Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

New Behave! Extension Warns Of Website Port Scans, Local Attacks

New Behave! Extension Warns Of Website Port Scans, Local Attacks

A new browser extension called Behave! will warn you if a web site is using scripts to perform scans or attacks on local and private IP addresses on your network.

When browsing the web, scripts embedded on web pages can be used to not only port scan a visitor’s computer for open TCP ports, but also initiate attacks on other devices on your network.

In May, it was discovered that well-known sites such as eBay, Citibank, TD Bank, and more would port scan a visitor’s computer to identify Windows remote access programs running on it.

eBay port scanning a site
Source: BleepingComputer

This port scanning was conducted by the LexisNexis’ ThreatMetrix fraud protection script used to detect potentially hacked computers trying to use the site.

While done for good reasons, users who are being port scanned rightfully find them intrusive and a privacy violation.

Even worse, malicious actors will also use JavaScript embedded on web sites to perform DNS Rebinding attacks.

DNS Rebinding attacks are where the DNS resolution is manipulated through short TTLs to use a victims’ computer to bypass Same Origin Policy (SOP) and launch attacks against other devices on an internal network.

These attacks are commonly used against routers, IoT devices, and even other internal computers known to run vulnerable software.

Also read: Privacy policy template important tips for your business

Enter the Behave! browser extension

Created by Stefano Di Paola, co-founder, CTO, and Chief Scientist of MindedSecurity, the Behave! browser extension was born as an experiment to warn users of web sites that abuse browser features to perform local attacks or scans on a visitor’s computer

“Behave! was born as a conceptual experiment around the behavior of web pages that might abuse some of those features, and if the interest on Behave! keeps raising, it might hopefully be a long lasting project to help raising awareness.”

“For example local Port Scan, Cross Protocol attacks, DNS rebinding are very old attacks that are still possible and difficult to completely “fix” by browser vendors because they abuse core features of the Web ecosystem,”  Di Paola told BleepingComputer via email.

When installed, Behave! will monitor for scripts that attempt to access IP addresses belonging to the following blocks:

  • Loopback addresses IPv4
  • Loopback addresses IPv6 ::1/128
  • Private Networks IPv4 – –
  • Unique Local Addresses IPv6 fc00::/7

If detected, the extension’s icon will show a red indicator, and when clicked on, will list the activity conducted by the site.

Behave! warning of port scans from eBay

The extension can also be configured to show browser notifications when concerning behavior is detected.

Browser notification

It should be noted that a bug in the extension may cause false positives on the DNS Rebinding alerts, and Di Paola has fixed the bug and waiting for Google’s approval on the new version.

The Behave! extension is available for both Chrome and Firefox, and Di Paola has told us that he hopes to release it for Edge and Safari.

Some features that Di Paola hopes to add in the future include “white listing web pages/hostnames that are expected to perform local connections” and the ability to “track back the code performing the suspicious actions.”

For those interested in being warned about potentially abusive behavior from web sites you visit, Behave! is an interesting extension to install.

Also read: 12 brief explanation about the benefits of data protection for business success



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us