Well, I am sticking this here for now even though it likely will be evicted at some point.
There's alot of evil browser extensions out there. Alot.
Stuff like this:
I've begun capturing snapshots of them in the github.com/cryptostorm/fishycode repository, for now.
Is there someone out there who specialises in reporting and/or investigating these things? Are there best practices for doing so? They do some seriously, seriously evil shit - watch the events in your browser, and the .js console. You'll see.
The worst ones, by far, are "privacy" related. User-agent switchers, "free" proxy services, etc. I am pretty sure some are doing #superfish-style ssl kneecapping although I've had not time to confirm for certain. I do see them pulling certs in, and doing... things with them.
I suspect alot of crytostorm members have shitware extensions in their browsers that are causing serious security issues, currently. Time to clean that crap out.
Cheers,
~ pj
evil browser extensions
- Pattern_Juggled
- Posts: 613
- Joined: Sun Dec 16, 2012 6:34 am
- Contact:
evil browser extensions
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉
[list]
[/list]
☯ pj@ðëëþ.be ☯ keybase pgp ☯ mit pgp ☯ ðørkßöt-on-console ☯ git 'er github
bitmessage: BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f[/color]
[list]
☯ pj@ðëëþ.be ☯ keybase pgp ☯ mit pgp ☯ ðørkßöt-on-console ☯ git 'er github
bitmessage: BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f[/color]