Follow

So browsing with javascript enabled is plain dangerous for your security and privacy. Disabling javascript is very unpractical. Is anyone doing javascript security policies of some sort in webbrowsers to prevent this kind of thing?
---
RT @mcbazza
Yep. eBay "scans" your computer using browser websockets after you login, looking for specific ports.
I see ports typically used by RDP, VNC, remote access/control. 14…
twitter.com/mcbazza/status/126

@systeemkabouter uMatrix for me.. But.. i might enable stuff if using eBay if stuff doesn't work. However, i think this uses XHR which probably end up disallowed, or obvious that the gui "needs it".

A VPN also would prevent the port scan?

NoScript or Privacy Badger, tbh i am not sure if they end up too permissive when used..

@jasper from what I've seen the portscan runs in javascript on localhost, so a VPN would do nothing. uMatrix is new for me, will look into it. Thanks :-)

@systeemkabouter
Also, closing the ports and using, port knocking might be a good idea, if you can get your applications to knock first.. Maybe clients of various programs should allow knocking to be specified in their configuration. Not sure how realistic that is?

Most people don't really use servers on their computers much at all?

github.com/jvinet/knock is one.. I extended it which uses a shared secret git.sr.ht/~jasper/knockoff , could even redirect the port/start a server on a varying port.

@jasper It's not that have something running, but it just the way there is not easy way to protect agains abuse like this.

@systeemkabouter Egregious invasion, all the more if it is automated at scale. On the contrary of what some articles state, I believe port scanning in this context may very well be illegal in many countries.

Sign in to participate in the conversation
CYBUR

CYBUR CYBUR CYBUR