Chrome using Gemini Nano for ‘Enhanced Protection’ against scams
Technology
8
Beiträge
3
Kommentatoren
82
Aufrufe
-
This post did not contain any content.
-
This post did not contain any content.
Google uses AI to harvest data and direct web traffic to where it benefits them, more news at 11
-
Google uses AI to harvest data and direct web traffic to where it benefits them, more news at 11
Yeah, looks like it scans everything in your browser. How Orwellian.
(Not sure, but probably)
-
Yeah, looks like it scans everything in your browser. How Orwellian.
(Not sure, but probably)
Websites you visit can port scan your entire network bypassing most firewall rules and NAT. Your phone tracks your notifications and keystrokes and builds data models from both.
People love it though. Or they hate technology. Anything but hating corporations and the rich that gives them that sweet sweet dopamine
-
Websites you visit can port scan your entire network bypassing most firewall rules and NAT. Your phone tracks your notifications and keystrokes and builds data models from both.
People love it though. Or they hate technology. Anything but hating corporations and the rich that gives them that sweet sweet dopamine
Websites you visit can port scan your entire network bypassing most firewall rules and NAT
Wut?
-
Websites you visit can port scan your entire network bypassing most firewall rules and NAT
Wut?
eBay port scans visitors' computers for remote access programs
When visiting the eBay.com site, a script will run that performs a local port scan of your computer to detect remote support and remote management applications.
BleepingComputer (www.bleepingcomputer.com)
-
eBay port scans visitors' computers for remote access programs
When visiting the eBay.com site, a script will run that performs a local port scan of your computer to detect remote support and remote management applications.
BleepingComputer (www.bleepingcomputer.com)
Not sure if I'm missing something here, but that scans ports on the localhost, it is not a port scan of your entire network. While that's still crazy and not something you want, it's not quite what you initially said, and I don't believe they'd be able to scan outside of your machine
-
Not sure if I'm missing something here, but that scans ports on the localhost, it is not a port scan of your entire network. While that's still crazy and not something you want, it's not quite what you initially said, and I don't believe they'd be able to scan outside of your machine
I think the principle could be applied to scan outside of the machine.
It is making requests to 127.0.0.1:{port} - effectively using your computer as a "server" in a sort of reverse-SSRF attack.
There's no reason it can't make requests to 10.10.10.1:{port} as well.
Of course you'd need to guess the netmask of the network address range first, but this isn't that hard.
In fact, if you consider that at least as far as the desktop site goes, most people will be browsing the web behind a standard consumer router left on defaults where it will be the first device in the DHCP range (e.g. 192.168.0.1 or 10.10.10.1), which tends to have a web UI on the LAN interface (port 8080, 80 or 443), then you'd only realistically need to scan a few addresses to determine the network address range.
If you want to keep noise even lower, using just 192.168.0.1:80 and 192.168.1.1:80 I'd wager would cover 99% of consumer routers.
From there you could assume that it's a /24 netmask and scan IPs to your heart's content. You could do top 10 most common ports type scans and go in-depth on anything you get a result on.
I haven't tested this, but I don't see why it wouldn't work, when I was testing 13ft.io - a self-hosted 12ft.io paywall remover, an SSRF flaw like this absolutely let you perform any network request to any LAN address in range.
