Scammers Jamming Your Browser

Talk about internet security, computer security, personal security, your social security number...
Post Reply
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Scammers Jamming Your Browser

Post by barbaz »

https://arstechnica.com/information-tec ... o-a-panic/

Reportedly affects Firefox as well. Can we neuter it with a surrogate script?
*Always* check the changelogs BEFORE updating that important software!
-
User avatar
Thrawn
Master Bug Buster
Posts: 3106
Joined: Mon Jan 16, 2012 3:46 am
Location: Australia
Contact:

Re: Scammers Jamming Your Browser

Post by Thrawn »

You could neuter a specific site with a surrogate script, if you can identify critical functions that you can break.

Global neuter...well, I guess it's possible to use a surrogate to globally kill off the relevant file API, but that could break legitimate sites.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.

True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Scammers Jamming Your Browser

Post by GµårÐïåñ »

Thankfully so far, my setup is so tightly configured that this has not been an issue for me, I even have voluntarily visited the links in question (when reported to me) on my own production machine and it feel like a thud, but then again my configuration is not the most "user-friendly" and I am comfortable with its "limitations" although I don't see it that way honestly. I can accomplish everything I need and still neuter most access to my system.

Although not recommended, one of the easiest way to defeat such things that check for UA-strings is to have a slightly malformed UA that won't kill your functionality on legitimate sites that sniff it but enough to cripple direct targeting. One of my colleagues has a clever way by which he does this and that is to actually include MULTIPLE browser tags, meaning confuse the sniffers from knowing WHICH browser he is on while giving legitimate sniffers what they need to still accept the browser and function. I take a more minimalist approach, but each has equally been resilient against attacks. Although, I'll admit that my approach tends to have some edge case breakage (3 in the last 18 months), while his has been limited to only 1 in two years.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0
chrispeddler
Posts: 3
Joined: Fri May 10, 2019 9:51 am

Re: Scammers Jamming Your Browser

Post by chrispeddler »

You can add an extension like an Ad Blocker to tighten security on your browser. Just a thought.
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Safari/537.36
Post Reply