Comment by galaxy_gas

Comment by galaxy_gas 3 days ago

11 replies

View on Hacker News

Many sites do it .Included in many standard device fingerprinting / anti anonymity SAAS. Ebay facebook etc all do this ! But it looks this is first party to prevent the adblocking of them

1MB of obfuscated fingerprinting + portscan + Webgl . But oddity this one is trying to find burp suite specific route's.

meitham 3 days ago

Madness! How do I harden my network against that?

Reply View 9 replies
  • bawolff 3 days ago

    Chrome is already in the process of killing it https://developer.chrome.com/blog/local-network-access

    Reply View 4 replies
    • ahdanggit 3 days ago

      The company I work for has a legitimate service that runs on the loopback (it provides our web apps APIs for some device integration) hopefully its just as simple as the user accepting the prompt else we'll be drowning in support. We had to go the path of the local service because they killed NPAPI. I've been thinking about using web serial as an alternative but Firefox doesn't support it.

      That being said, I think this is an overall win, hopefully Firefox implements it in a consistent manner as well.

      Reply View 3 replies
      • ayewo 3 days ago

        How is your company's service started on the loopback interface? You bundle a web server that is installed alongside a native app?

        Reply View 2 replies
  • dns_snek 3 days ago

    Enable "Block Outsider Intrusion into LAN" filter list in uBlock Origin.

    Reply View 1 reply
  • ale42 3 days ago

    You should actually harden your browser or PC... to block any unwanted requests. Apparently some browser extensions can do that.

    Reply View 0 replies
  • bmacho 3 days ago

    It would be the job of the operating system to give or take away the ability of your browser to access your local network. But you can run your browser in a container/vm and disable localhost. (And use a separate browser for localhost only if you need it.)

    Reply View 0 replies
ahdanggit 3 days ago

my bank did this on the site they sent me to in order to activate my new card.

Reply View 0 replies