Print Page - Hackers hide credit card stealing scripts in favicon EXIF data

Title: Hackers hide credit card stealing scripts in favicon EXIF data
Post by: rcjordan on June 25, 2020, 11:55:15 PM

^{What's the word? ...gobsmacked!}

https://www.bleepingcomputer.com/news/security/hackers-hide-credit-card-stealing-scripts-in-favicon-exif-data/

Title: Re: Hackers hide credit card stealing scripts in favicon EXIF data
Post by: gm66 on June 26, 2020, 12:15:17 AM

Nice vector.

Title: Re: Hackers hide credit card stealing scripts in favicon EXIF data
Post by: ergophobe on June 26, 2020, 04:22:45 AM

Another reason to run an image-optimization script that strips EXIF data I guess.

Title: Re: Hackers hide credit card stealing scripts in favicon EXIF data
Post by: rcjordan on February 10, 2021, 03:49:37 AM

Browser 'Favicons' Can Be Used as Undeletable 'Supercookies' to Track You Online

https://www.vice.com/en/article/n7v5y7/browser-favicons-can-be-used-as-undeletable-supercookies-to-track-you-online

Title: Re: Hackers hide credit card stealing scripts in favicon EXIF data
Post by: ergophobe on February 10, 2021, 06:22:02 PM

Of course they can. I probably would not have thought of it in a million years, but the second someone says it...

Title: Re: Hackers hide credit card stealing scripts in favicon EXIF data
Post by: rcjordan on February 19, 2021, 02:04:23 PM

"Powerful tracking vector

The attack works against Chrome, Safari, Edge, and until recently Brave, which developed an effective countermeasure after receiving a private report from the researchers. Firefox would also be susceptible to the technique, but a bug prevents the attack from working at the moment."

New browser-tracking hack works even when you flush caches or go incognito | Ars Technica
https://arstechnica.com/information-technology/2021/02/new-browser-tracking-hack-works-even-when-you-flush-caches-or-go-incognito/

The Core

Why We Are Here => Web Development => Topic started by: rcjordan on June 25, 2020, 11:55:15 PM