Has this ever happened to you?

You are browsing the Internet and maybe you look at some items and then it seems every where you go you are seeing the same things or related items that you just looked at. Maybe you abandoned a shopping cart or changed your mind about the purchase. Maybe you started filling out a form and stopped in the middle of it. They can’t possibly know what you typed, right? Or can they?

In an article by Motherboard.com, they cite a study done by Princeton University about boundaries. Or rather “No Boundaries.” How do you think Pinterest or Facebook or other social media sites get the information? There are sites such as FullStory that allow website owners to capture every keystroke a user makes. They use “session replay” scripts to capture what the customers are doing on their sites. You can see some of the major companies who use fullstory.com here.

Now more than ever it is important to read websites’ terms and conditions. They may collect things like medical conditions, personal data, credit card info. Passwords may even be “accidently” included in the data.

So what can you do? Run AdBlock Plus in your browser. According to the Princeton study, AdBlock has been updated to block all these scripts, thanks to the study.

This video shows FullStory capturing a user’s data as it is being entered into a form.

New type of phishing attacks affecting browsers

The Victor crew came across an urgent matter. If your browser is Chrome or Firefox, be aware of a new phishing attack. An attacker can send you an email with a link to a malicious website. You could visit a site that will either infect your computer or make you think you are signing in with your credentials as they trick you into thinking you are accessing the correct site.

The people from Wordfence, a security plugin for WordPress found this last Friday, April 14, 2017. They set up a demo site to show what is happening. It is well worth it to check their article and see if you are affected and what to do. They have set up a demo using a medical site, epic.com, so you can test your browser and browser settings. You can visit their demo site here in Chrome or Firefox. To compare the demo site with the real site they faked for comparison, you can click here to visit the real site here.

This does not affect Windows or Safari browsers. Currently there is a fix for Firefox browsers. Here is what you do:

Open your Firefox browser
Type about:config in the address bar
Search for ‘puny’ (without quotes)
You should see network.IDN_show_punycode set for ‘false’
Double click it to make it ‘true’

Chrome currently does not have a fix for it.

Extra protection on your computer

The Victor crew found a program you can download to help protect you from exploits. There is a free version and a paid version from Malwarebytes called Malewarebytes Anti-Exploit. Once you download and install it, it will add some layers of protection to your browsers, browser add-ons and Java. The paid version will also shield some Microsoft Office programs (Word, Excel, and Powerpoint) and Media Players, and allow you to add and manage custom shields. The paid version costs $24.95/year and will cover 3 PCs.

This is not an anti-virus program, but will give real-time protection against vulnerable sites. It will protect Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera and others.

Malwarebytes Anti-exploit

Joe Victor