Video Game Review
Cybersecurity Send Us A Request

Cybersecurity

While visitng the web, there are some cybersecurity risks that are involved.

Navigator Risks

navigator.location is a properity that returns the user's current position.

Like this: .

If you see your location on here, that means location viewing is allowed. If you're seeing Location not allowed that means you do not allow the website to see locationn. Many cyber criminals can use the latitude and longitude of your location to figure out where you are. For browser related risks, hackers can intercept browser connections as you use your computer to get information. Another way is through cross site scripting(XSS) which allows malicious users to find ways to inject Javascript code to your site.

Thankfully, most sites will ask for the information before getting your location. Think before you click allow.

navigator.userAgent just returns information about the browser your using. Which can be a direct privacy violation, but can be spoofed mostly to mess with analytics of a marketing campagin for example.

navigator.platform returns what platform a user is using for the website. It can mostly cause problems if you use different code for other devices. This could give hackers an advantage for sending malware or other forms harmful content.

Both of these methods(navigator.userAgent and navigator.platform) have big problems for security. However, these methods are deprecated for modern use and alternative methods should be used instead.

Location Risks

Location generally means that it's infomation about the current page in the browser.

One of the biggest risks I saw for a potential cross site scripting attack was using location.replace(url). This does what it says, replaces a document page with a url. The particular problem with this is that if a cross site scripting attack occurs, hackers could paste in malicious sites that could lead to downloading malware or worse. Malicious scripts can be received by a user in many forms like cookies or session tokens.

location.hostname or location.host could also be bad if you don't want the host server for your site to be leaked and potential give away info for accessing it. There is a way to disable this with user_pref("capability.policy.default.Location.hostname.set", "noAccess") (Carnegie Mellon University, 2007).

Finally, in this section I would go over location.protocol. It returns the protocol used by the browser to access the page. But also opens up to cross site scripting if nothing is validate. location.protocol is very useful for redirecting people for localization purposes, but it also be used in the wrong way as well.

Sources

Geolocation Tracking Poese Risks To Your Employess (Fortra)

Cross Site Scripting (OWASP)

Mozilla Browsers "location.hostname" Cross-Domain Vulnerability (Carnegie Mellon University)

All you need to know about window.location (Medium)

Detecting the OS, Browser and Browser Version before old methods Deprecate (Medium)