Link prefetching and security
Today I was surprised to find that you can attack the computer right through the Google search results page. If on the first line there is a malicious site, your Firefox or Netscape with Google’s submission may well preload it as a page to which you will most likely pass, and then antivirus is already sounding the alarm.
It turns out that Mozilla 1.2 (2003) introduced such a feature as link prefetching , and since at least 2005 it has been supported by Google. Now it is part of the HTML5 standard.
The bottom line is that resources marked
')
From Google Web Search Features :
There is an opinion (not verified) that loaded pages are not dangerous. Even if this is so, no one guarantees that tomorrow there will be a hole in this system, and your passwords will not flow away directly from the search page through a hacked site that you have never even seen. I hope someone from the experts will write in the comments about this, but for now I have disabled preloading in my browser, which I wish for you.
Disable link prefetching:
See also:
UPD: Those who want to check can type in "secure domain check" in Google. Avast warns about the HTML Trojan: IFrame-EJ [Trj].
It turns out that Mozilla 1.2 (2003) introduced such a feature as link prefetching , and since at least 2005 it has been supported by Google. Now it is part of the HTML5 standard.
The bottom line is that resources marked
rel="prefetch" , the browser should automatically preload and cache after the current page is loaded. You can also send a Link: <http://example.com>; rel=prefetch header Link: <http://example.com>; rel=prefetch Link: <http://example.com>; rel=prefetch or do the same through a meta tag: <meta http-equiv="Link" content="<http://example.com>; rel=prefetch">
<meta http-equiv="Link" content="<http://example.com>; rel=prefetch">
')
From Google Web Search Features :
Results Prefetching
Click here to download it automatically. If you click on the result
Google uses a web browser or a mozilla browser to provide this functionality. You can disable it in your Mozilla Prefetching FAQ . In Firefox, you can disable prefetching by doing the following:Click here for your web browser to view your search results pages. You can delete these files by clearing your browser cache and cookies.
- Type "about: config" the address bar.
- Scroll down to the setting "network.prefetch-next" and set the value to "False".
If you run a web server, you can find a webmaster.
There is an opinion (not verified) that loaded pages are not dangerous. Even if this is so, no one guarantees that tomorrow there will be a hole in this system, and your passwords will not flow away directly from the search page through a hacked site that you have never even seen. I hope someone from the experts will write in the comments about this, but for now I have disabled preloading in my browser, which I wish for you.
Disable link prefetching:
- Type in the address bar
about:config. - Find the
network.prefetch-nextsetting. - Set it to
False.
See also:
- Wikipedia - Link prefetching .
- MDC - Link prefetching FAQ .
- Note April 6, 2005 (in Russian).
- HTML5 - Link type "prefetch" .
UPD: Those who want to check can type in "secure domain check" in Google. Avast warns about the HTML Trojan: IFrame-EJ [Trj].
Source: https://habr.com/ru/post/74123/
All Articles