Ebay port scans your pc on every visit.

Michael Butash michael at butash.net
Sun May 24 20:15:14 MST 2020


https://www.bleepingcomputer.com/news/security/ebay-port-scans-visitors-computers-for-remote-access-programs/

This was a bit disturbing to read today.  Ebay injects a few javascript
connections back to your requesting system, measures a basic socket
connection, telling them if the port is open or not, amounting to
effectively a local host port scan for specified ports, behind a firewall,
from a web page you visited.  They are doing this looking for remote admin
applications in fact, rdp, vnc, teamviewer, many others.  Hmm.

So any public website can query any port from visiting a web page, and
possibly interact with any sort of local or other api on my system?

I wouldn't think Javascript would be allowed to chain off a host like that,
or at least have protections from certain abuse.  I suppose it's valid if
linking to another site, but JS/Browsers allowing local random port use
like this, seems ebay is probably not the only ones to abuse this in
certain ways.  I know you can do some interesting things with websockets,
seems chaining  via same methods to remote interact would be trivial.

This is pretty devious actually, I'm both a bit scared for ebay, not to
mention all the other sites I "trust", let alone the ones I don't.
Everyone else that just allows pervasively javascript is just hozed.  Which
is standard for everyone since javascript existed.

I use noscript pervasively, and whitelist only valid sites.  Ebay is a
valid site, didn't think I had to protect myself, but how would you protect
against this?  Curious also the take from web dev's on this, other than
thanks for the tip.  :)

-mb
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20200524/f9f1a5ec/attachment.html>


More information about the PLUG-discuss mailing list