The newest registered user is bitaacademy
Our users have posted a total of 43720 messages in 6442 subjects
WORLD CLOCK
The Maxthon Browser Is Not Secure
Valley of the Sun Casual Club :: TODAY'S TECHNOLOGY TIPS FROM THE DOCTOR OF TECHNOLOGY AZDEWARS 143 TOPICS inside
The Maxthon Browser Is Not Secure
azdewars
370 PostsSat, Jul 23 2016 7:24 PM
It allows conducting the targeted attack on a selected user by revealing the browser authors the complete list of exact versions of programms, some of which may be vulnerable, also providing them with user’s browsing history and Google searches.
The use of the symmetric cryptography and static encryption keys embedded in the code to obfuscate the transmission of the UEIP data, actually allows to conduct the Man-In-The-Middle attack by any attacker, resulting in decryption of the UEIP data intercepted between the user’s browser and the Maxthon server in Beijing.
It is also worth emphasising that the Exatel’s SOC got in touch with the creators of the Maxthon browser, sending a detailed technical report, with a request for Maxthon to respond, either in the form of a notice sent to the users about the type of data transmitted from their browsers to the Maxthon servers in Beijing, or in the form of a Maxthon browser software patch which would enable the alarmed users to deactivate effectively the transmission of the UEIP files to their servers. This request was ignored.
The latest version of the browser downloaded from the creators’ website (version 4.9.3.1000) was tested by the Exatel’s Security Operations Center team and still transmits the UEIP data, without respecting in any way the user’s choice regarding the participation in the UEIP programme. Until the delivery of this text for publication, nothing has changed.
Moving to an alternative web browser is no guarantee that you'll be less susceptible to privacy and security issues. Researchers at Exatel have [url=http://lwlink3.linkwithin.com/api/click?format=go&jsonp=vglnk_146878891653013&key=503c38809682907e0e07931326b1c03d&libId=iqr28vgq01012xfu000DAjj91r7gk38hg&loc=http%3A%2F%2Fwww.threatgeek.com%2F2016%2F07%2Fchinese-web-browsers-perfect-reconnaissance-tool.html&v=1&out=https%3A%2F%2Fexatel.pl%2Fadvisory%2Fmaxthonreporten.pdf&title=Chinese Browsers%3A The Perfect Reconnaissance Tool - Threat geek&txt=https%3A%2F%2Fexatel.pl%2Fadvisory%2Fmaxthonreporten.pdf]published[/url]a report claiming that Maxthon's browser transmits sensitive user information, whether or not you enroll in the software's User Experience Improvement Program. The data includes not only things you'd expect for support, such as software versions and whether or not ad blocking is turned on, but also your entire web history -- including Google searches. The info is encrypted (the ZIP file that stores it is even disguised as an image file), but Exatel's discovery clearly shows that it wasn't too difficult to crack with some reverse engineering.
Maxthon was asked about the report and will let you know if it has a response. In its forums, the company did acknowledge that it collected info outside of UEIP, but maintained that it wasn't scooping up anything that "involves the user's privacy." That's an odd statement when history and searches are the very definition of private content. While Maxthon may not be doing anything wrong with the info it receives, there's a risk that an attacker could intercept that content and use it to learn more about potential targets. And that's no small issue when estimates suggest that there may be hundreds of millions of Maxthon users worldwide.
john - azdewars
Delete
Edit
Reply
Send to Friend
Report Abusepdb1
10,311 PostsSat, Jul 23 2016 8:32 PM
I'm not surprised . But since they are an award winning gaming browser in areas of speed and the use of less files for access . Can probably complicate sites like WGT in the reading of html files being that Maxthon is an unsupported browser . Likely for the simple fact that they do not respond to WGT either . Or anybody else .
Because they are awesome . And they got it like that . And they don't have to .
Paul
Please enjoy
_________________
May the SUN always be with you
home of
https://www.valleyofthesuncc.com/ an information and entertainment only website
» WGT REITERATES TO ME THEY DO NOT SUPPORT MAXTHON
» BROWSERHAWK RESULTS , PUZZLING W / MAXTHON .
» What browser for Windows 10?
» TEST YOUR BROWSER
Valley of the Sun Casual Club :: TODAY'S TECHNOLOGY TIPS FROM THE DOCTOR OF TECHNOLOGY AZDEWARS 143 TOPICS inside
Today at 12:42 pm by Paul
» JUMP JUMP JUMP THAT ROPE
Today at 12:28 pm by Paul
» VERY SEXY GIFS...3
Today at 12:22 pm by Paul
» DICTIONARY SCOOP * When Brands Go Too Far: *
Today at 11:36 am by Paul
» National Today * Major League Baseball Opening Day – March 28, 2024 *
Today at 11:30 am by Paul
» March National Celebration Days March 28 2024
Today at 11:20 am by Paul
» GIRL FISHING
Yesterday at 1:21 pm by Paul
» BEFORE & AFTER
Yesterday at 1:19 pm by Paul
» HISTORY FACTS * Each digit of your ZIP code has a meaning *
Yesterday at 12:12 pm by Paul
» National Today * International Whiskey Day – March 27, 2024 *
Yesterday at 12:07 pm by Paul
» March National Celebration Days March 27 2024
Yesterday at 12:01 pm by Paul
» INFORMATION VINE * The Unknown History of Antarctica *.
Tue 26 Mar 2024, 9:18 am by Paul
» INFORMATION VINE * The History of The Manhattan Project *.
Tue 26 Mar 2024, 9:15 am by Paul
» National Today * National Spinach Day – March 26, 2024 *
Tue 26 Mar 2024, 9:12 am by Paul
» March National Celebration Days March 26 2024
Tue 26 Mar 2024, 9:06 am by Paul