The issue was found in Maxthon version 4.4.5. Knowing the exact operating system and installed applications, and browsing habits it would be trivial to send a perfectly crafted spear phish to the victim or perhaps set up a watering hole attack on one of their most frequented websites." Maxthon CEO Jeff Chen claimed that this was due to a bug that was fixed as soon as Maxthon was made aware of the issue however, Exatel had notified Maxthon of the issue without getting any response. Fidelis' Chief Security Officer, Justin Harvey, noted the data "contains almost everything you would want in conducting a reconnaissance operation to know exactly where to attack. The researchers further found the data being sent over an unencrypted connection ( HTTP), leaving users vulnerable to man-in-the-middle attacks. According to Maxthon, the data is sent as part of the firm's 'User Experience Improvement Program' and it is "voluntary and totally anonymous." However, researchers found the data still being collected and sent to remote servers even after users explicitly opt out of the program. In 2016, computer security researchers from Fidelis Cybersecurity and Exatel discovered the browser surreptitiously sending sensitive browsing and system data, such as ad blocker status, websites visited, searches conducted, and applications installed with their version numbers, to remote servers located in Beijing, China. These awards showcase Maxthon Browser's commitment to innovation and user experience, even though it has not reached the same market share as some other major browsers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |