I did not expect the browser extension to provide great privacy. Still, finding four (!) different mechanisms allowing the Honey server to run arbitrary code on any website exceeded my expectations by far. It even uses AES for obfuscation.

palant.info/2020/10/28/what-wo

@WPalant I don't like the sound of this...I think I had a similar extension based in Russia a while back.

@calculsoberic Yes, there certainly are more extensions like this. But this one claims to have 17 million users, a claim that matches reported numbers in Mozilla Add-ons and Chrome Web Store…

@WPalant wtf? that's really creepy! I would want to know things like that before installing an extension.

@calculsoberic Theoretically, most of what I write there is disallowed on Mozilla Add-ons and they generally do a fairly good job keeping such extensions out. And what’s not disallowed, has to be mentioned in the add-on description/privacy policy. However, as this case once again demonstrates – Mozilla isn’t perfect either…

@WPalant I never thought they were but I suppose some people have that impression. Is it possible to subscribe to your blog? I love stuff like this!

Follow

@calculsoberic There is an RSS feed under palant.info/rss.xml. If you don’t have a way to subscribe to RSS, there are some RSS to email services around. A search gives me blogtrottr.com/ and feedrabbit.com/ as top results (mind you, I don’t know either of them).

· · Web · 1 · 0 · 1
Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.