A flaw in Kaspersky software that allows websites to collect personal data about users

A flaw in Kaspersky software that allows websites to collect personal data about users

August 20, 2019 Off By admin

In general, antivirus is used to protect ourselves and also sometimes to close the security vulnerabilities that undermine our computer devices.

However, we often forget that antivirus is itself software that could also have flaws.

This is the case of the famous Kaspersky antivirus.

This article may also interest you: The best antivirus software in 2019

Recently, he it was discovered that this antivirus was observing a flaw that allowed the tracking of users through websites. Apparently it's been going back now 2015. The Russian computer security company, publisher of the antivirus that bears his name has acknowledged that, in fact, there is a loophole in its program. And this flaw made it possible to trace users every time it's last make a visit to the websites.

This discovery was made by a German columnist, an expert in computer security, from Computer Technik media. According to his revelations, the web interface of the Kaspersky protection has a site analysis feature and notifies users by a green icon when these sites are reliable. During this period, process, the same antivirus ejects a digital identifier at the same time on this web page, which would identify visitors. ID that can be easily retrieved later by managers site. And this, very easily. They could then use it to associate users of the net to personal data.

One wonders how a company that was supposed to protect its customers was the channel by delivered and all these years. It is noted that as opposed to cookies, it was literally impossible to protect prevent this tracking, which did not appear to be illegal.

The researcher at the origin of this discovery to show that the tracking code was on all state web pages composed of a HTTPS address that has a number within it standard. This number, which could be used to identify in a unique way a user. This serial number was quite different from one machine to another but did not change for the same machine regardless of the site visited.

Those who seem to more serious in this story is that it has been shown that with the help of individual server, anyone had the opportunity to extract discreet this identifier without the user even knowing it. And that even if the user was using a stealth mode of navigation regardless of the browser. This identifier had the option of associating the user with personal data that could be login credentials of the personal references, such as surnames, the names of relatives and Contacts.

The company computer security responded by notifying that the flaw had been determined and that now a fix is available to address this problem. The firm reassures that even if the flaw was obvious it could not allow an attack and profitable for any pirate

On the expert side who discovered this flaw, Kaspersky's proposal is not enough because, according to him, malicious sites can still use the collected serial numbers to determine which users will install the security patches and try to find a way around them. For him in all cases users are always in danger regardless of the fix that Kaspersky will offer. So we wonder exactly what strategies to adopt on the issue.

Now access an unlimited number of passwords:

Check out our hacking software