Posted on 02/25/2019 1:35:50 PM PST by Swordmaker
Academics from Greece have devised a new browser-based attack that can allow hackers to run malicious code inside users' browsers even after users have closed or navigated away from the web page on which they got infected
This new attack, called MarioNet, opens the door for assembling giant botnets from users' browsers. These botnets can be used for in-browser crypto-mining (cryptojacking), DDoS attacks, malicious files hosting/sharing, distributed password cracking, creating proxy networks, advertising click-fraud, and traffic stats boosting, researchers said. . .
(Excerpt) Read more at zdnet.com ...
I’ve had this type of exploit happen since I upgraded my Debian 8 Linux machine to a more recent Firefox version. The upgrade made my No Script plugin not work and changed my Java Script package. Another issue is how Firefox manages the security package, I’ve helped it some with changes that I made to TLS methods. There are not graphic adjustments for it, they must be done via about:config
It takes a little time to understand and I’m still having browser crashes.
Also noticed something called [Web content] and it’s -child ‘s that make something like a denial of service attack.
I have no doubt some people are planning to monitor our content and block it actively. It is probably not just Firefox that is on the block.
Firefox has been the best common browsers as far as security is concerned. But they did take Soros money a couple of years ago. Need I say more?
This may be related too.
New Metasploit Payloads for Firefox Javascript Exploits
https://blog.rapid7.com/2014/01/23/firefox-privileged-payloads/
No. Use CMD-Q to completely Quit out of the Safari app on Mac, or Swipe up on iOS then swipe the Safari pane up and off the app switch window to completely Quit it on the iPhone or iPad.
When restarting Safari on a Mac, hold down the shift key while clicking on the Safari icon to prevent all tabs from reopening on the last sessions websites. In iOS, clear your browsing history and close all tabs before restarting Safari. This also helps with browser hijackers that won’t let you off a page. In those cases, force quit Safari.
danke schöne, Swordmaker
I’ve been leaving Safari open constantly. Should I force quit Safari on a daily basis, or more frequently???
This doesn’t surprise me, for years if you had youtube open and playing in Safari on Mac and then closed a MacBook Air, the youtube video would keep playing.
The first time I reported this they made me document it like crazy, then it got fixed and now it’s happening again and it seems like it’s a common problem with either background SW still running after the lid is closed, or a corrupted SMC or NVRAM or PRAM.
https://www.guidingtech.com/47697/macbook-sleep-issues/
Not surprising that some hacker scum are taking advantage of this or something similar to run a process as described in your article.
We need Saudi punishments for hackers. Chop off their hands.
Once AGAIN you post about a FIVE YEAR OLD, long-solved issue from an older model MacBook Pro. Why? As you’ve been told before this issue was from 2014!
For ultimate safe browsing, shut your browser down after every surfing session. . . Force quitting should not be necessary.
This has nothing to do with YouTube continuing to play when the laptop is closed. Likely you have a setting wrong.
oh really, and what setting would that be?
(out of whack SMC or NV/PRAM is not something I “set wrong”.
Looked like a mocking of Hillary about “wiping” the servers with a cloth....
What have found though is that when this happens the site will not let you go until you click one of the options, they lock you in and won’t let go. The back button is useless and just keeps refreshing the same page. Sometimes I can double click, or hit the back button repeatedly and it will actually go back. But I am finding now that some of these require a browser shutdown and restart to get out of it.
I don’t know... Google and facebook scripts follow you around until you actually clear your cache. They don’t even go away if you shut down your computer. As soon as you fire up and start your browser they are back. All of these take advantage of the “remember me” cache option.
As inconvenient as it might be... I think we are all going to be forced to set our browsers to “clear all cookies” every time we shut them down.
I agree, and set our browsers to clear ALL cache every time it shuts down. It is going to slow things down a bit going back to our usual sites but I think it is now becoming a necessary inconvenience.
Regarding the table you referenced, I’m assuming Opera is also compromised as well? Opera shows up as chrome when I use it (and I use it primarily on the laptop I have running UBUNTU).
Mozilla has been in bed with the “Ford Foundation” and data mining for them for years. Since it is open source it sounds like it is time to utilize this and build a version that is truly safe and not part of or hooked to Mozilla dependencies.
“I agree, and set our browsers to clear ALL cache every time it shuts down.”
Ugh. Well, I guess we’ll all be really asking, “Am I logged in?” when we get on Free Republic!
Agree. The Ford Foundation is bad enough, Soros is much worse.
I don’t trust any of them. The West Coast tech companies are almost all globalist pukes. Corporate America over the past 40 years has been largely taken over at the leadership level. I’m old enough to have known and trusted some of the “old guys”.
Some corporate officials are still pro freedom, many many are totally corrupted by the big perks and do whatever they are told. This is the nature of Fascism. Yes, it is leftist and anti freedom.
They all lead to the same outcome. Always fail. Freedom Works.
“Or it could be on a user’s frequently used website and the script comes in on a rotation advertisement from Google. No authorization required.”
This is a HUGE problem most don’t realize is happening. They blame the site but it’s actually the ad API. The Google ad API is DANGEROUS for both websites and users. And what they serve up might be safe for a couple days and then the ad will be rewritten with malicious code added.
I would NEVER subject my users to any API google services on my sites. If revenue is a must I would do it with partnerships with vendors and build it within my own site rather than ever use an API service from anyone, especially Google.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.