Friday, November 15, 2019
No menu items!

How Advertisers Secretly Steal Your Login Details

Must Read

Is It Possible For Any Politician To Tell The Truth?

It’s fast becoming impossible for ordinary voters to know which politicians to believe. The days of honest statesmen brokering deals...

Melting Ice Cap Could Raise Oceans 11 Feet Within A Century

As 11,000 scientists from around the world unite to declare a global climate emergency, a terrifying warning from the...

Internet Music Service Out Of Tune With Copyright Law

The internet dilemma of who owns the rights to content has just taken a new twist with a ruling...

Ever wondered why you those pesky adverts follow you around the internet after you have searched for something to buy online?

One reason is ad spammers are stealing your email address without you knowing with secret forms.

A team of web researchers have revealed that online advertisers harvest email address and search information when you autocomplete a form with your browser’s password manager.

The data can help the admen track you across the web and to build a profile of your online likes.

The team from America’s prestigious Princeton University have detected the code to harvest email addresses on more than a thousand high-traffic web sites.

Abusing the password manager

The code spoofs your browser password manager to populate an invisible form and to send the data to a database.

The researchers explained that the main fear was hackers stealing passwords from web sites – but no evidence of malicious code to grab online access code was found across 50,000 servers.

“All major browsers have built-in login managers that save and automatically fill in username and password data to make the login experience more seamless. The set of heuristics used to determine which login forms will be auto filled varies by browser, but the basic requirement is that a username and password field be available.

“Login form auto filling in general doesn’t require user interaction; all of the major browsers will autofill the username, which is often an email address, immediately, regardless of the visibility of the form,” said the researchers.

The offending web services

“Google Chrome doesn’t autofill the password field until the user clicks or touches anywhere on the page. Other browsers we tested don’t require user interaction to autofill password fields.

“Third-party JavaScript can retrieve the saved credentials by creating a form with the username and password fields, which will then be auto filled by the login manager.”

The main script abusing password managers is Adthink – which was hiding on 1047 web sites under an audienceinsights.com web address. The other is OnAudience, which was on 63 sites as behaviouralengine.com.

The researchers suggest switching off automatic login is the best defence.

The scripts were found on a range of popular browsers, including Firefox, Chrome, Internet Explorer, Edge and Safari.

Click here for a full list of web sites with the tracking code

>

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

Is It Possible For Any Politician To Tell The Truth?

It’s fast becoming impossible for ordinary voters to know which politicians to believe. The days of honest statesmen brokering deals...

Melting Ice Cap Could Raise Oceans 11 Feet Within A Century

As 11,000 scientists from around the world unite to declare a global climate emergency, a terrifying warning from the past predicts sea levels could...

Internet Music Service Out Of Tune With Copyright Law

The internet dilemma of who owns the rights to content has just taken a new twist with a ruling by the High Court in...

And The Word Of The Year For 2019 Is…

English is changing all the time as new words fall in and out of fashion, and the latest in vogue phrase is ‘climate strike’,...

Wildfires – How Science Is Helping To Dampen The Flames

Wild fires raging in some corner of the world seem to be hot off the press and in the news a lot. Huge fires have...

More Articles Like This