Is there anything ordinary users can do...?
-
I fear this question is likely foolish, but anyway...
"OnePlus has posted a FAQ on the incident. "One of our systems was attacked," the post reads. "A malicious script was injected into the payment page code to sniff out credit card info while it was being entered." OnePlus believes the script was functional from "mid-November 2017" to January 11, 2018, and it captured credit card numbers, expiration dates, and security codes that were typed into the site during that time. "
Presumably disabling Javascript might have helped, but then that's impossible frequently isn't it, else large swathes of web pages break? Is there anything that humble users can do to avoid such exploits? Is there anything V can do to block such exploits? I assume the answers are probably No & No.
-
You mean besides not using a credit card? If you pay your bill at some local retailer or use a payment service (PayPal) or cryptocurrency then you're safe - as long as PayPal or your crypto wallet don't get hacked.
If the script was actually hosted on the OnePlus site then nothing V can do about it. If the script was from another site then no browser should be loading it on a secure page and we wouldn't be having this discussion.
-
@sgunhouse said in Is there anything ordinary users can do...?:
You mean besides not using a credit card?
Yes. I was trusting that implicit in my enquiry would be exclusion of options like "no CC", "no internet", "no computer", "cave" et al.
-
Switch to GNU IceCat, w/ LibreJS
-- Just kidding -
@640k said in Is there anything ordinary users can do...?:
GNU IceCat
I had to DDG that, but wow, i'm sold on it, & have now removed Vivaldi in lieu of this.
-- Just kidding
-
The bad kitty breaks a lot of sites, but I still like it.
Vivaldi gives control back like I had on old Opera 12.x. -
GNU Icecat doesn't really solve the base problem. GNU Taler on the other hand...
-
@sgunhouse said in Is there anything ordinary users can do...?:
You mean besides not using a credit card?
Not an option for everyone. Besides, my credit card is insured against fraud. Most cards are, actually.
And while I strongly advocate using local dealers, I can't buy just any software license there (just to give an example...).If you [...] use a payment service (PayPal) or cryptocurrency then
... the relevant payment information (login) could just as easily have been skimmed.
If the script was actually hosted on the OnePlus site then nothing V can do about it. If the script was from another site then no browser should be loading it on a secure page and we wouldn't be having this discussion.
You're right there - nevertheless I also strongly encourage people to disable javascript generally and only allow a whitelist, and second to disallow 3rd party resources and scripts generally, and only allow them after proper reflection.
Both would probably not have worked in this case, anyway.
-