top | item 43497779

(no title)

AlexITC | 11 months ago

When I was younger I used to believe that nothing serious could happen because I don't use Windows and "I was smart enough" to not execute malware (yeah, I didn't care on downloading it; how wrong I was).

Someone already mentioned zero days but let me elaborate a bit on what can happen when visiting a website:

- Without zero days involved, you are already disclosing digital information, ip address, browser fingerprint, precise location access could be granted with relaxed browser settings, etc.

- As a dev, you may have services running locally, let's say, postgres, web servers, etc. -sometimes we install stuff and forget about it- the malicious website could access these.

- It could try using your sessions for other websites.

- It can also interact with your browser extensions, many of these do not take precautions for this.

- It can also try using your hardware, camera, microphone, bluetooth, we now even have webusb.

- It can also try to use your CPU/network for cryptocurrency mining or attacking other servers, it could even use you as a proxy while you are on the website.

- With zerodays, it could do just anything.

discuss

No comments yet.