SEOClerks

Heist, New Exploit Discovered by Security Researchers !



Enter a reason for deleting this comment

Heist, New Exploit Discovered by Security Researchers !

Over the years we’ve seen a lot of different exploits that can be used to attack websites , actually an exploit it’s just a “way” to bypass your site security directly from your site or indirectly through third parties website (in this case through ads). The latest exploit discovered by security researchers is called heist (Http Encrypted information Stolen through TCP-Windows ), which is capable to attack secured websites (https) using only a javascript code which might be hidden in any ads. This can be prevented only if you disable third party cookies in your browser, also since this “exploit” is discovered I’m sure that browsers and other companies will release a security patch for that.

Comments

Please login or sign up to leave a comment

Join
Cristian

Thanks for the information on all of this! Hope Chrome will develop an update as fast as possible so we can all be safe.




Are you sure you want to delete this post?

procoder

Yeah i'm sure they will patch it very soon, at least chrome should do that because it's the only browser that i'm using lol




Are you sure you want to delete this post?

idealmike

Yeah I was reading about this last night. It came up on my News app on my phone (iOS) and it was saying basically that HTTPS/TLS isn't secure at all until this has been fixed and that the only way of securing yourself for now is to block all cookies but that's not really a good workaround as you need cookies enabled sometimes to be able to login and stay logged in on a site. The other option was to disable all ads showing which I do anyway using AdBlock. But it's quite scary to think that your data and anything you punch into your PC can be intercepted and used nefariously. I really hope they come up with a fix soon otherwise this is/could lead to some serious implications and we may just end up hearing horror stories of people who have had their data and even ID stolen/replicated. Scary stuff!




Are you sure you want to delete this post?

Everett

I have seen this, and it's quite alarming. Just how long has this been going on for? You'd think with all the updates these days that people would be able to find exploits more efficiently. There was the SSL exploit which effected thousands to millions of websites, and now this "new" Heist exploit..




Are you sure you want to delete this post?