WARNING! Ongoing Security Flaw In Popular Browsers

in #news7 years ago (edited)

Safari, Firefox and Chrome Browsers

Password Security Managers

Pixabay

Tracking firms are able to exploit your browsers password security tools. The tracking firms are using our data for targeted advertising.

AdThink and OnAudience, are designed to gather data from our browsers password managers to track users.

Princeton Research

The plugins focus on people's user names and emails. The plugins have no safeguards to protect a person's sensitive data, like passwords, user names and emails.

Princeton Research

Professor Arvind Narayanana a computer science researcher from Princeton say's it won't be easy exploit to fix. The only way I can figure out how to protect my data is keep all my passwords off my computer.

This particular kind of password has been going on for 11 years and no one has tried to fix them. My husband never keeps his passwords on his computer. Now I am going to have to follow his example, which is a pain in the neck. I will have to write down all my passwords that deal with sensitive information. I don't keep any of my crypto data on my computer, which I am thankful I did do a little due-diligence. The problem for me is I am horrible at writing down the correct passwords, maybe I will print them out instead. But I think printers are easier to break into than browsers so I've been very hesitant to use one. I have a printer but I am going to have to research a little bit more, I think they store the images they copy. I read there is a limited buffer so if you print a bunch of useless images the past data will be erases.

Printers Store Image Data

Most of the problem has to do with the website using the plugins. The professors says he would like to see publishers take more responsibility for their third party plugins on their web sites.

Right now there is no control regarding what kind of third-party scripts are allowed.

Login details are stored on web browsers, some of the most popular are Google Chrome, Firefox, or Safari, which can store your passwords. For me this has been an easy way to manage my passwords However, I have always felt uneasy about storing important information in my browsers folders. I've been on the internet a long time and I know it's hard to keep secrets here. Especially when dealing with sensitive information, now that Cryptocurrencies are becoming wealth building tools we all have to double up on our security.

Credits

No boundaries for user identities: Web trackers exploit browser login managers

Thus, third-party javascript can retrieve the saved credentials by creating a form with the username and password fields, which will then be autofilled by the login manager. Why collect hashes of email addresses? Email addresses are unique and persistent, and thus the hash of an email address is an excellent tracking identifier. A user’s email address will almost never change — clearing cookies, using private browsing mode, or switching devices won’t prevent tracking. The hash of an email address can be used to connect the pieces of an online profile scattered across different browsers, devices, and mobile apps. It can also serve as a link between browsing history profiles before and after cookie clears. In a previous blog post on email tracking, we described in detail why a hashed email address is not an anonymous identifier.

Source codes

Advertising scripts using data from browser password managers to track users

Test Attack On Demo Page

List of sites embedding scripts that abuse login manager for tracking

some_text A link to My Blog

Sort:  

Coin Marketplace

STEEM 0.19
TRX 0.15
JST 0.029
BTC 63498.69
ETH 2645.91
USDT 1.00
SBD 2.80