Kaspersky

Other > Non-Avast security products

Kaspersky

(1/5) > >>

Asyn:
Kasper-Spy: Kaspersky Anti-Virus puts users at risk
https://www.heise.de/ct/artikel/Kasper-Spy-Kaspersky-Anti-Virus-puts-users-at-risk-4496138.html

polonus:
Hi Asyn,

Thanks for the heads-up on this.

Also see the results here on Kaspersky support's privacy status:
https://privacyscore.org/site/143446/ with 11 3rdparty trackers involved.

All servers reside in Russia and for Google Analytics the Anonymize IP Privacy Extension is not enabled.

Also consider: https://urlscan.io/result/b208be71-152f-4744-9e68-a643d37e6f86

Retirable code:
jquery   1.4.3.min   Found in -https://support.kaspersky.com/resources/js/jquery-1.4.3.min.js?v=12
Vulnerability info:
Medium   CVE-2011-4969 XSS with location.hash
Medium   CVE-2012-6708 11290 Selector interpreted as HTML
Medium   2432 3rd party CORS request may execute CVE-2015-9251
Medium   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution

blocked in my avast secure browser going to -https://kaspersky.d3.sc.omtrdc.net/b/ss/kasperskysupportall,kasperskysupporten/1/JS-2.6.0/s07192949918585?AQB=1&ndh=1&pf=1&t=15%2F7%2F2019%2020%3A15%3A38%204%20-120&mid=81671562226317276696572861505869332936&ce=UTF-8&ns=kaspersky&cdp=2&pageName=Homepage&g=-https%3A%2F%2Fsupport.kaspersky.com%2F&cc=USD&ch=Homepage&server=support.kaspersky.com&h1=Homepage&v2=D%3Dc12&v3=D%3Dc13&v11=D%3Dc22&v12=D%3Dc23&v13=D%3Dc24&v24=global&c25=Homepage&v25=Homepage&v26=Homepage&c31=
-https%3A%2F%2Fsupport.kaspersky.com%2F&c39=-https%3A%2F%2Fsupport.kaspersky.com%2F&c49=D%3Dc50%2B%22%20%3A%20%22%2BpageName&c50=New&v50=New&c63=Homepage&c69=global&s=1366x768&c=24&j=1.6&v=N&k=Y&bw=1366&bh=625&mcorgid=983502BE532960BE0A490D4C%40AdobeOrg&AQE=1

They let others now do the job: -https://dpm.demdex.net/id? - //cm.everesttech.net/cm/dd?d_uuid=91551022538304052316155746798801252242"]}],"subdomain":"kaspersky","tid":"251hRlTxSgE="}

Easily found up using a WebSniffer extension in the browser.

polonus (volunteer 3rd party cold recon website security analyst & website error-hunter)

schmidthouse:
Tried KIS a few years back and uninstalled after a year for Security/Political reasons.
Won't use it again.

Novels:
I am using KIS. OMG :(

inactive-user:
I am not using it anymore as well since it decreased the lifetime of my SSD when it started to extract clonezilla backups to scan the compressed .xz archives for malware.

Several TB of host controller writes.. smdh :(

Navigation

[0] Message Index

[#] Next page

Go to full version