Ebay port scans your pc on every visit.
der.hans
PLUGd at LuftHans.com
Mon May 25 18:17:33 MST 2020
Am 24. May, 2020 schwätzte Michael Butash via PLUG-discuss so:
moin moin,
> https://www.bleepingcomputer.com/news/security/ebay-port-scans-visitors-computers-for-remote-access-programs/
>
> This was a bit disturbing to read today. Ebay injects a few javascript
> connections back to your requesting system, measures a basic socket
> connection, telling them if the port is open or not, amounting to
> effectively a local host port scan for specified ports, behind a firewall,
> from a web page you visited. They are doing this looking for remote admin
> applications in fact, rdp, vnc, teamviewer, many others. Hmm.
Should we be insulted that they don't check for SSH?
Ah, "According to Nullsweep, who first reported on the port scans, they do
not occur when browsing the site with Linux."
:)
> So any public website can query any port from visiting a web page, and
> possibly interact with any sort of local or other api on my system?
>
> I wouldn't think Javascript would be allowed to chain off a host like that,
JavaScript can run bitcoin miners on your system. It can also attack and
steal the credentials for your bitcoin account and thereby take all your
coins. Plus there are the exploits of password browser plugins such as
LastPass.
I use uMatrix to limit JavaScript. Most sites aren't allowed to run any. I
even remove the 1st party allowances for most of my browser instances.
That does render some site totally unreadable. I ignore most of those.
For some sites, I allow certain JavaScript. For instance, for
HumbleBundle I allow JS from HB, but also from Stripe. Sometimes I have to
allow google and recaptcha in order to checkout. Sometimes I just don't
bother with the bundle as it's not worth the annoyance.
For ebay, I have a separate browser instance as the site has lots of
JavaScript. I generally just don't use ebay very much. I need to get
better at running browsers out of containers and restricting their
access. In fact, I might finally be in a position to try out qubes.
ciao,
der.hans
> or at least have protections from certain abuse. I suppose it's valid if
> linking to another site, but JS/Browsers allowing local random port use
> like this, seems ebay is probably not the only ones to abuse this in
> certain ways. I know you can do some interesting things with websockets,
> seems chaining via same methods to remote interact would be trivial.
>
> This is pretty devious actually, I'm both a bit scared for ebay, not to
> mention all the other sites I "trust", let alone the ones I don't.
> Everyone else that just allows pervasively javascript is just hozed. Which
> is standard for everyone since javascript existed.
>
> I use noscript pervasively, and whitelist only valid sites. Ebay is a
> valid site, didn't think I had to protect myself, but how would you protect
> against this? Curious also the take from web dev's on this, other than
> thanks for the tip. :)
>
> -mb
>
--
# https://www.LuftHans.com https://www.PhxLinux.org
# Boredom is self-inflicted...der.hans
More information about the PLUG-discuss
mailing list