web firms record keystrokes of users

According to the study from Princeton University, more than 480 websites use technique of session replay to gain an understanding of how customers use websites. 

Study says that Hundreds of web firms are tracking every single keystroke made by visitors. Experts questioned the legality of using such software without user’s consent.”These scripts record your keystrokes, mouse movements, and scrolling behavior, along with the entire contents of the pages you visit, and may be send them to third-party servers.

The stated purpose of this data collection includes gathering insights into how users interact with websites and discovering broken or confusing pages. However the extent of data collected by these services far exceeds user expectations. Text typed into forms is collected before the user submits the form, and precise mouse movements are saved, all without any visual indication to the user. This data can’t reasonably be expected to be kept anonymous.

As per record by researchers in website : jagat  Analysis of seven of the top session replay companies (based on their relative popularity in our measurements ). The services studied are Yandex, FullStory, Hotjar, UserReplay, Smartlook, Clicktale, and SessionCam. They found these services in use on 482 of the Alexa top 50,000 sites.Collection of page content by third-party replay scripts may cause sensitive information such as medical conditions, credit card details and other personal information displayed on a page to leak to the third-party as part of the recording.

This may expose users to identity theft, online scams, and other unwanted behavior. The same is true for the collection of user inputs during checkout and registration processes.

Following are the red lines  :

1. Passwords are included in session recordings.

2. Sensitive user inputs are redacted in a partial and imperfect way.

3. Manual redaction of personally identifying information displayed on a page is a fundamentally insecure model.

4. Recording services may fail to protect user data.

Firms using the software included the UK’s news website the Telegraph, Samsung, Reuters, US retail giant Home Depot and CBS News.Paul Edon, director at security firm Tripwire said: “The first area of concerns here is the legality of recording people’s keystrokes without first informing them of the fact.If this is so reliability of users on to the websites bleaks to the point of negativity.

 

320 million password revealed – are any of them yours

Hello friends, I am backkkkk

A website developed by an Australian Mr. Troy Hunt (a security expert) and run by him. This site shows whether your email address has been stolen in a hack.

The link to the site is here

https://haveibeenpwned.com/passwords

or simply http://www.haveibeenpwned.com (as shown in the pic)

Here 320 million passwords gathered from dozens of world’s biggest data breaches been available. You can visit the site and check whether yours is or not.

If it is so then definitely change your password applying with more security options and if not pwned then lucky enough.

The word pwned is internet slang for owned which means to take advantage of someone. A hacker who has pwned you has stolen your data (mostly date of birth, interests, hobbies some times secrets also)

The site is easy to use : Simply type an old password , (not the current one) then press enter. If you are not pwned that doesn’t mean that you are safe enough,your safety depends on your alertness. It may be the chance that you are not indexed by the site.

You can also download passwords from the database from the site approx. 5.5 gb file. Hunt wrote in his blog that the site can be proved useful to every techsavvy as well as tech user or all sorts.

Ideally password should be at least of 15 characters with all sort of figures,alphabets,(caps and small) symbols/characters etc. so that safety is maintained as priority.

thanks for bearing

Jagat

How much safer are you with your antivirus

Hello my dear readers, Hope you people are fine,

I am sharing my post after couple of days due to busy schedule. We all are well aware of anti-viruses and their effectiveness since 1980’s when the term anti-virus was first establishing its name in the field of digital world. since then this word is jostling in the mind of computer users. In early years users did’nt gave  much weightage but as time passed and uses of computers and its applications increased, security measures to avoid any damage to softwares becomes a concern and the hence the importance of the antivirus was felt first. But a debate continued as to whether AVs are necessary or not. Sceptics sometimes blame security providers of hyperbolizing the issue. Some even reached to the extent of blame that the security companies create their own malwares and then put its crack later in market to establish and carry on their business. 

Former Firefox developer Robert O’ Callahan in his blog (www.snipca.com/23283) urged window 10 users to uninstall their antivirus saying that antivirus sellers are terrible. He recommended Windows defender as capable of any of the antivirus available in the market. This is what the topic I want to share over here. Yes, if the user is upto genuine windows and is having regular updates from Microsoft he/she must not be afraid of attacks or safety to maximum extent. Microsoft company itself worked and is working a lot in view of safety issues of the windows and utilities of Microsoft itself is providing all the common measures to keep its user safe and secure.

Why a big company like Microsoft will ignore such a major aspect of its product. As per former mozilla developer Antivirus hurt security significantly and poison other softwares of the windows as well. He draws on his own experience blaming AVs for blocking security updates to the browser which consumed major time of developer in fixing this. Security blogger Graham Cluley acknowledged that AVs sometimes suffered from its own flaws and vulnerablities. But people are crazy enough to use web without using one. In security lab test Microsoft defender did’nt overcome all security issues and failed in 10% but still it is recommended a better option than other rivals of the market. 

In my own experience, I tried to install one new AV as my old one getting expire a day after installation of new one and my new antivirus shows other as presence of virus. To my shock I tried to remove the files (vault backup) from my computer as there are chances when AVs put your infected files into their vault but still my new AV kept on showing my old one as virus. As per my view since XP is not being updated now from Microsoft and most of latest AVs do not offer any installation to XP hence safety of windows XP is on the verge of infection. Similarly windows vista and windows 7 too are vulnerable to an extent as these windows possess some old files which continued even in its latest versions too. Hence updating windows till windows 7 do not offer as much safety as required.Hence good antivirus becomes a necessity in this case. But windows 8 and 10 do provide a tough security to the sneakers if are updated to latest versions. 

In all I must say if your are using genuine windows with later versions your worry chances are reduced to large extent but still you can use antivirus with customized using capabilities for hastlefree browsing but pirated windows do need antivirus softwares from security point of view. Windows updates and availability of antivirus both are the need of hour as one cannot stay safe since thousands of attacks are being faced by your PC within an hour of your browsing in open world.

Thanks for reading

Jagat