Archive | Web Browsers

Smashing Security podcast #006: 'A romantic ransomware hotel break' PODCAST

Smashing Security podcast #006: 'A romantic ransomware hotel break'

Join me and fellow computer security industry veterans Vanja Svajcer and Carole Theriault as we have another casual chat about whatever is on our minds.

Were hotel guests really trapped in their rooms by ransomware? Does anti-virus increase your attack surface so much that it's not worth running at all? And 11% of people on the internet are running ad blockers, says company which blocks ad blockers.

Oh, and we have a new theme tune...

Read more...
Domain name hijacking – what it is, and how you can stop your company being the next victim

Domain name hijacking – what it is, and how you can stop your company being the next victim

How do you think your customers would feel if they visited your business’s website and were greeted with an offensive image or malicious code? And how would you feel knowing that hackers could pull off an attack like this without changing a single byte of your site?

Read more in my article on the Bitdefender Business Insights blog.

Read more...

Advertisers could be tracking you via your battery status

A legitimate reason to poll your battery's status is to stop intensive operations from executing if you're running low on juice.

But it's also open to exploitation by those who want to track your online activity, writes Lukasz Olejnik:

The information provided by the Battery Status API is not always changing fast. In other words, they are static for a period of time; it may give rise to a short-lived identifier. At the same time, users sometimes clear standard web identifiers (such as cookies). But a web script could analyze identifiers provided by Battery Status API, which could then possibly even lead to recreation of other identifiers. A simple sketch follows.

An example web script continuously monitors the status of identifiers and the information obtained from Battery API. At some point, the user clears (e.g.) all the identifying cookies. The monitoring web script suddenly sees a new user - with no cookie - so it sets new ones. But battery level analysis could provide hints that this new user is - in fact - not a new user, but the previously known one. The script's operator could then conclude and reason that those this is a single user, and resume with tracking. This is an example scenario of identifier recreation, also known as respawning.

A recent study reported that battery status is being monitored by some tracking scripts.

It sounds like it would be a positive step if browsers stopped accessing such detailed information about our battery.

Aside from tracking, there are other ways that battery information could be exploited.

Uber, for instance, says that it knows customers are more likely to accept a much higher price to hire a cab when their battery is running low.