Insecure internal communication in DuckDuckGo Privacy Essentials leaked some info across domains, and an XSS vulnerability was exploitable by its server. | Continue reading
There is a weakness common to any software letting you protect a piece of data with a password: how does that password translate into an encryption key? If that conversion is a fast one, then you better don’t expect the encryption to hold. Somebody who gets hold of that encrypted … | Continue reading
The Honey browser extension allows its server to run arbitrary code on any website, via at least four different mechanisms and obfuscating the code being loaded. | Continue reading
Documenting my setup: Android emulator, minimal Android app and instrumenting the target app via Soot to get debugging info. | Continue reading
Xiaomi browsers collect not merely your browsing history but also searches, downloads, YouTube videos watched and much more. | Continue reading
Browser extensions claiming to protect against fingerprinting will typically result in more data available for fingerprinting. | Continue reading
Mozilla limiting users’ choice to 9 add-ons on mobile is only the latest development. Add-on support is degrading across all browsers and will continue to do so. | Continue reading
A vulnerability in Bitdefender Antivirus allowed any website to run arbitrary code with user's privileges. This was caused by issues very similar to ones found in other antivirus products before. | Continue reading