Are your keystrokes being recorded?

It's always nice to set the scene for these subjects it helps my over active imagination to write better, so lets sit back and imagine the following: you are browsing the internet, firstly you look up a few weird and wonderful subjects, then you tip over to that dodgy website your wife doesn't know about to catch up on that online affair you have been having. You ask how did you know? well if you have been watching any tech related news in the past week you would have seen a headline or two stating things like "popular sites record your every keystrokes" and the rest.

So you ask what does that mean, websites are recording my keystrokes so they have a bulk file filled with code and text and links right?  Well technically yes but someone also though it would be a good idea to create a software that plays back all of this stuff in a film like format, sound scary? well it is and as you can see from the video below were your "keystrokes" to get leaked you might be in a whole pile of doo doo pretty quickly.

Researchers from Princeton University's Centre for Information Technology Policy (CITP) analyzed the Alexa top 50,000 websites in the world and found that 482 sites, many of which are high profile, are using a new web-tracking technique to track every move of their users.

Dubbed "Session Replay," the technique is used even by most popular websites, including The Guardian, Reuters, Samsung, Al-Jazeera, VK, Adobe, Microsoft, and WordPress, to record every single movement a visitor does while navigating a web page, and this incredibly extensive data is then sent off to a third party for analysis.

"Session replay scripts" are usually designed to gather data regarding user engagement that can be used by website developers to improve the end-user experience. However, what's particularly concerning is that these scripts record beyond the information you purposely give to a website—which also includes the text you type out while filing a form and then delete before hitting 'Submit.'

If your starting to get cold sweats after reading the above then here are a couple of sites where you can educate yourself a bit further on this topic.

https://thehackernews.com/2017/11/website-keylogging.html

https://thenextweb.com/security/2017/11/21/hundreds-of-websites-record-your-every-keystroke-without-you-knowing/

https://www.dailydot.com/debug/websites-record-keystroke/

Citrix's GoToMyPc users exposed after password leak

If you are a user of Citrix's GoToMyPC unfortunately you will have to reset your passwords (use something long varied and strong, don't reuse an old password!).

The service, which lets users remotely access PCs over the internet, was hit by a "very sophisticated password attack," Citrix said Sunday in a blog post. The company is requiring users to reset their passwords using the "forgot password" link. This is just another hack in a long line that have been disclosed in the past few weeks as hackers seem to be targeting website with huge user databases in an attempt to reap the rewards of cybercrime.

"Citrix takes the safety and security of its customers very seriously, and is aware of the password attack on GoToMyPC," said John Bennett, product line director at Citrix, in a statement. "Once Citrix learned about the attack, it took immediate action to protect customers. Citrix can confirm the recent incident was a password re-use attack, where attackers used usernames and passwords leaked from other websites to access the accounts of GoToMyPC users. Further, there is no indication of compromise to any other Citrix product line."

To reset your GoToMyPC password, go to the site and click on the Log In link.
I would recommend along with resetting your password that you enable two-step verification, a process that sends a code to your phone each time you want to sign in. If you've used the same password for GoToMyPC at other websites or for other accounts, you should change it at those places as well and don't make up a new password and use it on your other sites to, not that you would do such a thing.