Hackers hide credit card stealing scripts in favicon EXIF data

rcjordan · June 25, 2020, 11:55:15 PM

^{What's the word? ...gobsmacked!}

https://www.bleepingcomputer.com/news/security/hackers-hide-credit-card-stealing-scripts-in-favicon-exif-data/

gm66 · June 26, 2020, 12:15:17 AM

Nice vector.

ergophobe · June 26, 2020, 04:22:45 AM

Another reason to run an image-optimization script that strips EXIF data I guess.

rcjordan · February 10, 2021, 03:49:37 AM

Browser 'Favicons' Can Be Used as Undeletable 'Supercookies' to Track You Online

https://www.vice.com/en/article/n7v5y7/browser-favicons-can-be-used-as-undeletable-supercookies-to-track-you-online

ergophobe · February 10, 2021, 06:22:02 PM

Of course they can. I probably would not have thought of it in a million years, but the second someone says it...

rcjordan · February 19, 2021, 02:04:23 PM

"Powerful tracking vector

The attack works against Chrome, Safari, Edge, and until recently Brave, which developed an effective countermeasure after receiving a private report from the researchers. Firefox would also be susceptible to the technique, but a bug prevents the attack from working at the moment."

New browser-tracking hack works even when you flush caches or go incognito | Ars Technica
https://arstechnica.com/information-technology/2021/02/new-browser-tracking-hack-works-even-when-you-flush-caches-or-go-incognito/

Hackers hide credit card stealing scripts in favicon EXIF data

rcjordan

gm66

ergophobe

rcjordan

ergophobe

rcjordan