Home arrow Fraud and Scams arrow Fraud Alerts arrow Hackers Can Now Read Data on Supposedly Secure Web Pages
User Login





Lost Password?
No account yet? Register
Guard My Credit Menu
Home
- - - THE ISSUES - - -
Videos
Fraud and Scams
Credit Issues
Identity Theft
Privacy Issues
Our Children
Politics & Politicians
- - ACTION CENTER - -
Guard My Credit Links
Helpful Pamphlets
- - - - - - - - - - - - - - -
About ACCESS
Contact Us
About Our Site
Join the Fight
ACCESS is a non-profit, tax exempt consumer advocacy group.

Donations are tax deductable.

Guard My Credit Hits
11386495 Visitors
Hackers Can Now Read Data on Supposedly Secure Web Pages PDF Print E-mail

August 26, 2016 - Earlier this month at the Black Hat Security Conference in Las Vegas, programmers revealed an exploit that allows hackers to steal information from encrypted web pages. These are pages that have an https:// in front of the domain name. They are the pages that you use to sign on to bank and brokerage accounts, fill out tax forms and pretty much any page requires a user name and password. It means that just about any private information that you share over the internet is now vulnerable and there is no fix for the problem on the horizon.

Image

The exploit is too technical in nature to discuss how it works here. If you want to read about it, you can do so here. But for someone with some programming knowledge, using it isn't all that complicated. The only thing that is required is that victims encounter a malicious JavaScript file while on the Internet. That file can be embedded in a page, served by an advertisement, etc… It doesn't have to be on the page that the hackers are attempting to get information from.

Once a victim encounters the JavaScript file, hackers can target users visiting a particular page… say, a particular bank. From there they can potentially steal the victim's user name and password and then drain their account. Depending upon the site and the information stored there, they may also be able to discover your birth date, SSN, home address and even credit card numbers that you have setup to pay out of your bank accounts.

The only known way to stop the exploit is to disable acceptance of "third party cookies" in your browser. Unfortunately, some internet sites won't work if you disable these. A work around - and we have not verified this - might be to install two browsers on your computer or phone. In one, disable third party cookies and only use that browser to sign on to financial accounts. Use the other one for everyday browsing.

According to a source in the linked article above, the exploit has never been used and it has been around for the past three years. It has apparently been a known issue to HTML and browser developers for that period of time but it hasn't been fixed because doing so isn't "trivial". Now that the exploit has been reveal to everyone, it is highly likely to be used by hackers.

As always, ACCESS is advising that our readers use safe browsing habits. Only visit known websites. Don't click on links in email that you aren't expecting. Make sure your antivirus and antimalware software is installed and is up to date. These things will at the very least help protect you. 

byJim Malmberg

Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.

Follow me on Twitter:

Jim Malmberg has 8112 followers on Twitter

 

Follow ACCESS  
Comments
Search
Only registered users can write comments!

3.25 Copyright (C) 2007 Alain Georgette / Copyright (C) 2006 Frantisek Hliva. All rights reserved."

 
Guard My Credit Polls
#1 - Why did you visit our site today?
 
.•*´¯☼ ♥ ♥ Your Support of These Links Is GREATLY Appreciated ♥ ♥ ☼¯´*•.
Advertisement
 
Go to top of page
Home | Contact Us |About Us | Privacy Policy
eXTReMe Tracker
11/04/2024 02:17:49