Timeline for Is HTML5 vibrate feature a security vulnerability?
Current License: CC BY-SA 3.0
19 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Sep 26, 2016 at 18:58 | answer | added | bwDraco | timeline score: 3 | |
| Feb 28, 2016 at 17:54 | comment | added | Michael Scheper | @immibis et al: While these scams may be 'obvious' or 'a give-away' for you and me, this is not true for less web-savvy people—arguably most users. I wouldn't be remotely shocked if my non-technical workmates and family members have computers and phones riddled with malware and spam apps, especially Windows machines. Have you ever had a family member ask you how to get out of part of a program, when the computer is telling them exactly what to do? They're not necessarily dumb; they just haven't been using technology as competently as us, and they won't notice these 'obvious give-aways'. | |
| Nov 30, 2015 at 15:39 | comment | added | Lie Ryan | @Kevin Keane: the keyword is User-Agent spoofing, which is the HTTP header where the browser embeds these info on every HTTP requests. | |
| Nov 30, 2015 at 1:09 | answer | added | Kevin Keane | timeline score: 2 | |
| Nov 30, 2015 at 1:05 | comment | added | Kevin Keane | The alert showing your phone and OS version is easily explained: Web browsers submit this information with every page request. One thing you can probably do is install a profile spoofing plugin; I am using such a plugin on my desktop Firefox, and it's likely also available for mobile. So sometimes Web sites think that I'm using Chrome on MacOS, sometimes that I'm using Opera on Windows 7, etc. | |
| Aug 4, 2015 at 14:12 | vote | accept | Question Overflow | ||
| Aug 3, 2015 at 14:18 | comment | added | phyrfox | There are other indicators, such as visiting a well-known site (e.g. www.microsoft.com) versus an address bar that shows something like "advancedmicrosofttechnicalsupport.com.ru" with no SSL certificate or an invalid certificate, etc. In other words, one really does need to learn to identify content by grammar, presentation, SSL security, and, my favorite, common sense. A browser is "sandboxed" from the system, so if you see "the page says", you're in a browser, and browsers cannot scan your system for viruses. | |
| Aug 3, 2015 at 14:14 | comment | added | phyrfox | Re: Grammar. It's not a direct correlation (i.e. "good grammar is legitimate" and "bad grammar is a scammer"), it's simply an indicator ("this content has bad grammar and so is probably a scam" versus "this content has good grammar, so I need to investigate more"). I also primarily speak for English, and more particularly American English, where I live. We see this sort of message all the time on anything remotely dodgy, especially on adult-oriented sites with banner ads targeting Americans (by IP). | |
| Aug 3, 2015 at 14:02 | comment | added | Hagen von Eitzen | Bad grammer need not be a giveaway for illegitimatecontent. For example, the mostly harmless MicroSoft support website offers German information that is produced by an awfully bad machine translation (so bad that I as a native speaker of German often fail to understand anything of the text). | |
| Aug 3, 2015 at 11:15 | comment | added | Lie Ryan | @phyrfox: good grammars doesn't necessarily mean it's a legitimate warning. While bad grammar is an immediate give away that the warning is likely illegitimate, there see other things you need to pay attention to; for example, the "The page at ... says" is a dead give away that the dialog box is from the page in the browser, not the system. | |
| Aug 3, 2015 at 1:50 | comment | added | phyrfox | By the way, not directly an answer, but you should always read the message on the screen. Would an American say "You are badly infected with (4) Virus"? No. They wouldn't. Read the message aloud. If it sounds like bad English, it's because it's a scammer from another country. Also, "your phone is exposed to HIGH RISK and UNSECURED" is grammatically uncomfortable, as opposed to "your phone is unsecured, and potentially vulnerable." Learning how to recognize a scam should be your top priority, not asking about vibration. | |
| Aug 2, 2015 at 22:03 | comment | added | Stack Exchange Broke The Law | "This page at andro-apps.com says:" should be a dead giveaway. | |
| Aug 2, 2015 at 21:28 | comment | added | zxq9 | At least now you know what browser to stop using. That this is even possible is ridiculous. Not that the status of actual security on anything mobile (or even the web in general) isn't hopeless and laughable, but this is big, hearty, roaring belly-laughable. | |
| Aug 2, 2015 at 16:55 | comment | added | kasperd | There are loads of javascript features which can be abused and should never have been enabled by default in the first place. But too often browser vendors worry more about breaking some legitimate usage than about features being abused. | |
| Aug 2, 2015 at 14:37 | answer | added | David Mulder | timeline score: 4 | |
| Aug 2, 2015 at 11:45 | history | tweeted | twitter.com/#!/StackSecurity/status/627807414591574016 | ||
| Aug 2, 2015 at 11:00 | answer | added | Cristian Dobre | timeline score: 29 | |
| Aug 2, 2015 at 10:37 | answer | added | user45139 | timeline score: 6 | |
| Aug 2, 2015 at 10:20 | history | asked | Question Overflow | CC BY-SA 3.0 |