- May 7, 2015
- 887
- 377
- 136
Apparently Kaspersky knows everywhere you go.
Jump down to the Kaspersky section.
https://www.grc.com/sn/SN-728-Notes.pdf
Jump down to the Kaspersky section.
https://www.grc.com/sn/SN-728-Notes.pdf
Kaspersky problem?
- Thread starter IBMJunkman
- Start date
UsandThem
Elite Member
- May 4, 2000
- 16,068
- 7,383
- 146
Here's a website for users to see what this is about, instead of having to download and search through a PDF file.
https://www.tomsguide.com/news/kaspersky-antivirus-software-exposed-millions-to-web-tracking
Kaspersky response:
https://usa.kaspersky.com/blog/tracking-ids-bug/18470/
https://www.tomsguide.com/news/kaspersky-antivirus-software-exposed-millions-to-web-tracking
Kaspersky response:
https://usa.kaspersky.com/blog/tracking-ids-bug/18470/
VirtualLarry
No Lifer
- Aug 25, 2001
- 56,571
- 10,206
- 126
Wow, just wow. Didn't Kaspersky learn from the PIII ID foible? They were around back then, I think.
mikeymikec
Lifer
- May 19, 2011
- 20,378
- 15,066
- 136
I'm more than a little sceptical about Kaspersky's intentions here.
I can think of only one (non-malicious) reason why such an ID would be communicated, and that would be for Kaspersky's activation system, but to broadcast it to every website the user visits is utterly absurd: why send it everywhere, it's potentially disruptive to the functionality of the site when being browsed on that user's machine, and it provides valuable information to an attacker.
The fact that they made it a UI configurable option blatantly shows that it's not a bug, it's a feature. I also find it interesting that they offered no explanation for why the feature is there.
Their second reason why "it's not a big deal" is utterly hilarious though:
An attacker targeting a specific product? Inconceivable! Not to mention luring users to their website. That's literally never happened to a Kaspersky user, ever.
it reminds me of when Microsoft once responded, "that vulnerability is purely theoretical!".
Well Kaspersky, I've thought of your products as competently designed, but now in my view you're wearing the clown shoes of the security business. I do hope the black hats go out in force to give you a proper spanking for this.
- edit - after thinking about this a bit more, it seems to me that Kaspersky is playing the fool while giving out no useful information whatsoever.
I can think of only one (non-malicious) reason why such an ID would be communicated, and that would be for Kaspersky's activation system, but to broadcast it to every website the user visits is utterly absurd: why send it everywhere, it's potentially disruptive to the functionality of the site when being browsed on that user's machine, and it provides valuable information to an attacker.
The fact that they made it a UI configurable option blatantly shows that it's not a bug, it's a feature. I also find it interesting that they offered no explanation for why the feature is there.
Their second reason why "it's not a big deal" is utterly hilarious though:
An attacker targeting a specific product? Inconceivable! Not to mention luring users to their website. That's literally never happened to a Kaspersky user, ever.
it reminds me of when Microsoft once responded, "that vulnerability is purely theoretical!".
Well Kaspersky, I've thought of your products as competently designed, but now in my view you're wearing the clown shoes of the security business. I do hope the black hats go out in force to give you a proper spanking for this.
- edit - after thinking about this a bit more, it seems to me that Kaspersky is playing the fool while giving out no useful information whatsoever.
Last edited:
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 21K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter