Author Topic: Hackers hide credit card stealing scripts in favicon EXIF data  (Read 2456 times)

rcjordan

  • I'm consulting the authorities on the subject
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11056
  • Debbie says...
    • View Profile

gm66

  • Inner Core
  • Hero Member
  • *
  • Posts: 1472
    • View Profile
Re: Hackers hide credit card stealing scripts in favicon EXIF data
« Reply #1 on: June 26, 2020, 12:15:17 AM »
Nice vector.
Civilisation is a race between disaster and education ...

ergophobe

  • Inner Core
  • Hero Member
  • *
  • Posts: 6431
    • View Profile
Re: Hackers hide credit card stealing scripts in favicon EXIF data
« Reply #2 on: June 26, 2020, 04:22:45 AM »
Another reason to run an image-optimization script that strips EXIF data I guess.

rcjordan

  • I'm consulting the authorities on the subject
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11056
  • Debbie says...
    • View Profile
Re: Hackers hide credit card stealing scripts in favicon EXIF data
« Reply #3 on: February 10, 2021, 03:49:37 AM »
Browser ‘Favicons’ Can Be Used as Undeletable ‘Supercookies’ to Track You Online

https://www.vice.com/en/article/n7v5y7/browser-favicons-can-be-used-as-undeletable-supercookies-to-track-you-online

ergophobe

  • Inner Core
  • Hero Member
  • *
  • Posts: 6431
    • View Profile
Re: Hackers hide credit card stealing scripts in favicon EXIF data
« Reply #4 on: February 10, 2021, 06:22:02 PM »
Of course they can. I probably would not have thought of it in a million years, but the second someone says it...

rcjordan

  • I'm consulting the authorities on the subject
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11056
  • Debbie says...
    • View Profile
Re: Hackers hide credit card stealing scripts in favicon EXIF data
« Reply #5 on: February 19, 2021, 02:04:23 PM »
"Powerful tracking vector

The attack works against Chrome, Safari, Edge, and until recently Brave, which developed an effective countermeasure after receiving a private report from the researchers. Firefox would also be susceptible to the technique, but a bug prevents the attack from working at the moment."

New browser-tracking hack works even when you flush caches or go incognito | Ars Technica
https://arstechnica.com/information-technology/2021/02/new-browser-tracking-hack-works-even-when-you-flush-caches-or-go-incognito/