Microsoft Edge vulnerability could let people hijack your Twitter (or any other) account

[vanished]

2 minutes ago, themctipers said:

then how does it work? All I'm seeing is; if you on a site with this JavaScript , you'll get hijacked 

but, the only website I use on edge was and still is edge.. I only use edge for LTT since Chrome ram leaks 

so as long as LTT doesn't get hijacked, my LTT password (I assume how this works is that it'll take it somehow.. Don't have it in edge's password manager) won't get stolen 

idk anymore... my understanding is that anything you use Edge for is vulnerable, and there was no qualifier on that

[Nowak]

2 minutes ago, Ryan_Vickers said:

idk anymore... my understanding is that anything you use Edge for is vulnerable, and there was no qualifier on that

Yup, if you use the password manager in Edge, any website is vulnerable. You have to use a series of iframes and SOP bypasses, but every website you browse with Edge is vulnerable.

[vanished]

1 minute ago, Daring said:

Yup, if you use the password manager in Edge, any website is vulnerable. You have to use a series of iframes and SOP bypasses, but every website you browse with Edge is vulnerable.

Alright, thanks for the clarification.  Now, about this line...

Quote

This vulnerability also exists in all versions of Windows 10, and hasn't been patched.

Frankly this seems like a bigger concern.

[Nowak]

1 minute ago, Ryan_Vickers said:

Frankly this seems like a bigger concern.

Edge doesn't get any major updates unless it's in a major Windows 10 update, although if Internet Explorer is anything to go by, security patches will be delivered through Windows Update.

[Jito463]

21 hours ago, Marshall212 said:

... and that kids is why I use chrome

So instead of password stealing, you just get data mined by Google.  Congrats.

[Jito463]

16 hours ago, SCHISCHKA said:

im pretty sure the noscript plugin will protect against this. I don't know if it is on edge. Since when did people start using a Microsoft browser? For some reason I'm thinking of the man at the end of the planet of the apes film

I'm more partial to this scene.  There goes the planet.

 

 

[suicidalfranco]

46 minutes ago, Jito463 said:

So instead of password stealing and being data mined by MS, you just get data mined by Google.  Congrats.

fify

[LAwLz]

8 hours ago, SansVarnic said:

*cough* Bullshit *cough* Today all software has some kind of telemetry built in.

Why are people thumbing up garbage like this post? You're extremely wrong and I will enjoy seeing you backpedal out of this situation. My guess is that you will come up with silly excuses for why these particular programs don't count as software.

 

Okay then, prove to me that these programs collect telemetry and do not allow the user to turn it off:

Firefox

FFmpeg

MPC-HC

PuTTY

Notepad++

SumatraPDF

Irfanview

Wire

Hexchat

 

Since you claim that all software today has some kind of telemetry built in (that can't be shut off, please keep in mind that I was very clear about that in my post) it should not be that hard to prove, right?

But something tells me that neither you, nor the people who thumbed you up even possesses the expertise to actually validate such a claim.

 

If @ARikozuM, @Dabombinableor @Colonel_Gerdauf feel like joining in and prove that these programs have mandatory telemetry then go ahead.

[BobyTheDragon]

2 hours ago, Jito463 said:

So instead of password stealing, you just get data mined by Google.  Congrats.

*ahem* Microsoft edge is part of windows 10 so im having my data stolen anyway...

[Dabombinable]

4 minutes ago, LAwLz said:

Why are people thumbing up garbage like this post? You're extremely wrong and I will enjoy seeing you backpedal out of this situation. My guess is that you will come up with silly excuses for why these particular programs don't count as software.

 

Okay then, prove to me that these programs collect telemetry and do not allow the user to turn it off:

Firefox

FFmpeg

MPC-HC

PuTTY

Notepad++

SumatraPDF

Irfanview

Wire

Hexchat

 

Since you claim that all software today has some kind of telemetry built in (that can't be shut off, please keep in mind that I was very clear about that in my post) it should not be that hard to prove, right?

But something tells me that neither you, nor the people who thumbed you up even possesses the expertise to actually validate such a claim.

 

If @ARikozuM, @Dabombinableor @Colonel_Gerdauf feel like joining in and prove that these programs have mandatory telemetry then go ahead.

They don't....

[Dabombinable]

6 minutes ago, LAwLz said:

Irfanview

I didn't realise that it supports Windows 98SE+ME. It'll be going straight onto my legacy gaming rig.

[LAwLz]

10 minutes ago, Dabombinable said:

They don't....

Oh, good. I thought you were thumbing him up because he said I was talking bullshit.

[AlTech]

2 hours ago, LAwLz said:

Why are people thumbing up garbage like this post? You're extremely wrong and I will enjoy seeing you backpedal out of this situation. My guess is that you will come up with silly excuses for why these particular programs don't count as software.

 

Okay then, prove to me that these programs collect telemetry and do not allow the user to turn it off:

Firefox

There's telemetry in firefox but it appears to be able to be disabled.

 

A lot of people use Google Chrome and we all know how much data Chrome collects. The second you type something in the search bar it is sent to Google.

2 hours ago, LAwLz said:

Since you claim that all software today has some kind of telemetry built in

I did not say anything of the sort.

 

Telemetry is part of many programs whether you use them or not. In many cases it is optional but it exists nonetheless. There are some programs which use telemetry which make it mandatory. That is how life is.

 

 

2 hours ago, LAwLz said:

If @ARikozuM, @Dabombinableor @Colonel_Gerdauf feel like joining in and prove that these programs have mandatory telemetry then go ahead.

You use obscure programs which 99.99999% of people do not use.

 

Pick the 20 most common desktop apps and let's see how they compare on telemetry.

[LAwLz]

54 minutes ago, AluminiumTech said:

There's telemetry in firefox but it appears to be able to be disabled.

Yep exactly. It even asks you if you want to turn it off. Can't remember if it is as install or at the first run.

 

55 minutes ago, AluminiumTech said:

I did not say anything of the sort.

You didn't, but my post wasn't a response to you. It was a response to SansVarnic which said:

12 hours ago, SansVarnic said:

*cough* Bullshit *cough* Today all software has some kind of telemetry built in.

You said that every major piece of software had it (which I would say is false, but it depends on your definition of "major"). I replied saying that the programs I use don't have it, to which Sans said I was talking bullshit and that in fact all software has it.

 

58 minutes ago, AluminiumTech said:

You use obscure programs which 99.99999% of people do not use.

They aren't obscure at all.

Firefox - One of the most popular web browsers. Not sure if it is the second or third right now.

FFmpeg - Used by a ton of people every single day without them even realizing it (you might have heard of programs such as VLC and Handbrake before, right?)

MPC-HC - One of the most widely used media players for Windows.

PuTTY - This is THE SSH client for Windows. You will have a very hard time finding any decent IT professional who has not heard of PuTTY.

NotePad++ - Not obscure at all.

SumatraPDF - This is probably the most obscure program on the list.

Irfanview - Not obscure. It is very widely used and recommended.

Wire - Obscure, I'll give you that.

Hexchat - Probably the most popular IRC client after mIRC.

 

You're correct in saying that 99% of people don't use those programs, but the same could be said about almost any program. I am having a really hard time thinking of 20 programs that more than 1% of people use to be honest. The programs I listed however are very big in their respective category.

[suicidalfranco]

9 minutes ago, LAwLz said:

Yep exactly. It even asks you if you want to turn it off. Can't remember if it is as install or at the first run.

 

It asks you if you want to turn it on at first launch

 

[vanished]

9 hours ago, AluminiumTech said:

A lot of people use Google Chrome and we all know how much data Chrome collects. The second you type something in the search bar it is sent to Google.

I'm pretty sure you can turn that off (and in fact, last time I checked this was actually opt-in but maybe that's changed).

Regardless, this is the least concerning collection they do, I'm sure.  That said, I don't have any worried about what Google is doing with it.

[SansVarnic]

16 hours ago, LAwLz said:

Since you claim that all software today has some kind of telemetry built in (that can't be shut off, please keep in mind that I was very clear about that in my post) it should not be that hard to prove, right?

But something tells me that neither you, nor the people who thumbed you up even possesses the expertise to actually validate such a claim.

First when you wanna call me out, please do right, I didn't make the claim you said I did. 

I never claimed the telemetry could not be turned off, just that all software TODAY has built in telemetry of some sort.

 

*edit

I apologize for the BS comment I was quick to reply and frankly it is not normal for me to do something like that.  

I am not going to prove anything for the reason that I just don't have time today to do so. That said; Any and all software being released today does has some sort of telemetry built in whether it is optionally able to be disabled or not. 

[Vulrax]

Glad i use chrome, and opera

[LAwLz]

22 minutes ago, SansVarnic said:

That said; Any and all software being released today does has some sort of telemetry built in whether it is optionally able to be disabled or not. 

Apology accepted, but the part of your post I am quoting is still false.

There is plenty of software being released today which does not include telemetry. Your statement might be true for the programs you use, but you don't even use 0.001% of all the programs released today. Your statement is certainly not true for a lot of programs I use, which are new and up to date.

[SpaceGhostC2C]

On 4/26/2017 at 8:09 AM, Daring said:

.

I don't really have much to add that the article doesn't already say, but I will repeat Laptop Magazine's urges to not use Edge until Microsoft issues a patch. If you care about your online safety, switching away from Edge, even if just for a bit, is a necessity right now.

It is enough to not use the password manager /autofill features, though. I mean, if you already have, you would need to clean them first or wait for the patch. 

On 4/26/2017 at 0:38 PM, AluminiumTech said:

 

I use Edge on a daily basis.

 

How come so many don't like Edge?

I thought by now you would have realized that you basically like everything Microsoft does, while others, not so much. 

 

On 4/26/2017 at 2:36 PM, dmegatool said:

A power user browser that still haven't implemented sync 2+ years later even if it's the most requested feature. Like I'm gonna manually sync my bookmark, history and extension between 3 computers and my phone xD. Not gonna happen.

Many people go for alternative chromium browsers precisely to avoid centralized storage of personal information. 

 

On 4/26/2017 at 3:33 PM, AluminiumTech said:

Telemetry is not the same as data collection. You misunderstand what it is you are saying versus what you mean.

 

Telemetry is at it's heart, crash information, OS version, OS builds, app version. Error reporting mechanisms.

 

Data collection outside of that is not telemetry. It is simply data collection.

 

Edge uses telemetry and relies on people to report findings to MS so they can fix issues. If you have a problem with this then you fundamentally should have a problem with every major piece of software you use.

No, it's YOU who don't know what telemetry is. Of Greek origin, "tele"  refers to distant (as in tele-vision), and "metry" to metrics, measurement. "Telemetry" LITERALLY "remote data collection", and it's used in other contexts in exactly the same way. It's meaning couldn't be more transparent. 

[AlTech]

2 minutes ago, SpaceGhostC2C said:

I thought by now you would have realized that you basically like everything Microsoft does, while others, not so much. 

No. There are things I don't like which they do.

 

The Xbox Game Bar in Windows 10 is joke. I never use it and wish it was removed from Windows.

[Jito463]

22 minutes ago, AluminiumTech said:

The Xbox Game Bar in Windows 10 is joke. I never use it and wish it was removed from Windows.

I've removed it.  I couldn't recall the steps, so I searched and found this.  I believe it's basically the same as what I did.

 

http://www.teoti.com/useful/136127-how-to-remove-xbox-from-windows-10.html

[dmegatool]

12 hours ago, SpaceGhostC2C said:

Many people go for alternative chromium browsers precisely to avoid centralized storage of personal information. 

That's why I suggested to just put it to a 3rd party. If you encrypt it before uploading, that would be enough... At least for me.

[FakezZ]

On 4/27/2017 at 1:00 AM, SansVarnic said:

I never use Password Managers to begin with, they cant be trusted as it is; if it is coded it can be broken. 

I will still use edge as I like the UI vs other Browsers. 

 

*cough* Bullshit *cough* Today all software has some kind of telemetry built in.

Do you even Open Source m8?

[Blade of Grass]

On 2017-04-26 at 4:00 PM, SansVarnic said:

I never use Password Managers to begin with, they cant be trusted as it is; if it is coded it can be broken. 

What's the alternative to using a password manager? How do you suggest making, and remembering, all the unique cryptographically secure passwords for each site that you use?