Senator Asks DHS If Foreign-Controlled Browser Extensions Threaten the US
upstart writes in with an IRC submission for nutherguy:
Senator asks DHS if foreign-controlled browser extensions threaten the US:
A US senator is calling on the Department of Homeland Security's cybersecurity arm to assess the threat posed by browser extensions made in countries known to conduct espionage against the US.
I am concerned that the use by millions of Americans of foreign-controlled browser extensions could threaten US national security," Senator Ron Wyden, a Democrat from Oregon, wrote in a letter to Christopher Krebs, director of the DHS' Cybersecurity and Infrastructure Security Agency. I am concerned that these browser extensions could enable foreign governments to conduct surveillance of Americans."
Also known as plugins and add-ons, extensions give browsers functionality not otherwise available. Ad blockers, language translators, HTTPS enforcers, grammar checkers, and cursor enhancers are just a few examples of legitimate extensions that can be downloaded either from browser-operated repositories or third-party websites.
Unfortunately, there's a darker side to extensions. Their pervasiveness and their opaqueness make them a perfect vessel for stashing software that logs sites users visit, steals passwords they enter, and acts as a backdoor that funnels data between users and attacker-controlled servers.
Extensions: A short, sordid history
One of the more extreme examples of this type of malice came last year when Chrome and Firefox extensions were caught logging the browsing history of more than 4 million users and selling it online. People often think that long, complicated Web URLs prevent outsiders from being able to access medical or accounting data, but the systematic collection, dubbed DataSpii, proved the assumption wrong.
Read more of this story at SoylentNews.