Computers-Hacking
See other Computers-Hacking Articles
Title: My browser visited Weather.com and all I got was this lousy malware [also Drudge, Wunderground, Yahoo]
Source:
Ars Technica
URL Source: http://arstechnica.com/security/201 ... -i-got-was-this-lousy-malware/
Published: Aug 15, 2015
Author: Dan Goodin
Post Date: 2015-08-15 11:27:29 by Tooconservative
Keywords: None
Views: 16416
Comments: 77
Millions of people visiting weather.com, drudgereport.com, wunderground.com, and other popular websites were exposed to attacks that can surreptitiously hijack their computers, thanks to maliciously manipulated ads that exploit vulnerabilities in Adobe Flash and other browsing software, researchers said. The malvertising campaign worked by inserting malicious code into ads distributed by AdSpirit.de, a network that delivers ads to Drudge, Wunderground, and other third-party websites, according to a post published Thursday by researchers from security firm Malwarebytes. The ads, in turn, exploited security vulnerabilities in widely used browsers and browser plugins that install malware on end-user computers. The criminals behind the campaign previously carried out a similar attack on Yahoo's ad network, exposing millions more people to the same drive-by attacks. Update: A few hours after Ars published this article, Malwarebytes updated the blog post to say the campaign had moved to yet another ad network, which happens to be associated with AOL. Visitors to eBay were among those who were exposed to the malicious ads distributed through the newly discovered network. Malvertising is a particularly pernicious form of attack because it can infect people who do nothing more than browse to a mainstream site. Depending on the exploit, it can silently hijack computers even when visitors don't click on links. Some browser makers have responded by implementing so-called click-to-play mechanisms that don't render Flash or Java content unless the end user actively permits the plugin to run on a particular site. Some users have resorted to ad blockers, which have the unfortunate side effect of depriving publishers of much-needed advertising revenue. The campaign used against the AdSpirit and Yahoo networks connected to servers run by Microsoft's Azure service. Ultimately, the booby-trapped ads led to attack code distributed through the Angler exploit kit, a software package sold on the black market that makes it easy for criminals to exploit vulnerabilities in Flash, Java, and other software. The AdSpirit attacks were particularly hard to trace because most of the websites involved in the attack were using the transport layer security protocol to obscure the address and encrypt the data. There's no indication the attacks were exploiting vulnerabilities in fully patched software. That underscores the importance of installing security updates as soon as they become available. Poster Comment: Install adblockers to be more secure. Ad Block Plus is the classic extension most people use. It has started to allow some "safe non-abusive" ads to slip through. So, after years of being loyal to ADP, I gave it up and moved to uBlock Origin 1.0.0.1 recently. 
Post Comment Private Reply Ignore Thread
Top • Page Up • Full Thread • Page Down • Bottom/Latest
#1. To: TooConservative (#0)
Your lite-weight recommendations for surfing the web are not just silly but invites further intrusion into one's privacy.
Pardon me if I think your opinion is worthless. Adblockers have proven their value over and over at resisting malware and reducing network congestion. It isn't even debatable among tech types.
You don't need ad blockers. You need a REAL browser.
What "real browser" are you using that is malware-resistant without adblockers/NoScript/Ghostery/etc.? Lynx? Name this browser.
I just downloaded and installed uBlock Origin 1.0.0.1 is there anything else I need do before going to drudgereport?
Nope. It's free and it mostly Just Works. You should see a little red uBlock icon at the upper right of your URL bar. If you come across a website that won't work with adblockers, you can disable uBlock on that site. There are a few other options there as well, you can hover over the icons in the uBlock control window to see what those are. For the big blue button, you can click to disable uBlock for the entire website you are on. Or you can CTRL-click it to disable uBlock only on the page you are looking at. The eyedropper lets you click on page elements one at a time, to allow single ads on a page to display. There are four more similar options in the bottom of the uBlock window. One nice benefit of uBlock is that it really cuts back on bandwidth traffic and CPU use. So it makes web pages load faster and doesn't hog the CPU. Nice for older computers so they don't get bogged down on ad-infested pages. For years, ads only annoyed us or made the pages run slow. But now we see steady attacks by hackers on the ad networks to turn them into a way to attack user security. Let me know if you have any problems. I haven't had any because it is so simple to use. I haven't found any websites that I use trying to block uBlock so far.
anonymous
IOW, you don't have any such browser but don't want to just admit it.
Incorrect, TC. I control my Internet interface is all.
You're awfully reticent. What, are you editing a hosts file endlessly? I'm not sure why you guys always act so ashamed or like you have some huge secret. People have done that since before dialup was popular. Or are you trusting some crapware firewall to do it all for you? That's the other usual means from people too chicken to admit what they use for security.
TOR with TAILS (thumb)?
Tor is horribly slow to start with, even more so if you allow all the ads and scripts to load. And Tor doesn't do anything to protect you from browser attacks, either from malicious websites or hacked ad server networks. Can't be Tor.
Tor with Tails on a thumb drive leaves your computer totally immune. How does it get attacked?
I'm not sure where you read that but it isn't true. Even assuming that Tor was secure and anonymous, it does nothing to protect your browser from malicious websites and hacked ad server networks. Nothing, nada. No more than using VPN or other proxies protect you from server-based attacks.
Even assuming that Tor was secure and anonymous, it does nothing to protect your browser from malicious websites and hacked ad server networks. Nothing, nada. No more than using VPN or other proxies protect you from server-based attacks. If I'm running an operating system on a thumb drive, what are you hacking besides the thumb drive? TAILS - The Amnesiac Incognito Live System. No new programs. No saves. Upon shutoff, it leaves a completely blank slate of all history. It worked for Edward Snowden. Apparently, it works for Glenn Greenwald. http://www.theverge.com/2014/4/29/5664884/this-is-the-most-secure-computer-you-ll-ever-own [extract]
UBlock work with tablets too?
"When Americans reach out for values of faith, family, and caring for the needy, they're saying, "We want the word of God. We want to face the future with the Bible.'"---Ronald Reagan
They have versions of Ad Block Pro that work on tablets. ABP is open-source. So there are several versions of it available on Android. It actually works pretty well on Android. Lots of ads just disappear. Not just in the web browser but even ads in other apps. You should not pay for it. The block lists are free, the source code is open. The people who wrote it and maintain the blocklists and filter lists didn't try to make money from it so you shouldn't pay some scammer for a copy of it. I think there are 3-4 versions of it on Android (and Chrome Store).
Not much different than using the LiveCDs or DVDs with MAC spoofing. It isn't as secure as people think. If NSA or others are operating the TOR exit nodes (a good bet they'll succeed in providing directly or compromising some exit nodes), a man-in-the-middle attack works well. In addition, a distro of this type still has a browser fingerprint, in part because people just keep using the same version of the distro. You also have traffic analysis where a person browses to various sites, over and over. Like GMail or Yahoo Mail or online forums. Tor has never become popular enough to truly shield all its users. That means there are far fewer users to identify, making it easier for NSA/FBI. And those users are nearly all drug traffickers, child porno types, online criminals. Which means they are high-value targets for NSA and law enforcement. Very few people are willing to go to the trouble of playing Spy V. Spy like Snowden. How many people are going to reboot their home computer to fire it up with a Tor/TAILS stick on a daily basis? Almost no one. It is also hard to find USB write-protected flash drives. There used to be some around but I haven't seen them in years. These were made by less-known producers like Ritek and Imation and PQI. I'm not sure if they even make them any more. Other people address the same problems using virtual machines. They keep a small virtual machine with their favorite software pre-installed. They copy it the VM image, use it once, then delete it. Same result as Tor/TAILS (you could even run a Tor/TAILS distro as your VM) but you don't have to keep rebooting but it isn't very portable. But this thread is about preventing browser hijacks to protect users' daily browsers on their home machines from tracking and attack by malicious ad networks. I assume that you realize that using a Tor/TAILS stick as you mention is a red flag, moving you to the head of the list for scrutiny by LEO and national security agencies? This was true before Snowden, even more so now. To use a library or internet cafe to run a Tor/TAILS stick, you have to find one that still allows you to plug in a USB stick and that is set to prioritize USB booting over booting the hard drive. So do you know of an internet cafe or library in your area that actually allows you to use their USB ports and that allow you to alter the BIOS settings to boot from USB before hard drive (and has no password-protected BIOS settings)? Let me know if your local library or internet cafe has such machines in those configurations. I think you won't find any of those still around even if they were available some years back. Most likely, you'll end up using your own laptop, booting with a Tor/TAILS stick and operating off a free WiFi hotspot at a restaurant or hotel or similar location. And is that really your advice to people on how to protect their home machines from drive-by attacks by malicious ad networks? On this little forum of maybe 25 regular posters, how many are going to do that and know how to use such a distro securely? On this forum, Neil would know how to use it. I would. But do we actually go to that trouble? I know I don't.
TooConservative - You don't know what the fuck you are talking about. And it is your thread.
You don't like it when someone tells you something you don't like. Tor is not embraced by millions. It has a very limited audience and always has been quite small. The idea that Granny is using Tor to read email and post cat pictures is ridiculous. People pursuing (the illusion of) that kind of secrecy are painting a target on their backs with LEO and NSA. And they are far more often than not using Tor for criminal purposes or to try to cover their tracks when they visit websites like TrannyGoatIncest.com.
ROTFL. Yeah, like Yukon's silly home web page, correct? The truth is: Surfing the Internet should be used by ALL tools at your disposal to protect your anomymity; not one or two or making product endorsements or disendorsements as you usually perform.
So are you using Tor/TAILs now? Or...what exactly? I notice you are awfully quick to sneer at others but refuse to even identify your browser, what software you use, etc. So I conclude you are largely unprotected or are using a goofball firewall or something similar. Because you are hiding from offering any info at all. You're only here to be the "secretive contrarian expert". Even though you demonstrate no actual expertise or any real knowledge at all. Why so secretive, bucky? You aren't contributing anything to this thread (which is about how to protect your browser from malicious ad networks). I'm not impressed. Any more than I think nolu chan is sitting at home, booted off a Tor/TAILS stick. You two are full of it.
From the TAILS website: Posted Sun 09 Aug 2015 01:02:03 AM CEST Numerous security holes in Tails 1.4 Posted Sun 28 Jun 2015 01:02:03 AM CEST TAILS 1.5 is now out. How secure is TAILS if they find new and "numerous security holes" every 10 days or so? And, nolu, are you actually posting here at LF right now using TAILS? Do you actually use what you are recommending for others to use?
So how you like browing ad-free with uBlock Origin? I was hooked on AdBlock Plus for years but it got greedy (IMO). I now prefer the blocking of uBlock and find it less intrusive. BTW, they both use most of the same adblocking pattern files so the actual work they do is very similar. I'd also be interested if you find pages are loading a little faster, especially if your machine is a few years old. Letting ads run wild actually slows browsers to a crawl, use lots of memory and bandwidth. AdBlock does stop some of the bandwidth issues but it uses a lot of RAM. uBlock uses far less RAM which is a Good Thing. You really see a big difference if you try to load a page/site that has a lot of ads. National Review Online is a good example.
Tor has never become popular enough to truly shield all its users. That means there are far fewer users to identify, making it easier for NSA/FBI. And those users are nearly all drug traffickers, child porno types, online criminals. Which means they are high-value targets for NSA and law enforcement. The article addresses the problem of advertising with malware. What it is not discussing is attacks carried out by the NSA on a Windows computer. Lynx? Name this browser. [buckeroo #7] anonymous Running a specially designed operating system from a USB drive that has no ability to write anything to the computer, and stores nothing, avoids vulnerability to the ad attacks discussed in the article. It did that and more for Edward Snowden. If someone really just wants to surf without endangering their precious computer, they can just spend a few hundred bucks for a Chromebook. No programs can be installed on a Chromebook, not even security software. It boots in about 7 or 8 seconds. It's not vulnerable to the usual crap attack. Keep it basic, do not create cloud storage, and don't get crapified. It is not anonymous, but the article was not addressing anonymity. That is just an added benefit of Tor with Tails.
So you are admitting you don't follow the advice you're handing out on this thread? You don't use Tor/TAILS yourself? But if you do use Tor/TAILS, have you downloaded and updated your USB stick three times in the last 10 days just to fix the "numerous security holes" they found in it? It is a 1GB IOS image and is only being seeded by ~500 torrent users with another 600 leeching it at present. If people want a Chromebook, they can buy one. But we don't see that as a very popular option. That is not a general-use PC which is what nearly everyone is using to visit Weather.com, Wunderground, Drudge. You might as well recommend that people use the old text-only Lynx browser. Or use some defunct machine (NEXT or Amiga or whatnot) so they aren't a target for malicious adware. Or you could tell them to download Firefox source code and completely disable scripting on their binary. But that isn't what this article addresses and no one is going to actually do those things. So it isn't a solution to the problem of drive-by malware attacks from compromised ad networks.
Posted Sun 09 Aug 2015 01:02:03 AM CEST Numerous security holes in Tails 1.4 Posted Sun 28 Jun 2015 01:02:03 AM CEST http://www.theverge.com/2014/4/29/5664884/this-is-the-most-secure-computer-you-ll-ever-own Tails is the secure system that protected Edward Snowden. Here's how it works. By Russell Brandom on April 29, 2014 01:34 pm From the moment you boot up, your computer leaves footprints. Websites leave tracking cookies, following you from page to page and session to session, alongside the usual traces left by your IP address. Persistent logins from Google and Facebook tie each site visit to your offline identity. If anyone really wants to go after you, they can also make a direct attack, targeting malware to track your movements in the background. With the right tools, a computer is an open book. Not this computer, though. It's running Tails, an open-source operating system designed to leave as little trace as possible, launching version 1.0 today after more than five years of open development. It's an amnesiac system, which means it's completely fresh every time you boot up. There are no save files, no new programs, and most importantly, it becomes a blank slate the moment you shut down. It's the digital equivalent of buying a new computer for a single session and tossing it into the river once you're done. That trick has earned Tails a lot of attention. It’s already standard software at Glenn Greenwald’s First Look Media, where he’s called it “vital to my ability to work securely on the NSA story.” Tor researcher Jacob Appelbaum praised the project onstage at this year's Chaos Communications Congress, and in March Tails received a $50,000 grant to keep the project going. Nearly 8,500 computers booted up with Tails on a given day in March, 500 more than the month before. Those are surprisingly high numbers for a project that’s this hard to use, and does this little. But if you need a secure line, Tails is the best way to get it. In the era of the NSA, that’s a rare thing. Tails works by booting your computer off of an external disk — usually a USB drive, an SD card or a CD — but getting Tails onto the right storage drive is harder than it sounds. Ideally, you’d keep it on a CD: once it’s burned into the plastic, the code can't be changed, making it completely immune to malware. But with new versions being released every few months (and plenty of laptops going without CD drives), a USB stick can be more convenient. We used Rufus to make a bootable version on a USB drive and SD card, but even then, certain flash drives simply won’t work with Tails. There are ways to add encrypted storage or persistent programs too, but each extra feature is also a new chance for security problems. Getting Tails onto a computer isn’t straightforward either. There’s a long list of computers that can’t run the OS, and it includes most of the computers made by Apple. We spent the better part of a day trying to launch it on a Toshiba Kirabook, only to have Windows 8 punch through every time. It ends up working best on machines that are Linux-friendly, without anything like a high-powered video card to trip things up. There are a few different stable setups, but lots of ways to accidentally break your own security. In exchange for all the troubleshooting, you get an unusual kind of anonymity. Keeping the operating system on a disk means you’re operating independent of the computer, picking nothing up and leaving nothing behind. It also makes your setup portable. You can launch Tails from an internet cafe and know that none of the programs on the public computer will get in the way of what you’re doing. The new versions of Tails will even hide you within a local network, randomizing the computer’s MAC address to make you even harder to track. None of the methods are completely impenetrable, but together they add up to a major headache for anyone trying to follow you across the web. "Even if the developers wanted to put in a backdoor, they couldn't" Getting there has been a five-year process, with developers working in their spare time on a miniscule budget — less than $60,000 a year in donations, before the recent grant. The code has been open for review at every stage, and after each release, auditors have found holes in Tails' security, creative ways an attacker might circumvent the program. The holes are patched a few months later, then new holes are discovered, then those holes are patched a few months after that. By now, this process has repeated more than 30 times. It's the nature of open-source development, a messy, public process that produces secure software through a slow grind of bug hunts. That parade of public security failings is meant to make users feel safe. If there's a problem in security at any level, you'll know about it, and the team will be under pressure to fix it as soon as possible. It's the same open workflow that built Tor and PGP, and stumbled more recently with the Heartbleed bug. But it means that even if the developers wanted to put in a backdoor, they couldn't. Even more remarkable, no one knows who's behind it all. The development team works under pseudonyms and their legal names have never been publicly revealed. "Some of us want to remain anonymous," the Tails developers told me from a group email account. "Some of us simply believe that our work, what we do, and how we do it, should be enough." As open source software, the LINUX source code is under constant review. Security problems are reported. Who thinks Windows is more secure than LINUX? Tails is a live operating system, that you can start on almost any computer from a DVD, USB stick, or SD card. It aims at preserving your privacy and anonymity, and helps you to: use the Internet anonymously and circumvent censorship; all connections to the Internet are forced to go through the Tor network; leave no trace on the computer you are using unless you ask it explicitly; use state-of-the-art cryptographic tools to encrypt your files, emails and instant messaging. Homepage - https://tails.boum.org/
Add using TOR to being a lawyer and being a combat hero to the list of things I have not claimed. Phishing expedition /fail
How do you know it isn't NSA and/or FBI? You don't. This reminds me of the Firefox special versions that had Tor baked in. Turns out, it was an FBI version that allowed Langley to insert malicious Javascript into anyone running that version. It took months for it to be detected. TheHackerNews: Firefox Zero-Day Exploit used by FBI to shutdown Child porn on Tor Network hosting; Tor Mail Compromised Marques was arrested on a Maryland warrant that includes charges of distributing and promoting child porn online. He faced four charges relating to alleged child pornography offenses with a total of 30 years jail, reportedly dubbed by the FBI as “the largest facilitator of child porn on the planet.” That need has been particularly heightened with the many revelations of the US Prism program and other cyber spying initiatives. You don't suppose the feds seized all his gear and forced him to inform on his users, do you? eHackingNews: Almost Half of Tor sites compromised by FBI [Exclusive details] And that is just the FBI who are amateurs compared to NSA. You are naive about Tor and its limits. You'll notice how much child-porn was going through these Tor-hosted sites, exactly as I said.
Yep. You don't use Tor/TAILS yourself even if you want to wallpaper this thread about using Tor/TAILS to prevent malicious ad network attacks from sites like Drudge. "Use Tor/TAILS. Buy a Chromebook." This is not useful advice to solve a very real and existing problem that users of this site face when visiting sites that nearly all of us visit regularly, like Weather.com, Wunderground, Drudge. And it is clear that you don't practice what you're preaching on this thread.
I can not tell a lie and will not let the cats out of the bag. Stone has repeatedly indicated that I use many, Many, MANY IP addresses to log into his website. No body can duplicate my use, either. Stone can also vouch for chan's IP addresses. They are the same each and every tyme unless his Provider, is set to refresh the user lists (very rare) since he is a broadband subscriber.
Kinda like he treats posters regarding presidential candidates. Quick to shit on them all... refuses to announce who he supports. That kind of deception should send up alarms towards his credibility. Bucky is only here to disrupt. He is and always has been a troll. I'm the infidel... Allah warned you about. كافر المسلح
Take your pick. https://en.wikipedia.org/wiki/UBlock https://addons.mozilla.org/en-us/firefox/addon/ublock/ https://addons.mozilla.org/en-us/firefox/addon/ublock/reviews/ µBlock - 214,818 users https://addons.mozilla.org/en-us/firefox/addon/adblock-plus/ https://addons.mozilla.org/en-us/firefox/addon/adblock-plus/reviews/ AdBlock Plus - 19,564,935 users - - - - - https://addons.mozilla.org/en-US/firefox/addon/adblock-plus-pop-up-addon/ https://addons.mozilla.org/en-US/firefox/addon/adblock-plus-pop-up-addon/reviews/ AdBlock Plus, Pop-up Addon - 1,164,851 users - - - - - https://addons.mozilla.org/en-Us/firefox/addon/adblock-edge/ AdBlock Edge - Discontinued
All anyone has to perform to easily eliminate user ad tracking is to clean their cache memories from tyme to tyme; no specialized "ad blocker crap." It is easy, too; while not using any pull-down menus from ANY browser. But ad tracking software is just one symptom of loss of anonymity. Why not just become anonymmous?
You don't. It's open source. You really think NSA/FBI is behind the open source development of TAILS? You can download "special" copies from bogus sites set up by the NSA or FBI. Shocker. If you want to be secure from the FBI/NSA, your solution of µBlock isn't going to do it. The solution to that is stay off the grid.
Whatever you say. You would know better than I what I use and do not use.
Anyone can use proxies, paid or free. So what? That still does nothing to protect your (unnamed) browser from driveby malicious ad network attacks.
TooConservative isn't too savvy about serious GNU software. We frequectly use signatures to authenticate software besides the website (itself). Often the software is not a download exectable file. It is an ISO image. Or we use torrent. His fears leave him in the dust. I doubt he has programmed with any high level program.
I am not using a proxie.
True. If you look in the Chrome Store or the Google Play store, you'll find tons more. That's because it is open-source stuff and easy to crank out new versions. And they all use the same blacklists/whitelists, it seems.
How do you know they aren't. It would be far from the first time that American intel and LEO agencies decided the easiest way to control something is to be right at the center. And you only need compromise a few key contributors to achieve your goals. Certainly, it is entirely possible and is a straightforward solution.
For someone claiming such tech expertise, you seem incapable of understanding what this thread is about. If you understand HTML/Javascript, you can look at the source code at the top of the thread to see a malicious Javascript attack embedded in an ad served by an ad network. Clearing the cache will do nothing to stop this threat. I can see why you were so careful not to tell us what you are using because it must be awfully dumb if this represents your overall level of technical sophistication. You seem to have no grasp of the various attacks being staged against web browsers currently.
Are you sure you even know what that is? I only ask because you misspelled a very common term in networking.
Eric Eoin Marques, 28 year-old man in Ireland believed to be behind Freedom Hosting, the biggest service provider for sites on the encrypted Tor network, is awaiting extradition on child pornography charges. It is understood the FBI had spent a year trying to locate Mr Marques. Marques was arrested on a Maryland warrant that includes charges of distributing and promoting child porn online. He faced four charges relating to alleged child pornography offenses with a total of 30 years jail, reportedly dubbed by the FBI as “the largest facilitator of child porn on the planet.” That need has been particularly heightened with the many revelations of the US Prism program and other cyber spying initiatives. You don't suppose the feds seized all his gear and forced him to inform on his users, do you? No. I don't even think the FBI seized his body. Maybe you are thinking of some other Eric Eoin Marques. Your cited article on Eric Eoin Marques is two years old. How about an update? How is the prosecution progressing? Has the FBI got their man yet? Do they expect to get him? Do they now expect to ever get anyone from Ireland who could possibly get a life sentence in a Supermax? Do better research.
I misspeil all kinds of words. What is new? When I do mispell, it is becasue of my intentional misuse of a term. I am particularly fond of, "publick" as it attempts to demonstrate my total disdain for any social services.
It's open source. Nobody cares who wrote it when the whole world can examine the source code. The thread is about avoiding malicious adware, not the NSA. To safely evade the NSA, go off the grid. Or use µBlock if it gives you a sense of security. Or you could try a fluffy security bear.
No, thanks.
I think they will get him. Vice, 5/2015: The US Is Trying to Extradite a Notorious Dark Web Admin This Week Ireland is thumbing its nose at extradition. At some point, there will be a heavy price to pay for this. Sooner or later, they will want to extradite someone from America. Or the U.S. will withhold cooperation on other matters that are important to Ireland. This child porn purveyor will eventually pay for his crimes and for making money off of the sexual abuse of children. Until then, I guess he can keep sleeping on the couch of his dad's 1-bedroom apartment.
You're the one who dragged it into "Snowden evaded detection with Tor/TAILS". I said that was irrelevant from the start and then started documenting why Tor/TAILS is only more secure than conventional solutions but is not totally secure.
Chan did not suggest "total security" with any software. He provided options for security is all. You can take your highfallutin' "adblocker software" and stuff it; as IT also poses a risk to your Internet experience and (perhaps) your local files.
Can you name a single example of this? In cases where ABP had security holes, it was patched quickly and I never read any reports of a hole doing anything more than letting some ads get through. The greater hazard with ABP (and others) is that you'll want to read a website that blocks users of adblockers and you'll then enable ads on that site and get hit by a hacked ad network. I haven't read of it happening but it is likely that it has at some point.
LQQK, don't goto Drudge or WeatherChannel if you are so afraid of their mischief. If you wrap up your Internet experience based on some "protection software" because you are plain ignorant of how to achieve anonymous status that is all on your shoulders. You sound like you want to patch "this" or "that" all the tyme and then bring your complaints to a forum that doesn't care about your complaint at all. This thread is proof: your hit ratio is a total loser of about 4.
µBlock or AdBlock Plus should be helpful with malicious adware. Malwarebytes Premium or some malware product should be around, and a good Anti-Virus and Firewall, several are available. Also, security settings matter. TAILS does not perform miracles. It provides information on what it does, and does not, do. Allen's Axiom: When all else fails, read the instructions, like the one about the signing key. https://tails.boum.org/doc/get/trusting_tails_signing_key/index.en.html [excerpt] Following the previous scenario, when Alice met Bob, a Tails developer, she could have made a new signature on Tails signing key with her own key to certify this trust relationship and make it public. Tails signing key would now come along with a signature made by Alice. Tails signing key is actually already signed by the keys of several official developers of Debian, the operating system on which Tails is based. Debian makes an extensive use of OpenPGP and you can download the keys of all Debian developers by installing the debian-keyring package. You can then verify the signatures those developers made with their own key on Tails signing key. [detailed instructions follow] Or one could eat loads of Cap'n Crunch, hoping to find a free gift of TAILS on a dongle.
Yeah, good luck with explaining all that to Grandma and Uncle Jim. Tor/TAILS is not a working solution for even 0.1% of web users trying to keep their browser secure. These various LiveCD/LiveDVD distros have been around for years. And virtually no one ever uses them. I'm pretty sure you aren't. While I have tried them just out of interest, I don't use them either. For the most part, you're talking about solutions only used by tens of thousands of users in the First World countries. Usage is likely much higher in countries with repressive regimes. However, possessing a Tor/TAILS stick would be cause for arrest/interrogation in most of those countries.
I just got my free gift in a CrackerJack® box.
These ad networks are pervasive and are present on many other websites. The article uses those as an example of prominent sites used by a lot of readers. The issue of anonymity, much as you are blathering on about it, is not the question here. Given how bog ignorant your posts on this thread are, I begin to wonder if you know anything about computer, browser, and network security issues. Browser security from Javascript attacks is not remotely related to anonymity. Yet you prattle on about anonymity. Even if you fully anonymize your network connections by various means, browsing to Drudge and hitting one of these Azure malware-infested ads will still infect your browser. That is the only issue this article/thread addresses. But thanks for not contributing even one word to the actual topic of this thread and hijacking it to pat yourself on the back about how great you are at anonymizing your network interface. Nice work.
It is my pleasure to serve you, anonymously.
http://motherboard.vice.com/read/the-us-is-trying-to-extradite-a-notorious-dark-web-admin-this-week Written by That's your best effort? The U.S. was still trying in May 2015? Have they succeeded? You could at least note that the May extradition hearing never even happened. Giving me the first available Google link from 2015 with predictions that did not happen, and now appear unconstitutional in Ireland, appears to be blather rather than a good faith effort. He was not extradited in June, either. In November 2014 the Supreme Court heard that, after a ruling in the case of Ali Charaf Damache, the State accepted Mr Marques should also be granted leave for judicial review. Ms Justice Donnelly remanded Mr Marques in custody until 29 June and put the matter in for mention on 16 June. And looking at the Damache decision, there is approximately no chance the U.S. will ever succeed unless they reduce the possible punishment. The Damache decision holds such an extradition would be unconstitutional. Moreover, any alleged crime was committed by an Irish citizen in Ireland. U.S. government hacking in Ireland is not the most popular thing going around. In Ireland, the alleged offences did not amount to a crime so heinous that a person would be imprisoned for the rest of his life – he would receive a determinate sentence – while in the United States, he would effectively receive a life sentence without the possibility for parole, Mr O'Higgins said. On Tuesday Mr O’ Higgins told the court the principal facts of the case included the proposed extradition of his client who could be prosecuted in Ireland. He said his client had offered to plead guilty and a means by which he could be prosecuted. Counsel said his client lived in Ireland since he was six years old and his parents and sister remain in this country. Mr O’ Higgins said that Dublin was the place of the commission of the alleged offences and the policing authority which arrested him were the Garda Siochana, who would be able to give evidence in the case. Furthermore he said a computer was seized in Mountjoy Square.
Good luck using µBlock to evade the NSA.
You can't evade the NSA. You have to resort to classic low-tech espionage methods from the Cold War. These are still remarkably successful.
Better than anything you offered on the case. It has been one delay and continuation after the next.
Do you invent all your quotes? Of course, that is a bullshit quote you made up. I didn't say that. And you have yet to show how ad malware is attacking a thumb drive that has been properly installed. What is said was, Read it again and try to comprehend the context. There is nothing there that was not there. When you start it up again, there is no malware there to start up.
Good try. You tried to fake it and didn't do too good. You didn't even know about the Damache decision. You pulled your #48 prediction, "I think they will get him," right out of your.... wherever. It is based on nothing.
I didn't say I could. Good luck then using µBlock to evade the NSA.
I do think they will get him. It may take a while longer. Sooner or later, Ireland will want something from their Uncle Sam. Like some choice info on a pending terrorist attack. Or a cozy tete-a-tete with the American prez in a state visit. Or dozens of other things. Then there would be the kinds of things the CIA might do to make various Irish politicos very unhappy. A price will be paid by Ireland if they thwart justice for this pervert.
I assume you're just enjoying spamming this thread with completely irrelevant material. The NSA is not the source of this ad network attack on browsers at popular sites. They have more sophisticated methods like packet injection.
It's a decent solution for the 0.0001% of all browser users who know what it is and how to use it properly. That is, if they keep it patched with a new 1GB version every few weeks.
Sooner or later, Ireland will want something from their Uncle Sam. Like some choice info on a pending terrorist attack. That's why, in the Damache case, they ruled the possibility of life in a Supermax to be unconstitutional because of the inhumane conditions. US hacking of Irish networks is bad for business. You tried to b.s. me and it did not work. Deal with it.
I recommend you continue to rely upon µBlock.
You don't even use Tor/TAILS yourself. Yet you demand that others must use it if they want security. You're beyond silly. I've pointed it out and now you're all pissy about it.
We'll see. Our prosecutors will keep after him for as long as it takes. Sooner or later, we will have leverage over Ireland.
And you should know.
Sooner or later you will have facts to accompany your wild speculations. In the meantime, the U.S. is having consistently less leverage.
I think I do know.
Continuing exposure of this criminal child abuser will likely have other consequences. He was hosting hundreds of thousands of pics and videos of exploited and abused children. There will be no happy ending for this perv.
I have the slowest of the high speeds, 600K. So, it really is nearly impossible for me to judge speed. But, I'll try. Thanks TC, Bob
Install adblockers to be more secure. Ad Block Plus is the classic extension most people use. It has started to allow some "safe non-abusive" ads to slip through. So, after years of being loyal to ADP, I gave it up and moved to uBlock Origin 1.0.0.1 recently.(1 image)
#2. To: buckeroo (#1)
#3. To: TooConservative (#2)
#4. To: buckeroo (#3)
You don't need ad blockers. You need a REAL browser.
#5. To: TooConservative (#0)
#6. To: BobCeleste (#5)
I just downloaded and installed uBlock Origin 1.0.0.1 is there anything else I need do before going to drudgereport?
#7. To: TooConservative (#4)
Name this browser.
#8. To: buckeroo (#7)
anonymous
#9. To: TooConservative (#8)
#10. To: buckeroo (#9)
I control my Internet interface is all.
#11. To: buckeroo, TooConservative (#7)
anonymous
#12. To: nolu chan (#11)
TOR with TAILS (thumb)?
#13. To: TooConservative (#12)
Tor is horribly slow to start with, even more so if you allow all the ads and scripts to load. And Tor doesn't do anything to protect you from browser attacks, either from malicious websites or hacked ad server networks.
#14. To: nolu chan (#13)
Tor with Tails on a thumb drive leaves your computer totally immune. How does it get attacked?
#15. To: TooConservative (#14)
Tor with Tails on a thumb drive leaves your computer totally immune. How does it get attacked?
I'm not sure where you read that but it isn't true.
In exchange for all the troubleshooting, you get an unusual kind of anonymity. Keeping the operating system on a disk means you’re operating independent of the computer, picking nothing up and leaving nothing behind. It also makes your setup portable. You can launch Tails from an internet cafe and know that none of the programs on the public computer will get in the way of what you’re doing. The new versions of Tails will even hide you within a local network, randomizing the computer’s MAC address to make you even harder to track. None of the methods are completely impenetrable, but together they add up to a major headache for anyone trying to follow you across the web.
#16. To: TooConservative (#6)
#17. To: redleghunter (#16)
UBlock work with tablets too?
#18. To: nolu chan, Pinguinite (#15)
TAILS - The Amnesiac Incognito Live System. No new programs. No saves. Upon shutoff, it leaves a completely blank slate of all history. It worked for Edward Snowden. Apparently, it works for Glenn Greenwald.
#19. To: TooConservative (#18)
Tor has never become popular enough to truly shield all its users. That means there are far fewer users to identify, making it easier for NSA/FBI. And those users are nearly all drug traffickers, child porno types, online criminals. Which means they are high-value targets for NSA and law enforcement.
#20. To: buckeroo (#19)
#21. To: TooConservative (#20)
Tor is not embraced by millions. It has a very limited audience and always has been quite small.
The idea that Granny is using Tor to read email and post cat pictures is ridiculous. People pursuing (the illusion of) that kind of secrecy are painting a target on their backs with LEO and NSA. And they are far more often than not using Tor for criminal purposes or to try to cover their tracks when they visit websites like TrannyGoatIncest.com.
#22. To: buckeroo, nolu chan (#21)
#23. To: nolu chan (#15)
Numerous security holes in Tails 1.4.1
#24. To: BobCeleste (#5)
#25. To: TooConservative, buckeroo (#18)
[TooConservative #18] It isn't as secure as people think. If NSA or others are operating the TOR exit nodes (a good bet they'll succeed in providing directly or compromising some exit nodes), a man-in-the-middle attack works well. In addition, a distro of this type still has a browser fingerprint, in part because people just keep using the same version of the distro. You also have traffic analysis where a person browses to various sites, over and over. Like GMail or Yahoo Mail or online forums.
[article] Millions of people visiting weather.com, drudgereport.com, wunderground.com, and other popular websites were exposed to attacks that can surreptitiously hijack their computers, thanks to maliciously manipulated ads that exploit vulnerabilities in Adobe Flash and other browsing software, researchers said.
[TooConservative #4] What "real browser" are you using that is malware-resistant without adblockers/NoScript/Ghostery/etc.?
#26. To: nolu chan (#25)
Running a specially designed operating system from a USB drive that has no ability to write anything to the computer, and stores nothing, avoids vulnerability to the ad attacks discussed in the article. It did that and more for Edward Snowden.
If someone really just wants to surf without endangering their precious computer, they can just spend a few hundred bucks for a Chromebook. No programs can be installed on a Chromebook, not even security software. It boots in about 7 or 8 seconds. It's not vulnerable to the usual crap attack. Keep it basic, do not create cloud storage, and don't get crapified. It is not anonymous, but the article was not addressing anonymity. That is just an added benefit of Tor with Tails.
#27. To: TooConservative, (#23)
Numerous security holes in Tails 1.4.1
This is the most secure computer you’ll ever own
Published on Aug 14, 2015
#28. To: TooConservative (#26)
So you are admitting you don't follow the advice you're handing out on this thread? You don't use Tor/TAILS yourself?
#29. To: nolu chan, buckeroo (#27)
(Edited)
Even more remarkable, no one knows who's behind it all. The development team works under pseudonyms and their legal names have never been publicly revealed. "Some of us want to remain anonymous," the Tails developers told me from a group email account. "Some of us simply believe that our work, what we do, and how we do it, should be enough."
Eric Eoin Marques, 28 year-old man in Ireland believed to be behind Freedom Hosting, the biggest service provider for sites on the encrypted Tor network, is awaiting extradition on child pornography charges. It is understood the FBI had spent a year trying to locate Mr Marques.
#30. To: nolu chan (#28)
(Edited)
Phishing expedition /fail
#31. To: TooConservative, nolu chan, A K A Stone (#22)
(Edited)
Why so secretive, bucky?
#32. To: TooConservative (#22)
(Edited)
I notice you are awfully quick to sneer at others but refuse to even identify your browser, what software you use, etc.
#33. To: TooConservative (#0)
Install adblockers to be more secure.
#34. To: nolu chan, TooConservative (#33)
#35. To: TooConservative (#29)
How do you know it isn't NSA and/or FBI?
#36. To: TooConservative (#30)
Yep. You don't use Tor/TAILS yourself even if you want to wallpaper this thread about using Tor/TAILS to prevent malicious ad network attacks from sites like Drudge.
#37. To: buckeroo (#31)
Stone has repeatedly indicated that I use many, Many, MANY IP addresses to log into his website. No body can duplicate my use, either.
#38. To: nolu chan, TooConservative (#35)
#39. To: TooConservative (#37)
#40. To: nolu chan (#33)
Take your pick.
#41. To: nolu chan (#35)
It's open source. You really think NSA/FBI is behind the open source development of TAILS?
#42. To: buckeroo (#34)
All anyone has to perform to easily eliminate user ad tracking is to clean their cache memories from tyme to tyme; no specialized "ad blocker crap." It is easy, too; while not using any pull-down menus from ANY browser.
#43. To: buckeroo (#39)
I am not using a proxie.
#44. To: TooConservative (#29)
TheHackerNews: Firefox Zero-Day Exploit used by FBI to shutdown Child porn on Tor Network hosting; Tor Mail Compromised
Sunday, August 04, 2013
#45. To: TooConservative (#43)
#46. To: TooConservative (#41)
How do you know they aren't.
#47. To: TooConservative (#40)
If you look in the Chrome Store or the Google Play store, you'll find tons more.
#48. To: nolu chan (#44)
Your cited article on Eric Eoin Marques is two years old. How about an update? How is the prosecution progressing? Has the FBI got their man yet? Do they expect to get him? Do they now expect to ever get anyone from Ireland who could possibly get a life sentence in a Supermax?
#49. To: nolu chan (#46)
The thread is about avoiding malicious adware, not the NSA.
#50. To: TooConservative, nolu chan (#49)
You're the one who dragged it into "Snowden evaded detection with Tor/TAILS". I said that was irrelevant from the start and then started documenting why Tor/TAILS is only more secure than conventional solutions but is not totally secure.
#51. To: buckeroo (#50)
You can take your highfallutin' "adblocker software" and stuff it; as IT also poses a risk to your Internet experience and (perhaps) your local files.
#52. To: TooConservative (#51)
#53. To: buckeroo (#38)
We frequectly use signatures to authenticate software besides the website (itself). Often the software is not a download exectable file. It is an ISO image. Or we use torrent.
Check Tails signing key against the Debian keyring
#54. To: nolu chan (#53)
Check Tails signing key against the Debian keyring
#55. To: nolu chan (#53)
Or one could eat loads of Cap'n Crunch, hoping to find a free gift of TAILS on a dongle.
#56. To: buckeroo (#52)
LQQK, don't goto Drudge or WeatherChannel if you are so afraid of their mischief. If you wrap up your Internet experience based on some "protection software" because you are plain ignorant of how to achieve anonymous status that is all on your shoulders.
#57. To: TooConservative (#56)
#58. To: TooConservative (#48)
The US Is Trying to Extradite a Notorious Dark Web Admin This Week
Graham Templeton
May 11, 2015 // 09:45 AM EST THE EXTRADITION HEARING of an Irishman alleged to be the “largest facilitator of child porn in the world” will not begin until June after the High Court heard he has been diagnosed with Aspergers syndrome.
Mr Marques had sought judicial review of the DPP’s decision but was refused leave to challenge the decision not to prosecute him.
A court in Ireland has refused to extradite accused terrorist Ali Charaf Damache to the United States finding that the conditions of Supermax are overly harsh and would violate his rights under Ireland's constitution. The Court ordered him freed.
Furthermore, his extradition would be entirely disproportionate, Mr O'Higgins said.
#59. To: TooConservative (#54)
Yeah, good luck with explaining all that to Grandma and Uncle Jim.
#60. To: nolu chan (#59)
Good luck using µBlock to evade the NSA.
#61. To: nolu chan (#58)
That's your best effort?
#62. To: TooConservative (#49)
You're the one who dragged it into "Snowden evaded detection with Tor/TAILS".
[nolu chan #15] Upon shutoff, it leaves a completely blank slate of all history. It worked for Edward Snowden.
#63. To: TooConservative (#61)
Better than anything you offered on the case. It has been one delay and continuation after the next.
#64. To: TooConservative (#60)
You can't evade the NSA.
#65. To: nolu chan (#63)
You pulled your #48 prediction, "I think they will get him," right out of your.... wherever. It is based on nothing.
#66. To: buckeroo (#55)
#67. To: nolu chan (#64)
Good luck then using µBlock to evade the NSA.
#68. To: nolu chan (#62)
Read it again and try to comprehend the context. There is nothing there that was not there. When you start it up again, there is no malware there to start up.
#69. To: TooConservative (#65)
I do think they will get him. It may take a while longer.
#70. To: TooConservative (#68)
It's a decent solution for the 0.0001% of all browser users who know what it is and how to use it properly.
#71. To: nolu chan (#70)
I recommend you continue to rely upon µBlock.
#72. To: nolu chan (#69)
That's why, in the Damache case, they ruled the possibility of life in a Supermax to be unconstitutional because of the inhumane conditions.
#73. To: TooConservative (#71)
You don't even use Tor/TAILS yourself.
#74. To: TooConservative (#72)
We'll see. Our prosecutors will keep after him for as long as it takes. Sooner or later, we will have leverage over Ireland.
#75. To: nolu chan (#73)
(Edited)
#76. To: nolu chan (#74)
Sooner or later you will have facts to accompany your wild speculations. In the meantime, the U.S. is having consistently less leverage.
#77. To: TooConservative (#24)
Top • Page Up • Full Thread • Page Down • Bottom/Latest
[Home] [Headlines] [Latest Articles] [Latest Comments] [Post] [Mail] [Sign-in] [Setup] [Help] [Register]