Maxthon browser 3.0 download1/4/2024 ![]() It’s great to have so many options, but sometimes those innocent sheep are truly malicious wolves. Remove it from all of your devices, desktops, laptops, and anything in between. This is one of the easiest solutions I’ve ever had to report. That, my friends, is a massive security issue. Effectively, the opted-out machine was transmitting the very same data as the opted-in machines. The local path Maxthon was installed inĪfter continued browsing, the file started collecting a list of installed software and precise version numbers contained on the host machine.They ran this on the browser that had opted out of the UEIP program and, to no one’s surprise, the transmission to the server contained: ![]() With that information, they created their own DLL library which imitated the original M圎ncode library and were able to decrypt the data. It was very easy to figure out the Maxthon browser makes use of the M圎ncode library and the encryption key was actually embedded in the Maxthon code. Exatel discovered just how easy it is to run a Man-In-The-Middle attack to on the Maxthon encryption library. The conclusion? Opting out of the program has no effect.Įven though the data is encrypted, there’s a glaring issue. The results of unchecking that option? The ueipdata.zip still transferred itself to the Chinese server and still contained the dat.txt file. Naturally, Exatel decided to test this by unchecking the option to participate in the UEIP program during installation.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |