They can't hack those,can they? I love being old school!
Do not underestimate NSA and CIA. They spy Russians for many years (and vice versa).
Hence they keep secrets by typewriter
During much of the Cold War typewriters were state of the art, so they were the focus of spooks and spies just as mobile phone networks, emails and social networks are today. Techniques were developed to use cheap microphones to listen to key taps and decipher what was being written, spy cameras could peer over typist’s shoulders and undercover agents could photograph and leak documents. Debonair KGB agents were even tasked with seducing typists and winkling information from them.
In 1984 the NSA became paranoid about the extent of this sort of Russian infiltration and began what it called Project Gunman, under which it replaced every piece of communications equipment at embassies in Moscow and Leningrad. It shipped the old devices back to the US for analysis, and when they were X-rayed it was discovered that 16 IBM Selectric typewriters had been bugged. For eight years they had sent the contents of every single document to the Kremlin, via a man crouching outside with a radio receiver.
I am afraid that using legal HTML5 APIs for infecting a web browser is somewhat similar as using LOLBins (LOLLibs) for infecting the system.Before we get too bent out of shape over this, please note that it is just a Proof of Concept. It is not malware that actually exists. And, like so many thousands of other vulnerabilities, it will probably be patched by Google and Mozilla and MS before it hits the wild.
I miss the click to play option that was in flash. In html5 you maybe able to stop autoplay but media still loads, wastes your bandwith and resources.HTML5, which can not be blocked as easily as flash. Who would have thought. And this is just the beginning, so much for the hated flash.
It seems to utilize iframes like crypto-mining malware, so blocking them should help, like popup blockers do.
Except that there's actually no proof of concept, just a paper making allegations without any actual demonstration or code.Before we get too bent out of shape over this, please note that it is just a Proof of Concept. It is not malware that actually exists. And, like so many thousands of other vulnerabilities, it will probably be patched by Google and Mozilla and MS before it hits the wild.
Thanks for the link. Good reading.Except that there's actually no proof of concept, just a paper making allegations without any actual demonstration or code.
If there is indeed a way to achieve persistence, it's with a specific browser implementation, not the Service Worker API.
Taken from palemoon forumswrote:About Push in Pale Moon:
Pale Moon mixed content blocking
Service workers in Pale Moon:
Service workers are a terrible idea, unless you actually enjoy the idea of having your browser do stuff "in the background" that you have absolutely no control over.
We have no plans whatsoever to implement or enable this, because it's a privacy and security nightmare.