Scammers Jamming Your Browser

Talk about internet security, computer security, personal security, your social security number...

Scammers Jamming Your Browser

Postby barbaz » Sat Feb 10, 2018 1:22 am

*Always* check the changelogs BEFORE updating that important software!
Board search is currently partially broken: viewtopic.php?f=14&t=21752
Workaround: use your favorite search engine, add site:forums.informaction.com to your query
-
barbaz
Senior Member
 
Posts: 8676
Joined: Sat Aug 03, 2013 5:45 pm

Re: Scammers Jamming Your Browser

Postby Thrawn » Fri Apr 20, 2018 1:37 am

You could neuter a specific site with a surrogate script, if you can identify critical functions that you can break.

Global neuter...well, I guess it's possible to use a surrogate to globally kill off the relevant file API, but that could break legitimate sites.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.

True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
User avatar
Thrawn
Senior Member
 
Posts: 3106
Joined: Mon Jan 16, 2012 3:46 am
Location: Australia

Re: Scammers Jamming Your Browser

Postby GµårÐïåñ » Fri Apr 20, 2018 8:27 pm

Thankfully so far, my setup is so tightly configured that this has not been an issue for me, I even have voluntarily visited the links in question (when reported to me) on my own production machine and it feel like a thud, but then again my configuration is not the most "user-friendly" and I am comfortable with its "limitations" although I don't see it that way honestly. I can accomplish everything I need and still neuter most access to my system.

Although not recommended, one of the easiest way to defeat such things that check for UA-strings is to have a slightly malformed UA that won't kill your functionality on legitimate sites that sniff it but enough to cripple direct targeting. One of my colleagues has a clever way by which he does this and that is to actually include MULTIPLE browser tags, meaning confuse the sniffers from knowing WHICH browser he is on while giving legitimate sniffers what they need to still accept the browser and function. I take a more minimalist approach, but each has equally been resilient against attacks. Although, I'll admit that my approach tends to have some edge case breakage (3 in the last 18 months), while his has been limited to only 1 in two years.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0
User avatar
GµårÐïåñ
Lieutenant Colonel
 
Posts: 3302
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA


Return to Security

Who is online

Users browsing this forum: No registered users and 4 guests