Ebay port scans your pc on every visit.

Harold Hartley wheelie207 at ownmail.net
Sun May 24 20:52:43 MST 2020 

That really gives a lot to think about at how many other sites are doing 
the same thing. But I close up ports that doesn't need to be open in 
order to make my system safe. You'd be surprised at how many ports are 
open that can leave a system open for attacks.

On 5/24/20 8:15 PM, Michael Butash via PLUG-discuss wrote:
> https://www.bleepingcomputer.com/news/security/ebay-port-scans-visitors-computers-for-remote-access-programs/
>
> This was a bit disturbing to read today.  Ebay injects a few 
> javascript connections back to your requesting system, measures a 
> basic socket connection, telling them if the port is open or not, 
> amounting to effectively a local host port scan for specified ports, 
> behind a firewall, from a web page you visited.  They are doing this 
> looking for remote admin applications in fact, rdp, vnc, teamviewer, 
> many others.  Hmm.
>
> So any public website can query any port from visiting a web page, and 
> possibly interact with any sort of local or other api on my system?
>
> I wouldn't think Javascript would be allowed to chain off a host like 
> that, or at least have protections from certain abuse.  I suppose it's 
> valid if linking to another site, but JS/Browsers allowing local 
> random port use like this, seems ebay is probably not the only ones to 
> abuse this in certain ways.  I know you can do some interesting things 
> with websockets, seems chaining  via same methods to remote interact 
> would be trivial.
>
> This is pretty devious actually, I'm both a bit scared for ebay, not 
> to mention all the other sites I "trust", let alone the ones I don't.  
> Everyone else that just allows pervasively javascript is just hozed.  
> Which is standard for everyone since javascript existed.
>
> I use noscript pervasively, and whitelist only valid sites.  Ebay is a 
> valid site, didn't think I had to protect myself, but how would you 
> protect against this?  Curious also the take from web dev's on this, 
> other than thanks for the tip.  :)
>
> -mb
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss

-- 
Harold Hartley
17632 N. 5th Pl
Phoenix, Arizona 85022

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20200524/1ebcd838/attachment.html>

More information about the PLUG-discuss mailing list