The newest registered user is bitaacademy
Our users have posted a total of 44248 messages in 6532 subjects
WORLD CLOCK
The Maxthon Browser Is Not Secure
Valley of the Sun Casual Club :: TODAY'S TECHNOLOGY TIPS FROM THE DOCTOR OF TECHNOLOGY AZDEWARS 143 TOPICS inside
The Maxthon Browser Is Not Secure
azdewars
370 PostsSat, Jul 23 2016 7:24 PM
It allows conducting the targeted attack on a selected user by revealing the browser authors the complete list of exact versions of programms, some of which may be vulnerable, also providing them with user’s browsing history and Google searches.
The use of the symmetric cryptography and static encryption keys embedded in the code to obfuscate the transmission of the UEIP data, actually allows to conduct the Man-In-The-Middle attack by any attacker, resulting in decryption of the UEIP data intercepted between the user’s browser and the Maxthon server in Beijing.
It is also worth emphasising that the Exatel’s SOC got in touch with the creators of the Maxthon browser, sending a detailed technical report, with a request for Maxthon to respond, either in the form of a notice sent to the users about the type of data transmitted from their browsers to the Maxthon servers in Beijing, or in the form of a Maxthon browser software patch which would enable the alarmed users to deactivate effectively the transmission of the UEIP files to their servers. This request was ignored.
The latest version of the browser downloaded from the creators’ website (version 4.9.3.1000) was tested by the Exatel’s Security Operations Center team and still transmits the UEIP data, without respecting in any way the user’s choice regarding the participation in the UEIP programme. Until the delivery of this text for publication, nothing has changed.
Moving to an alternative web browser is no guarantee that you'll be less susceptible to privacy and security issues. Researchers at Exatel have [url=http://lwlink3.linkwithin.com/api/click?format=go&jsonp=vglnk_146878891653013&key=503c38809682907e0e07931326b1c03d&libId=iqr28vgq01012xfu000DAjj91r7gk38hg&loc=http%3A%2F%2Fwww.threatgeek.com%2F2016%2F07%2Fchinese-web-browsers-perfect-reconnaissance-tool.html&v=1&out=https%3A%2F%2Fexatel.pl%2Fadvisory%2Fmaxthonreporten.pdf&title=Chinese Browsers%3A The Perfect Reconnaissance Tool - Threat geek&txt=https%3A%2F%2Fexatel.pl%2Fadvisory%2Fmaxthonreporten.pdf]published[/url]a report claiming that Maxthon's browser transmits sensitive user information, whether or not you enroll in the software's User Experience Improvement Program. The data includes not only things you'd expect for support, such as software versions and whether or not ad blocking is turned on, but also your entire web history -- including Google searches. The info is encrypted (the ZIP file that stores it is even disguised as an image file), but Exatel's discovery clearly shows that it wasn't too difficult to crack with some reverse engineering.
Maxthon was asked about the report and will let you know if it has a response. In its forums, the company did acknowledge that it collected info outside of UEIP, but maintained that it wasn't scooping up anything that "involves the user's privacy." That's an odd statement when history and searches are the very definition of private content. While Maxthon may not be doing anything wrong with the info it receives, there's a risk that an attacker could intercept that content and use it to learn more about potential targets. And that's no small issue when estimates suggest that there may be hundreds of millions of Maxthon users worldwide.
john - azdewars
Delete
Edit
Reply
Send to Friend
Report Abusepdb1
10,311 PostsSat, Jul 23 2016 8:32 PM
I'm not surprised . But since they are an award winning gaming browser in areas of speed and the use of less files for access . Can probably complicate sites like WGT in the reading of html files being that Maxthon is an unsupported browser . Likely for the simple fact that they do not respond to WGT either . Or anybody else .
Because they are awesome . And they got it like that . And they don't have to .
Paul
Please enjoy
_________________
May the SUN always be with you
home of
https://www.valleyofthesuncc.com/ an information and entertainment only website
» WGT REITERATES TO ME THEY DO NOT SUPPORT MAXTHON
» BROWSERHAWK RESULTS , PUZZLING W / MAXTHON .
» What browser for Windows 10?
» TEST YOUR BROWSER
Valley of the Sun Casual Club :: TODAY'S TECHNOLOGY TIPS FROM THE DOCTOR OF TECHNOLOGY AZDEWARS 143 TOPICS inside
Yesterday at 5:36 pm by Paul
» MEME CELEBRITY...15
Yesterday at 5:29 pm by Paul
» BEFORE & AFTER
Yesterday at 4:14 pm by Paul
» MEMEHARBOR...3
Yesterday at 4:08 pm by Paul
» GIRL FISHING
Yesterday at 4:02 pm by Paul
» HISTORY FACTS * 7 Ways the Year 1968 Changed America *
Yesterday at 3:38 pm by Paul
» WISE TRIVIA QUIZ *Ice hockey is the official sport of which US state? *
Yesterday at 3:33 pm by Paul
» WISETRIVIA ANSWER PAGE
Yesterday at 3:32 pm by Paul
» Word Genius Word of the day * digerati *
Yesterday at 7:00 am by Paul
» NEW GUEST COUNTER
Yesterday at 6:55 am by Paul
» APRIL NATIONAL CELEBRATION DAYS APRIL 18 2024
Yesterday at 6:47 am by Paul
» QUIZ TREAT QUIZ *What are people born in the 50s called? *
Yesterday at 6:44 am by Paul
» QUIZ TREAT ANSWER PAGE
Yesterday at 6:42 am by Paul
» National Today * Blah Blah Blah Day – April 17, 2024 United States *
Wed 17 Apr 2024, 5:04 pm by Paul
» APRIL NATIONAL CELEBRATION DAYS APRIL 17 2024
Wed 17 Apr 2024, 4:58 pm by Paul