@Marko-Indaco , I have it in my bookmarks a long time ago, there is also an extension in the Chrome Store
Although the list is still missing many pages, it is an excellent orientation.
I suggest all those that have an issue should be blocking google domains properly via HOSTS or similar DNS blocking, then stop worrying about what the browser can do if you can't be bothered disabling those options.
The AV is average at best, but I have other reasons for never wanting comodo software in my system.
Comodo have themselves been in far too many negative news stories for borking SSL protection and engaging in malpractice exactly the same as Symantec and StartSSL, yet Comodo are still allowed to carry on as they were, while the other 2 were forced to stop.
As far as I am concerned the state of the worlds security is being made worse every day while Comodo still issue certificates and allow multiple levels of reselling.
Several studies show almost all malware that uses a valid cert to bypass security checks comes from comodo or one of its resellers.
They have made no effort to change this, or revoke any malware certs.
This is not the behaviour I expect from a "trusted" security company.
@KSB , it is a pity that there are few mobiles that support Linux, to be able to leave having to choose only between Apple or Google.
Basically a pity for the missing Windows Phone, which was gorgeous and also the safest mobile OS, almost impossible to hack as it was shown in a hacker competition some time ago, where iOS and Android fell in a matter of minutes and WP left it impossible, that after half an hour they only managed to access cookies.
@luetage said in Twitter suffers worst security breach in network's history:
@KSB No idea, my reply wasn’t exactly serious. But you got my attention, what exactly is a targeted social engineering attack?
@Pathduck said in Twitter suffers worst security breach in network's history:
@KSB Tricking your target into opening an email attachment by referring to someone they know for instance, could be a social engineering attack. There are no clear borders between attack types, they can be combined.
"Holiday photos! Aunt Alice has sent you a slideshow! Click here to view them: Photos.exe"
Also, it's more convenient for Twitter to say an employee was manipulated to give away information than admitting their infrastructure was open to attack. The employee(s) get a slap on the wrist (or fired, depending), and everyone assumes things are safe again...
True, but in this instance it is known that they were "convinced" to provide access to internal tools. There was no slight of hand.
@Catweazle said in How secure is your browser?:
suspected of being a paid advertisement for an alleged "winner" of this "test".
Totally agree. They are blatantly promotional.
@JohnConnorBear said in How is Google getting my web history?:
Those scripts use cookies but they can access a lot of other information runtime like your client configuration, your "history"
Apparently they thought of that in O12 and earlier.
Users could disable scripts reading the 'History' file.
It was enabled by default.
This is from the latest O12 but I remember it from previous versions. Not sure how far back, or how effective it was.
Sadly no browser has this setting today.
@LonM
I actually quoted the headline from the news item it appeared in.
(It is good form to ask someone to correct or change an element in a post)
Yeah the headline without the links would be misleading.
I think there is a difference between one who is posted on the edge of a road, counting the cars and the type that go through it, and another who does it too, but who also points out the license plates, to find out the name and address of the owners, their destination where they go and where they work, to then give this information to third parties, for them they fill their mailbox with "personalized" advertisings.
https://tosdr.org/
@greybeard It's an interesting hack. Just shows that modern browsers are much too lenient in what they will allow, like full-size cross-domain iframes and javascript run from places where it should never run.
Then again, I don't really see the relevance of an "evil favicon", as they would be free to just add a script in their page and still run a full-size iframe, then check the location of that iframe to see if it was on a checkout page.
@dtakaishi , I use Vivaldi mail mainly for information and news from Vivaldi, otherwise I use Proton mail and Tutanota, free of charge, as a particular I do not have a volume of mails that would justify using a paid service.
@newscpq , in principle there should be no problems as these extensions are list based. Although the same list is used by another extension there should be no conflicts. 4 eyes see more than 2. Another thing is the need to use all, I think with the Vivaldi blocker, Privacy Badger and Canvas Fingerprint spoofer you are on the safe side.
