Internet browser users are going to have to deal with a new threat soon and it’s not related to JavaScript. There is an unusual vulnerability in some Mozilla products (including Firefox) that run on the Gecko engine. This vulnerability allows for malware writers to detect key strokes even when Javascript is disabled.
Mozilla patched this problem in Firefox 9, Thunderbird 9 and SeaMonkey 2.6 and then announced what the threat was and that it had been fixed. The real threat though may lie in the fact that it wasn’t Javascript based, so it could easily run on any machine that hits a bad site even though Javascript is turned off. Each key on the keyboard can be “bound” to a specific page of a malware website. So pressing “a” would silently send a request to http://badsite.com/?a, b = //badsite.com/?b, etc. The user would have no clue this was happening unless they were monitoring their network, which most normal users wouldn’t know how to do let alone the time to do it. The attacker would then gather the logs from his web servers and piece together what the unsuspecting person typed.
This is a huge problem due to the fact that most everything is typed in to the computer. Several security experts suggest switching up browsers for different types of browsing. Be aware of the bugs that are fixed in the browsers you are using. Also be aware of the types of browsing you are doing. It will hopefully be minimalized as browers patch their software to deal with it, but the thought of it is enough to make this user be much more aware of what is loaded on my system and running malware detectors and watching my router for bad connections. Users today have to be much more aware of the equipment they have and how to monitor it or they will find themselves giving away info they would much rather keep to themselves!
More Stories
Choosing a Portable All-Band Radio for Emergencies
After a recent conversation among friends over choosing a portable all-band radio suitable for emergencies....
theHamStop.com Introduces theCleatV
theHamStop.com has a new item in the shop just in time for 2024 Field Day!!. The announcement from theHamStop.com...
theCleatV and theSkyHookx3x8 are available
theHamStop.com has been at it AGAIN!! with 2 new products added to their inventory. The announcement from theHamStop.com of the...
E-beam atomic-scale 3-D ‘sculpting’ could enable new quantum nanodevices
koi phys.org/news/2020-09-e-beam-atomic-scale-d-sculpting-enable.amp
Facebook Paying Social Media Users to Suspend Accounts Ahead of November Elections
Facebook is offering money to those who are willing to stop using Facebook and Instagram in the weeks before the...
Mozilla lays off 250
Mozilla today announced a major restructuring of its commercial arm, the Mozilla Corporation, that will see about 250 employees lose...