing out the real issue isn't the issue you want the conversation to be based on......Must be a conspiracy in there somewhere for you to find and comment on......Yea!!
 
Back
Top