That really gives a lot to think about at how many other sites are doing
the same thing. But I close up ports that doesn't need to be open in
order to make my system safe. You'd be surprised at how many ports are
open that can leave a system open for attacks.
On 5/24/20 8:15 PM, Michael Butash via PLUG-discuss wrote:
> https://www.bleepingcomputer.com/news/security/ebay-port-scans-visitors-computers-for-remote-access-programs/
>
> This was a bit disturbing to read today. Ebay injects a few
> javascript connections back to your requesting system, measures a
> basic socket connection, telling them if the port is open or not,
> amounting to effectively a local host port scan for specified ports,
> behind a firewall, from a web page you visited. They are doing this
> looking for remote admin applications in fact, rdp, vnc, teamviewer,
> many others. Hmm.
>
> So any public website can query any port from visiting a web page, and
> possibly interact with any sort of local or other api on my system?
>
> I wouldn't think Javascript would be allowed to chain off a host like
> that, or at least have protections from certain abuse. I suppose it's
> valid if linking to another site, but JS/Browsers allowing local
> random port use like this, seems ebay is probably not the only ones to
> abuse this in certain ways. I know you can do some interesting things
> with websockets, seems chaining via same methods to remote interact
> would be trivial.
>
> This is pretty devious actually, I'm both a bit scared for ebay, not
> to mention all the other sites I "trust", let alone the ones I don't.
> Everyone else that just allows pervasively javascript is just hozed.
> Which is standard for everyone since javascript existed.
>
> I use noscript pervasively, and whitelist only valid sites. Ebay is a
> valid site, didn't think I had to protect myself, but how would you
> protect against this? Curious also the take from web dev's on this,
> other than thanks for the tip. :)
>
> -mb
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
--
Harold Hartley
17632 N. 5th Pl
Phoenix, Arizona 85022
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
(text/plain)