• Welcome to BellGab.com Archive.
 

FUNCTION RANDOM - All Things Technological On Your Mind

Started by Camazotz Automat, August 17, 2012, 04:04:35 AM

zeebo

Quote from: /dev/null on November 28, 2016, 04:38:21 PM
Who lives in San Fran and got to ride the rails for free this past weekend ?

Sounds like a plot from Mr. Robot.  Still anytime you get something for free in SF it feels like a miracle.

Quote from: zeebo on November 28, 2016, 04:42:55 PM
Sounds like a plot from Mr. Robot.  Still anytime you get something for free in SF it feels like a miracle.
lol - could be, zeebo.  ;)




Quote from: Dr. MD MD on November 30, 2016, 08:04:41 PM
Can you give me the gist of this?  ???
Basically, this exploit can unmask your real IP in TOR by pulling it from the memory space in RAM by leveraging (getting in through) the Scalable Vector Graphics Parser in the plugin container of FFx.  RAM is volatile memory, but the information stays in its memory address until it is overwritten or powered down for about 4 minutes.( That's why liquid Nitrogen data dumps work, they are known as cold boot attacks. )
Javascript runs client-side, that means on your computer instead of the sites' server. Javascript can also container jump by this method. If you run TOR and a regular browser with Javascript enabled ( in either one ) at the same time, you can also be unmasked. This is one of the ways the FBI does it. (container jumping)

"  Enterprise security firm Trail of Bits has analyzed the exploit and determined that it leverages a use-after-free vulnerability affecting the SVG parser in Firefox. "

Once that memory space used to store your IP is freed up, it can still be accessed through this exploit.

Dr. MD MD

Quote from: /dev/null on November 30, 2016, 08:34:39 PM
Basically, this exploit can unmask your real IP in TOR by pulling it from the memory space in RAM by leveraging (getting in through) the Scalable Vector Graphics Parser in the plugin container of FFx.  RAM is volatile memory, but the information stays in its memory address until it is overwritten or powered down for about 4 minutes.( That's why liquid Nitrogen data dumps work, they are known as cold boot attacks. )
Javascript runs client-side, that means on your computer instead of the sites' server. Javascript can also container jump by this method. If you run TOR and a regular browser with Javascript enabled, you can also be unmasked. This is one of the ways the FBI does it. (container jumping)

"  Enterprise security firm Trail of Bits has analyzed the exploit and determined that it leverages a use-after-free vulnerability affecting the SVG parser in Firefox. "

Once that memory space used to store your IP is freed up, it can still be accessed through this exploit.

So are you vulnerable through Tor or Firefox?  ???

Quote from: Dr. MD MD on November 30, 2016, 08:39:42 PM
So are you vulnerable through Tor or Firefox?  ???
You are vulnerable through Javascript. Don't let it run on your system - use a blocker. Set the default to block it in TOR, it's enabled by default. You will lose some functionality, so TEMPORARILY allow it on a per site basis only on sites you trust. Even then, only for as long as you are on the site. Hence the temp allow, and close JS tabs as soon as you are done with them. Don't leave them opened when switching to another tab. With TOR, you should only have one tab opened at a time anyway as multiple tabs present other problems.

Dr. MD MD

Quote from: /dev/null on November 30, 2016, 08:58:08 PM
You are vulnerable through Javascript. Don't let it run on your system - use a blocker. Set the default to block it in TOR, it's enabled by default. You will lose some functionality, so TEMPORARILY allow it on a per site basis only on sites you trust. Even then, only for as long as you are on the site. Hence the temp allow, and close JS tabs as soon as you are done with them. Don't leave them opened when switching to another tab. With TOR, you should only have one tab opened at a time anyway as multiple tabs present other problems.

I haven't even started to explore Tor yet. I use Firefox for OSX and always have a shitload of windows open. I'm sure Java is part of Firefox's functionality. Am I at risk?  ???

Use the hardening guide I dropped in this post - especially the section on neutralizing exploitable weak encryption. It's the very last link in that post. This is very important if you are running TOR. TOR should be set up like this anyway, but it's always good to check.

Goto:   Step 3: Advanced configuration of Firefox to block WebRTC, bad cipher suites, and more.

Quote from: Dr. MD MD on November 30, 2016, 09:04:58 PM
I haven't even started to explore Tor yet. I use Firefox for OSX and always have a shitload of windows open. I'm sure Java is part of Firefox's functionality. Am I at risk?  ???
Java & Javascript are two Totally different animals. Java is a programming language that is not a major risk if you keep it updated.
Javascript on the other hand is live code that runs dynamically on your machine. It's not supposed to leave the browser, but being a script, anything the browser has access to, JS has access to and more if it's written maliciously. It can leave the browser.

"  The vulnerability apparently also affects Mac OS, but the exploit seen in the wild is designed to target only Windows machines.  "

NoScript addon for FFx will stop this exploit.  Mozilla is working on a patch, but this report was only released yesterday.

Quote from: Dr. MD MD on November 30, 2016, 09:04:58 PM
I haven't even started to explore Tor yet.   ...
Keep an eye on the EFF. Come this month, it may become legal for the Alphabet soup agencies and police departments to get a blanket warrant to hack anyone's machine that is using encryption, or a browser that uses encryption. (TOR)
https://www.eff.org/
https://www.eff.org/deeplinks/2016/11/support-smdh-act-and-give-congress-time-debate-new-government-hacking-powers

This just happened across the pond in England.


Here's a nasty little JS exploit that leaves the browser...  https://latesthackingnews.com/2016/10/10/latest-javascript-maleare-shuts-pc-terminate-process/

Granted, it's targeted towards windows. It's a weird one too, working on base33 instead of base64, and although it's obfuscated and somewhat complicated, it's easily defeated. Someone ripped it out (wrote it) in a hurry, probably for a targeted attack against a specific adversary, before it spread to the wild.

Dr. MD MD

Quote from: /dev/null on November 30, 2016, 09:24:42 PM
Keep an eye on the EFF. Come this month, it may become legal for the Alphabet soup agencies and police departments to get a blanket warrant to hack anyone's machine that is using encryption, or a browser that uses encryption. (TOR)
https://www.eff.org/
https://www.eff.org/deeplinks/2016/11/support-smdh-act-and-give-congress-time-debate-new-government-hacking-powers

This just happened across the pond in England.

Day after tomorrow, supposedly.  ::)

starrmtn001

Quote from: /dev/null on November 30, 2016, 09:41:53 PM
Here's a nasty little JS exploit that leaves the browser...  https://latesthackingnews.com/2016/10/10/latest-javascript-maleare-shuts-pc-terminate-process/

Granted, it's targeted towards windows. It's a weird one too, working on base33 instead of base64, and although it's obfuscated and somewhat complicated, it's easily defeated. Someone ripped it out (wrote it) in a hurry, probably for a targeted attack against a specific adversary, before it spread to the wild.
Is it possible to have JS and NOT know you have it? :o :-[

Quote from: (y) on December 01, 2016, 01:16:43 AM
Is it possible to have JS and NOT know you have it? :o :-[
Non-technical answer: Yes.

JS (Javascript), is enabled by default to run in the browser. Every modern browser supports it. If your machine is newer than 2000, JS is supported. Even in older machines, if you are using a modern browser, it is built with JS support.
So how the hell do you mitigate this ? Text based browsers that don't support JS are one option. (Welcome to the 1990's)
A JS blocker like the NoScript suite  (firefox) or ScriptNo (Chrome / Chromium) will handle most of these threats. ScriptNo has been renamed to ScriptSafe                       ...on Chrome Webstore.
The thing is, JS and JS libraries are ubiquitous on the web. Some pages won't even load because they are written entirely in JS with no fallback (stupid business practices / model) to a non-JS page. Luckily, there aren't many pages like that, yet.

If you want fine grained control, try uBlock Origin and uBO-WebSocket. - (WebSocket not required in FFx) It can be confusing at first because you are presented with tons of information, so read the documentation.   ;)

These are self learning addons, but they take a bit of getting used to at first. Blocking JS is the most important thing you can do to protect yourself online (for the average user.)




zeebo

Good advice but I gave up on ditching javascript.  It's just ingrained into too many sites now.  I tried blocking it awhile back to kill those new obnoxious script popups "Give us your email!" etc., but surrendered, like I have with most of previous attempts at blocking web bloat.  :(

Quote from: zeebo on December 02, 2016, 12:24:26 AM
Good advice but I gave up on ditching javascript.  It's just ingrained into too many sites now.  I tried blocking it awhile back to kill those new obnoxious script popups "Give us your email!" etc., but surrendered, like I have with most of previous attempts at blocking web bloat.  :(
There is another option (there's always more than one way to skin a barracuda ;) .) If you use a Doze distro, give Sandboxie a whirl, then you don't have to worry about rogue JS exfiltrating your info or JS nasties hosing your system.
It's one of the easiest programs to use without setting up your own VM.  ;)

Edit: I used it at version 1 or 2, don't remember, it was a while ago, and running on XP. Worked fairly decent with all the other crap I had my system clogged up with at the time.


Quote from: Dr. MD MD on December 05, 2016, 04:22:48 PM
We're all so screwed.  :D

https://www.youtube.com/watch?v=I3l4XLZ59iw

LOL - YUP !   Plus with the vid Starr quoted in the WikiLeaks megathread, you can also change facial expressions and head movements.

Trust nothing.       Wait until this shit starts showing up as the evening news - if you still watch it.


norland2424

Quote from: zeebo on December 02, 2016, 12:24:26 AM
Good advice but I gave up on ditching javascript.  It's just ingrained into too many sites now.  I tried blocking it awhile back to kill those new obnoxious script popups "Give us your email!" etc., but surrendered, like I have with most of previous attempts at blocking web bloat.  :(

are you not using an ad blocker?

zeebo

Quote from: norland2424 on December 05, 2016, 06:36:28 PM
are you not using an ad blocker?

Everywhere but bellgab of course!  However I've not been able to block those embedded popups except by killing javascript.   I did find a list that kills some floating icons like those annoying facebook/twitter toolbar things, so maybe I'm missing it.



starrmtn001

Hey, Zeebo.  How long are ya gonna be out chasing around in the universe?

Ya know, when you finally get home you'll still be yer young whipper snapper self and all of your friends will be old farts - except me.  I'm an old fart now.  I'll be dead by then. ;D

So much fail in this Pizza shit...............


*sigh*    :'(


Dr. MD MD

Quote from: Walks_At_Night on December 09, 2016, 05:34:00 PM
So much fail in this Pizza shit...............


*sigh*    :'(

Yeah but it's just fake news so that's alright.  ::) ;)

chefist

This is for those who listen to FM radio at home and want the best reception. I bought and installed this loop FM antenna and am amazed at the signal strength and reception quality. It's only $20...

Quote from: Walks_At_Night on December 09, 2016, 05:34:00 PM
So much fail in this Pizza shit...............


*sigh*    :'(
OMFG !    The scary part is that some of the people that know nothing about src code will believe that post really refers to children.

I did get a good laugh from it though.  :)

Dr. MD MD

Quote from: /dev/null on December 11, 2016, 02:29:03 AM
OMFG !    The scary part is that some of the people that know nothing about src code will believe that post really refers to children.

I did get a good laugh from it though.  :)

You mean there's a reasonable explanation for it? Can you explain?

Powered by SMFPacks Menu Editor Mod