This thread is important when it comes to preserving evidence: you cannot rely on the Internet Archive. Companies have ways to remove unwanted information about them, and they often won't hesitate to do that.
The latest email from #Avast restates: they only collected so much data in Avast SafePrice and Avast Secure Browser because of a shared code base, the data being discarded on the server. I'm not sure which option makes me more sad: that this statement is a lie or that it is correct.
#Avast notified me that they resolved CVE-2019-18894 yesterday. I can confirm the issue being resolved even though the displayed application release date doesn't change. That's good news, I really don't enjoy dropping 0-days...
I know that everybody is tired of me talking about #Avast but this time it's a beefy RCE vulnerability. Avast Secure Browser could be trivially taken over by any website, allowing even execution of arbitrary OS commands. #infosec #appsec
I rewrote parts of this article based on information provided by #Avast. If Avast indeed gave up on monetizing data from extensions, this changes the situation considerably.
I finished analyzing updates to Avast Online Security extension. It is indeed far more privacy friendly now and properly respecting user's choices. Quite surprising development given how they denied anything being wrong with it. #avast #privacy #spyware
Done polishing the article on #Avast vulnerabilities (to be published next Monday), now I can finally look into how Avast addressed the privacy issues reported earlier.
Software developer and security researcher, browser extensions expert. He/him
Other Mastodon account for non-technical topics: https://social.tchncs.de/@WPalant
A Mastodon instance for info/cyber security-minded people.