A new browser extension called Behave! will warn you if a web site is using scripts to perform scans or attacks on local and private IP addresses on your network.
When browsing the web, scripts embedded on web pages can be used to not only port scan a visitor's computer for open TCP ports, but also initiate attacks on other devices on your network.
In May, it was discovered that well-known sites such as eBay, Citibank, TD Bank, and more would port scan a visitor's computer to identify Windows remote access programs running on it.
eBay port scanning a site
Source: BleepingComputer
This port scanning was conducted by the LexisNexis' ThreatMetrix fraud protection script used to detect potentially hacked computers trying to use the site.
While done for good reasons, users who are being port scanned rightfully find them intrusive and a privacy violation.
Even worse, malicious actors will also use JavaScript embedded on web sites to perform DNS Rebinding attacks.
DNS Rebinding attacks are where the DNS resolution is manipulated through short TTLs to use a victims' computer to bypass Same Origin Policy (SOP) and launch attacks against other devices on an internal network.
Created by Stefano Di Paola, co-founder, CTO, and Chief Scientist of MindedSecurity, the Behave! browser extension was born as an experiment to warn users of web sites that abuse browser features to perform local attacks or scans on a visitor's computer
"Behave! was born as a conceptual experiment around the behavior of web pages that might abuse some of those features, and if the interest on Behave! keeps raising, it might hopefully be a long lasting project to help raising awareness."
"For example local Port Scan, Cross Protocol attacks, DNS rebinding are very old attacks that are still possible and difficult to completely "fix" by browser vendors because they abuse core features of the Web ecosystem," Di Paola told BleepingComputer via email.
When installed, Behave! will monitor for scripts that attempt to access IP addresses belonging to the following blocks:
If detected, the extension's icon will show a red indicator, and when clicked on, will list the activity conducted by the site.
Behave! warning of port scans from eBay
The extension can also be configured to show browser notifications when concerning behavior is detected.
Browser notification
It should be noted that a bug in the extension may cause false positives on the DNS Rebinding alerts, and Di Paola is working on a fix.
The Behave! extension is available for both Chrome and Firefox, and Di Paola has told us that he hopes to release it for Edge and Safari.
Some features that Di Paola hopes to add in the future include "white listing web pages/hostnames that are expected to perform local connections" and the ability to "track back the code performing the suspicious actions."
For those interested in being warned about potentially abusive behavior from web sites you visit, Behave! is an interesting extension to install.
A recent discovery by a tech service company has taken the world by storm. The VPN services may not be as protected and secure as they guarantee to be, the company reveals that around 894GB of client information and data from UFO VPN has been exposed on the web.
This was proved true for eight quite well-known VPN services that have purportedly released a mammoth 1.2TB of client information. These VPN applications are as yet accessible on the Google Play Store with just one removed until now.
The leaked info contains subtleties like accounts passwords, VPN session secrets/tokens, IP addresses of both client devices and servers, and even the operating system of the devices.
As per by Comparitech, the tech service company responsible for the discovery, more than 20 million client entries are included in the logs every day.
The VPN specialist co-op was likewise informed regarding the information spill yet denied any such claims. UFO VPN said that the client logs are saved for traffic monitoring and that every last bit of it is 'anonymized'.
It was later found that there are seven more Hong Kong-based VPN administrations that have around 1.2TB of client information out in the open online.
The list incorporates FAST VPN, Free VPN, Super VPN, Flash VPN, Secure VPN, Rabbit VPN, and UFO VPN as well. Found by VPNmentor, it was discovered that all these VPN services share a typical Elasticsearch server and also the same recipient for payments, Dreamfii HK Limited.
The information uncovered from these VPN administrations contain sensitive data like home addresses, Bitcoin and PayPal payment details, email addresses and passwords, user names, and more. Dreamfii HK is expected to be the parent company for all these VPN services.
As of now, these VPN applications are as yet accessible on the Play Store, and only Rabbit VPN has been removed.