Author FUNCTION RANDOM - All Things Technological On Your Mind  (Read 106894 times)

0 Members and 2 Guests are viewing this topic.

Re: FUNCTION RANDOM - All Things Technological On Your Mind
« Reply #1080 on: November 28, 2016, 04:42:55 PM »
Who lives in San Fran and got to ride the rails for free this past weekend ?

Sounds like a plot from Mr. Robot.  Still anytime you get something for free in SF it feels like a miracle.

Re: FUNCTION RANDOM - All Things Technological On Your Mind
« Reply #1081 on: November 28, 2016, 04:46:35 PM »
Sounds like a plot from Mr. Robot.  Still anytime you get something for free in SF it feels like a miracle.
lol - could be, zeebo.  ;)



Re: FUNCTION RANDOM - All Things Technological On Your Mind
« Reply #1083 on: November 30, 2016, 07:59:01 PM »
This is one of the reasons why I block Javascript by default.    https://latesthackingnews.com/2016/11/30/zero-day-firefox-exploits-tor-users/

Re: FUNCTION RANDOM - All Things Technological On Your Mind
« Reply #1084 on: November 30, 2016, 08:04:41 PM »
This is one of the reasons why I block Javascript by default.    https://latesthackingnews.com/2016/11/30/zero-day-firefox-exploits-tor-users/

Can you give me the gist of this?  ???

Re: FUNCTION RANDOM - All Things Technological On Your Mind
« Reply #1085 on: November 30, 2016, 08:34:39 PM »
Can you give me the gist of this?  ???
Basically, this exploit can unmask your real IP in TOR by pulling it from the memory space in RAM by leveraging (getting in through) the Scalable Vector Graphics Parser in the plugin container of FFx.  RAM is volatile memory, but the information stays in its memory address until it is overwritten or powered down for about 4 minutes.( That's why liquid Nitrogen data dumps work, they are known as cold boot attacks. )
Javascript runs client-side, that means on your computer instead of the sites' server. Javascript can also container jump by this method. If you run TOR and a regular browser with Javascript enabled ( in either one ) at the same time, you can also be unmasked. This is one of the ways the FBI does it. (container jumping)

"  Enterprise security firm Trail of Bits has analyzed the exploit and determined that it leverages a use-after-free vulnerability affecting the SVG parser in Firefox. "

Once that memory space used to store your IP is freed up, it can still be accessed through this exploit.

Re: FUNCTION RANDOM - All Things Technological On Your Mind
« Reply #1086 on: November 30, 2016, 08:39:42 PM »
Basically, this exploit can unmask your real IP in TOR by pulling it from the memory space in RAM by leveraging (getting in through) the Scalable Vector Graphics Parser in the plugin container of FFx.  RAM is volatile memory, but the information stays in its memory address until it is overwritten or powered down for about 4 minutes.( That's why liquid Nitrogen data dumps work, they are known as cold boot attacks. )
Javascript runs client-side, that means on your computer instead of the sites' server. Javascript can also container jump by this method. If you run TOR and a regular browser with Javascript enabled, you can also be unmasked. This is one of the ways the FBI does it. (container jumping)

"  Enterprise security firm Trail of Bits has analyzed the exploit and determined that it leverages a use-after-free vulnerability affecting the SVG parser in Firefox. "

Once that memory space used to store your IP is freed up, it can still be accessed through this exploit.

So are you vulnerable through Tor or Firefox?  ???

Re: FUNCTION RANDOM - All Things Technological On Your Mind
« Reply #1087 on: November 30, 2016, 08:58:08 PM »
So are you vulnerable through Tor or Firefox?  ???
You are vulnerable through Javascript. Don't let it run on your system - use a blocker. Set the default to block it in TOR, it's enabled by default. You will lose some functionality, so TEMPORARILY allow it on a per site basis only on sites you trust. Even then, only for as long as you are on the site. Hence the temp allow, and close JS tabs as soon as you are done with them. Don't leave them opened when switching to another tab. With TOR, you should only have one tab opened at a time anyway as multiple tabs present other problems.

Re: FUNCTION RANDOM - All Things Technological On Your Mind
« Reply #1088 on: November 30, 2016, 09:04:58 PM »
You are vulnerable through Javascript. Don't let it run on your system - use a blocker. Set the default to block it in TOR, it's enabled by default. You will lose some functionality, so TEMPORARILY allow it on a per site basis only on sites you trust. Even then, only for as long as you are on the site. Hence the temp allow, and close JS tabs as soon as you are done with them. Don't leave them opened when switching to another tab. With TOR, you should only have one tab opened at a time anyway as multiple tabs present other problems.

I haven't even started to explore Tor yet. I use Firefox for OSX and always have a shitload of windows open. I'm sure Java is part of Firefox's functionality. Am I at risk?  ???

Re: FUNCTION RANDOM - All Things Technological On Your Mind
« Reply #1089 on: November 30, 2016, 09:07:22 PM »
Use the hardening guide I dropped in this post - especially the section on neutralizing exploitable weak encryption. It's the very last link in that post. This is very important if you are running TOR. TOR should be set up like this anyway, but it's always good to check.

Goto:   Step 3: Advanced configuration of Firefox to block WebRTC, bad cipher suites, and more.

Re: FUNCTION RANDOM - All Things Technological On Your Mind
« Reply #1090 on: November 30, 2016, 09:18:30 PM »
I haven't even started to explore Tor yet. I use Firefox for OSX and always have a shitload of windows open. I'm sure Java is part of Firefox's functionality. Am I at risk?  ???
Java & Javascript are two Totally different animals. Java is a programming language that is not a major risk if you keep it updated.
Javascript on the other hand is live code that runs dynamically on your machine. It's not supposed to leave the browser, but being a script, anything the browser has access to, JS has access to and more if it's written maliciously. It can leave the browser.

"  The vulnerability apparently also affects Mac OS, but the exploit seen in the wild is designed to target only Windows machines.  "

NoScript addon for FFx will stop this exploit.  Mozilla is working on a patch, but this report was only released yesterday.

Re: FUNCTION RANDOM - All Things Technological On Your Mind
« Reply #1091 on: November 30, 2016, 09:24:42 PM »
I haven't even started to explore Tor yet.   ...
Keep an eye on the EFF. Come this month, it may become legal for the Alphabet soup agencies and police departments to get a blanket warrant to hack anyone's machine that is using encryption, or a browser that uses encryption. (TOR)
https://www.eff.org/
https://www.eff.org/deeplinks/2016/11/support-smdh-act-and-give-congress-time-debate-new-government-hacking-powers

This just happened across the pond in England.

Re: FUNCTION RANDOM - All Things Technological On Your Mind
« Reply #1092 on: November 30, 2016, 09:41:53 PM »

Here's a nasty little JS exploit that leaves the browser...  https://latesthackingnews.com/2016/10/10/latest-javascript-maleare-shuts-pc-terminate-process/

Granted, it's targeted towards windows. It's a weird one too, working on base33 instead of base64, and although it's obfuscated and somewhat complicated, it's easily defeated. Someone ripped it out (wrote it) in a hurry, probably for a targeted attack against a specific adversary, before it spread to the wild.

Re: FUNCTION RANDOM - All Things Technological On Your Mind
« Reply #1093 on: November 30, 2016, 09:43:42 PM »
Keep an eye on the EFF. Come this month, it may become legal for the Alphabet soup agencies and police departments to get a blanket warrant to hack anyone's machine that is using encryption, or a browser that uses encryption. (TOR)
https://www.eff.org/
https://www.eff.org/deeplinks/2016/11/support-smdh-act-and-give-congress-time-debate-new-government-hacking-powers

This just happened across the pond in England.

Day after tomorrow, supposedly.  ::)

Re: FUNCTION RANDOM - All Things Technological On Your Mind
« Reply #1094 on: December 01, 2016, 01:16:43 AM »
Here's a nasty little JS exploit that leaves the browser...  https://latesthackingnews.com/2016/10/10/latest-javascript-maleare-shuts-pc-terminate-process/

Granted, it's targeted towards windows. It's a weird one too, working on base33 instead of base64, and although it's obfuscated and somewhat complicated, it's easily defeated. Someone ripped it out (wrote it) in a hurry, probably for a targeted attack against a specific adversary, before it spread to the wild.
Is it possible to have JS and NOT know you have it? :o :-[

Re: FUNCTION RANDOM - All Things Technological On Your Mind
« Reply #1095 on: December 01, 2016, 08:10:39 AM »
Is it possible to have JS and NOT know you have it? :o :-[
Non-technical answer: Yes.

JS (Javascript), is enabled by default to run in the browser. Every modern browser supports it. If your machine is newer than 2000, JS is supported. Even in older machines, if you are using a modern browser, it is built with JS support.
So how the hell do you mitigate this ? Text based browsers that don't support JS are one option. (Welcome to the 1990's)
 A JS blocker like the NoScript suite  (firefox) or ScriptNo (Chrome / Chromium) will handle most of these threats. ScriptNo has been renamed to ScriptSafe                       ...on Chrome Webstore.
The thing is, JS and JS libraries are ubiquitous on the web. Some pages won't even load because they are written entirely in JS with no fallback (stupid business practices / model) to a non-JS page. Luckily, there aren't many pages like that, yet.

If you want fine grained control, try uBlock Origin and uBO-WebSocket. - (WebSocket not required in FFx) It can be confusing at first because you are presented with tons of information, so read the documentation.   ;)

These are self learning addons, but they take a bit of getting used to at first. Blocking JS is the most important thing you can do to protect yourself online (for the average user.)




Re: FUNCTION RANDOM - All Things Technological On Your Mind
« Reply #1096 on: December 02, 2016, 12:24:26 AM »
Good advice but I gave up on ditching javascript.  It's just ingrained into too many sites now.  I tried blocking it awhile back to kill those new obnoxious script popups "Give us your email!" etc., but surrendered, like I have with most of previous attempts at blocking web bloat.  :(

Re: FUNCTION RANDOM - All Things Technological On Your Mind
« Reply #1097 on: December 02, 2016, 09:00:12 PM »
Good advice but I gave up on ditching javascript.  It's just ingrained into too many sites now.  I tried blocking it awhile back to kill those new obnoxious script popups "Give us your email!" etc., but surrendered, like I have with most of previous attempts at blocking web bloat.  :(
There is another option (there's always more than one way to skin a barracuda ;) .) If you use a Doze distro, give Sandboxie a whirl, then you don't have to worry about rogue JS exfiltrating your info or JS nasties hosing your system.
It's one of the easiest programs to use without setting up your own VM.  ;)

Edit: I used it at version 1 or 2, don't remember, it was a while ago, and running on XP. Worked fairly decent with all the other crap I had my system clogged up with at the time.

Re: FUNCTION RANDOM - All Things Technological On Your Mind
« Reply #1098 on: December 05, 2016, 04:22:48 PM »
We're all so screwed.  :D


Re: FUNCTION RANDOM - All Things Technological On Your Mind
« Reply #1099 on: December 05, 2016, 05:24:27 PM »
We're all so screwed.  :D



LOL - YUP !   Plus with the vid Starr quoted in the WikiLeaks megathread, you can also change facial expressions and head movements.

Trust nothing.       Wait until this shit starts showing up as the evening news - if you still watch it.


Re: FUNCTION RANDOM - All Things Technological On Your Mind
« Reply #1100 on: December 05, 2016, 06:36:28 PM »
Good advice but I gave up on ditching javascript.  It's just ingrained into too many sites now.  I tried blocking it awhile back to kill those new obnoxious script popups "Give us your email!" etc., but surrendered, like I have with most of previous attempts at blocking web bloat.  :(

are you not using an ad blocker?

Re: FUNCTION RANDOM - All Things Technological On Your Mind
« Reply #1101 on: December 06, 2016, 03:01:50 AM »
are you not using an ad blocker?

Everywhere but bellgab of course!  However I've not been able to block those embedded popups except by killing javascript.   I did find a list that kills some floating icons like those annoying facebook/twitter toolbar things, so maybe I'm missing it.

Re: FUNCTION RANDOM - All Things Technological On Your Mind
« Reply #1102 on: December 06, 2016, 03:34:31 AM »
ALGORITHM: The Hacker Movie



Re: FUNCTION RANDOM - All Things Technological On Your Mind
« Reply #1104 on: December 08, 2016, 11:33:21 AM »
Hey, Zeebo.  How long are ya gonna be out chasing around in the universe?

Ya know, when you finally get home you'll still be yer young whipper snapper self and all of your friends will be old farts - except me.  I'm an old fart now.  I'll be dead by then. ;D

Re: FUNCTION RANDOM - All Things Technological On Your Mind
« Reply #1105 on: December 09, 2016, 05:34:00 PM »
So much fail in this Pizza shit...............


*sigh*    :'(


Re: FUNCTION RANDOM - All Things Technological On Your Mind
« Reply #1106 on: December 09, 2016, 05:38:39 PM »
So much fail in this Pizza shit...............


*sigh*    :'(

Yeah but it's just fake news so that's alright.  ::) ;)

Re: FUNCTION RANDOM - All Things Technological On Your Mind
« Reply #1107 on: December 10, 2016, 01:43:51 PM »
This is for those who listen to FM radio at home and want the best reception. I bought and installed this loop FM antenna and am amazed at the signal strength and reception quality. It's only $20...

Re: FUNCTION RANDOM - All Things Technological On Your Mind
« Reply #1108 on: December 11, 2016, 02:29:03 AM »
So much fail in this Pizza shit...............


*sigh*    :'(
OMFG !    The scary part is that some of the people that know nothing about src code will believe that post really refers to children.

I did get a good laugh from it though.  :)

Re: FUNCTION RANDOM - All Things Technological On Your Mind
« Reply #1109 on: December 11, 2016, 02:32:19 AM »
OMFG !    The scary part is that some of the people that know nothing about src code will believe that post really refers to children.

I did get a good laugh from it though.  :)

You mean there's a reasonable explanation for it? Can you explain?