• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

Web Tracking Scripts-Autofill data exfiltration

Will Norton Identity Safe protect against third-party advertising scripts that run in the background, and create fake login and password boxes you can’t even see, which captures your credentials if autofill is turned on for a website? I read an article about the vulnerability here: https://www.howtogeek.com/338209/you-should-turn-off-autofill-in-your-password-manager/  and here: https://freedom-to-tinker.com/2017/12/27/no-boundaries-for-user-identities-web-trackers-exploit-browser-login-managers/ . Two scripts that have been found that capture credentials, AdThink and OnAudience.

Replies

Kudos0

Re: Web Tracking Scripts-Autofill data exfiltration

Hello TSimonick Here is one of the serious vulnerabilities that Norton provides protection from, although an older threat is was a serious one. https://support.norton.com/sp/en/us/home/current/solutions/v99390394_EndUserProfile_en_us

You can enable your IDS and browse over to this website and run a test page for some results: https://senglehardt.com/demo/no_boundaries/loginmanager/index.html

Since your post states you are on Chrome the upcoming version 68 will begin labeling all HTTP websites as not secure. https://www.neowin.net/news/chrome-68-will-mark-http-websites-as-not-secure

For the two specifics you are asking about I will refer a question about them to the Norton team for their answer.

Cheers

Retired military (Navy 1980-2002) "From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Professional x 64 version 1803 / build 17134.48 / NSBU 22.14.0.54 / Norton Core v.237 / Norton BETA tester
Kudos1 Stats

Re: Web Tracking Scripts-Autofill data exfiltration

From the Freedom-to-Tinker website, one thing users can do to help protect themselves....

Users can install ad blockers or tracking protection extensions to prevent tracking by invasive third-party scripts. The domains used to serve the two scripts (behavioralengine.com and audienceinsights.net) are blocked by the EasyPrivacy blocklist.

Things happen. Export/Backup your Identity Safe data.
Kudos0

Re: Web Tracking Scripts-Autofill data exfiltration

Thanks for your input. I would like to hear from Norton about the specific scripts.

This thread is closed from further comment. Please visit the forum to start a new thread.