Baidu Browser Acts Like a Mildly Tempered Infostealer Virus

← Back to Stories (view on slashdot.org)

Baidu Browser Acts Like a Mildly Tempered Infostealer Virus

Posted by timothy on Wednesday February 24, 2016 @04:21AM from the ever-so-gentle dept.

An anonymous reader writes: The Baidu Web browser for Windows and Android exhibits behavior that could easily be categorized by a security researcher as an infostealer virus because the browser collects information on its users, and then sends it to Baidu's home servers.

Both versions collected waaaaay to much information that has nothing to do with analytics, like hard drive models, CPU serials, and personal browsing history. The browser collected and sent this information on startup, when the user started typing content in his address bar, and on any page view. Some of this was sent via unencrypted connections. Additionally, the browser update did not use code signatures, meaning you could man-in-the-middle the connection and send anything you'd like to the browser, from Pokemon games to banking trojans, and have it installed locally.

6 of 97 comments (clear)

Min score:

Reason:

Sort:

All 'telemetry' is SPYING. by Anonymous Coward · 2016-02-24 04:26 · Score: 4, Insightful

All 'telemetry' is SPYING.
China. by Anonymous Coward · 2016-02-24 04:27 · Score: 4, Insightful

What else would you expect?
1. Re:China. by Anonymous Coward · 2016-02-24 04:47 · Score: 2, Insightful
  
  microsoft, google, and facebook are u.s. companies... datamining users for fun and profit and for government goodwill is not country-specific.
waaaaay too pregnant by Pseudonymous+Powers · 2016-02-24 04:30 · Score: 3, Insightful

Both versions collected waaaaay to much information that has nothing to do with analytics...
This is a meaningless statement, mostly because "analytics" is always a just a weasel-word for "spying". The only acceptable amount is zero.
Re:True to life by Anonymous Coward · 2016-02-24 05:00 · Score: 2, Insightful

Baidu is the Chinese "Google", the biggest Chinese search engine provider. According to Alexa, it's one of the five most visited web sites in the world. Would you like fries with your ignorance?
As a Chinese "Google," it also 100% caves into any and all government requests for censorship, page removal, data, whatever. You know there's a reason why there is no google.cn, right? And why half the time Google and all its services are blocked (not sure of the current state--it tends to go back and forth) in China.
Re:Crome by TheDarkMaster · 2016-02-24 06:42 · Score: 5, Insightful

I think the most correct action to take is to not install Windows 10.

--
Religion: The greatest weapon of mass destruction of all time