SensorsTechForum - How to Technology and PC Security Forum

Popular Topics => Web Browsing Practices => Topic started by: mcinn on February 24, 2016, 11:20:39 am

Title: Attention, Baidu browser users!
Post by: mcinn on February 24, 2016, 11:20:39 am
If you're based in China, or are Chinese for that matter, chances are you are using Baidu browser regularly. Well, no matter where you are, you should know that Baidu has been involved in a privacy scandal.

Researchers recently discovered that the Baidu browser collects personal information about its users and then sends it to its servers without having it properly encrypted. Or if it was encrypted, it wasn't encrypted safely enough to 'resist' decryption.

Baidu browser would also check for updates and download them without applying code signatures. A lack of code signatures could cause MitM (man-in-the-middle) type of attacks. In such a scenario, an attacker can send out malicious files to users, masqueraded as Baidu updates.

The security firm that made those findings is Citizen Lab: https://citizenlab.org/2016/02/privacy-security-issues-baidu-browser/