Am 20. May, 2022 schwätzte Michael Butash via PLUG-discuss so: moin moin, > This is something I posted here a while back, how sites like banks and > other financials were making scripted local queries to check for open > "services" or ports as referrals to localhost and ports known to be > malicious ala some worm or botnet if they should trust you or not. Quick Ah, interesting. The main place I've seen it is with discord. I don't trust those connections aren't malicious. Last night I found it in the sling authentication process. And by process I mean their web site sucks. I need to find a way to check which ports they're checking. Maybe start slow-feeding them 10G of /dev/urandom. It annoys me that the browser allows connections to localhost from a non-localhost page. > way for them to determine what stupid customers of theirs got got already, > and lower your credit score while at it. While ok, I get it, trust no one, > but that's a bit creepy that they're forcing my browser to open sockets to > local ports to essentially bypass my firewall, port scan my host, while > connecting to their site, and figure no one mostly will notice. > > Far as I know ublock and noscript inherently block most of that (it's > usually some affiliate credit check firm the bank uses for plausible > deniability and blame pointing), but I do this by default for the past ~20 > years to notice much. Yeah, I'm seeing it because I use uMatrix ( from the maker of uBlock Origin ). I used NoScript for years, but when Firefox moved to the new add ons model it wasn't ready and I ran into uMatrix, which has a nicer interface and also covers cookies. Unfortunately uMatrix is now abandonware. Recently I saw comment that uBlock Origin has an advanced mode that might be similar to uMatrix. I need to find that. Default uBlock allows way more than I want. > Such is the world we live in. Shields up! Absolutely. ciao, der.hans > -mb > > > > On Fri, May 20, 2022 at 8:27 PM der.hans via PLUG-discuss < > plug-discuss@lists.phxlinux.org> wrote: > >> moin moin, >> >> once in a while I run into a site trying to make JavaScript or XHR >> connections to localhost. >> >> What are they doing? >> >> Are they setting up backdoor tunnels on localhost? >> >> Are they trying to run a daemon out of the browser? >> >> Are they trying to escape the sandbox and exfiltrate data? >> >> ciao, >> >> der.hans >> -- >> # https://www.LuftHans.com https://www.PhxLinux.org >> # Eternal vigilance is the price of liberty. -- Thomas Jefferson >> --------------------------------------------------- >> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >> To subscribe, unsubscribe, or to change your mail settings: >> https://lists.phxlinux.org/mailman/listinfo/plug-discuss > -- # https://www.LuftHans.com https://www.PhxLinux.org # Stell dir vor, es ist Krieg und keiner geht hin...