hate these ads?, log in or register to hide them
Page 9 of 10 FirstFirst ... 678910 LastLast
Results 161 to 180 of 191

Thread: Antivirus is shit, everything is compromised, etc etc (Cybersecurity thread)

  1. #161
    Donor erichkknaar's Avatar
    Join Date
    April 10, 2011
    Posts
    8,964
    Quote Originally Posted by Daneel Trevize View Post
    Alright, keep calm, no need to get so defencive about something "you just came across".

    Either Brave's servers are a single middleman for serving you tailored ads according to your history, or your browser knows which supplies to request from based upon local data. Either way, either Brave or the ad supplier can still profile you and there's nothing being FOSS can do about that.
    The difference is that you have given them explicit permission to do so.
    meh

  2. #162
    walrus's Avatar
    Join Date
    April 9, 2011
    Location
    Fancomicidolkostümier- ungsspielgruppenzusammenkunft
    Posts
    5,945
    Quote Originally Posted by Nordstern View Post
    If you needed a reason to use NoScript, here's a really good reason.
    Jokes on them.

    I'm browsing with a dual core AMD Sempron 2650 @ 1.4 ghz with a passive R5 230.

    Also, I've assembled my computer case from plywood.
      Spoiler:
    Quote Originally Posted by RazoR View Post
    But islamism IS a product of class warfare. Rich white countries come into developing brown dictatorships, wreck the leadership, infrastructure and economy and then act all surprised that religious fanaticism is on the rise.
    Also:
    Quote Originally Posted by Tellenta View Post
    walrus isnt a bad poster.
    Quote Originally Posted by cullnean View Post
    also i like walrus.
    Quote Originally Posted by AmaNutin View Post
    Yer a hoot

  3. #163
    Movember 2011Movember 2012 Nordstern's Avatar
    Join Date
    April 10, 2011
    Posts
    8,415
    https://www.bleepingcomputer.com/new...orse-each-day/

    On top of this, the cryptojacking craze has also spread to WordPress plugins. Bleeping Computer spotted three plugins uploaded on the official WordPress repo in the past week: WP Monero Miner with Coin Hive (now removed), Simple Monero Miner – Coin Hive, and Coin Hive Ultimate Plugin.

    There is now a WordPress plugin for Coinhive mining https://t.co/ZVe2ZGCiQb #monero pic.twitter.com/tUgBRw0qSx
    — Catalin Cimpanu (@campuscodi) October 14, 2017

    While it's not illegal to run an in-browser miner on your WordPress site, none of these WordPress plugins or any of the above-mentioned services provide a way to let users know what's happening.

    From research on the topic, in-browser miners are usually deployed on questionable websites, such as piracy portals, illegal streaming services, adult portals, and others. A study by Palo Alto of over 1,000 sites engaged in cryptojacking found that 35% of these sites were hosted on .download and .bid domains.

    Other cases where you'll generally find cryptojacking these days is on hacked legitimate websites, where this happens without the site owner's knowledge.

    This is exactly what happened last week when Mursch spotted a cryptocurrency miner on PolitiFact, a well-known US politics portal. In the end, site admins removed the script, stopping short of admitting they were hacked.

    Similar legitimate sites that deployed in-browser miners in what looked to be hacking incidents include Showtime, AirAsia, TuneProtect, and the official website of Real Madrid soccer star Cristiano Ronaldo.
    "Holy shit, I ask you to stop being autistic and you debate what autistic is." - spasm
    Quote Originally Posted by Larkonis Trassler View Post
    WTF I hate white people now...

  4. #164
    root's Avatar
    Join Date
    April 26, 2011
    Location
    The Camel Empire
    Posts
    2,917
    One of the torrent trackers i'm on has now opt in browser mining for download credits.
    That I'm fine with, because it tells you whats going on and you have to choose to participate.
    The Rapier is my love boat
    ~lowsec smallscale pvp 'n stuff~

  5. #165
    spitroast's Avatar
    Join Date
    June 8, 2015
    Location
    Angry Northern Bastard, UK
    Posts
    2,555
    I found a nice plugin for Chrome, No-Script Lite Suite lets you whitelist sites that use Javascript which will stop any dodgy code running on your machine

  6. #166
    Movember 2011Movember 2012 Nordstern's Avatar
    Join Date
    April 10, 2011
    Posts
    8,415
    Quote Originally Posted by spitroast View Post
    I found a nice plugin for Chrome, No-Script Lite Suite lets you whitelist sites that use Javascript which will stop any dodgy code running on your machine
    That's not made by the NoScript creator, so be wary.
    "Holy shit, I ask you to stop being autistic and you debate what autistic is." - spasm
    Quote Originally Posted by Larkonis Trassler View Post
    WTF I hate white people now...

  7. #167
    spitroast's Avatar
    Join Date
    June 8, 2015
    Location
    Angry Northern Bastard, UK
    Posts
    2,555
    Quote Originally Posted by Nordstern View Post
    Quote Originally Posted by spitroast View Post
    I found a nice plugin for Chrome, No-Script Lite Suite lets you whitelist sites that use Javascript which will stop any dodgy code running on your machine
    That's not made by the NoScript creator, so be wary.
    Yeah cancel that tbh I just found uMatrix which does it better

  8. #168
    Lana Torrin's Avatar
    Join Date
    April 13, 2011
    Location
    Bonding around
    Posts
    17,946
    Quote Originally Posted by spitroast View Post
    Quote Originally Posted by Nordstern View Post
    Quote Originally Posted by spitroast View Post
    I found a nice plugin for Chrome, No-Script Lite Suite lets you whitelist sites that use Javascript which will stop any dodgy code running on your machine
    That's not made by the NoScript creator, so be wary.
    Yeah cancel that tbh I just found uMatrix which does it better
    It did a very good job of fucking up my browsing, so it's doing something.
    Quote Originally Posted by lubica
    And her name was Limul Azgoden, a lowly peasant girl.

  9. #169

    Join Date
    April 10, 2011
    Location
    Embracing Mediocrity
    Posts
    2,691
    Quote Originally Posted by Nordstern View Post
    If you needed a reason to use NoScript, here's a really good reason.
    Booted up old Win7 box that hasn't been used in over six months because I wanted to set it up out in the garage. Visited a few websites, mainly YouTube and Netgear's website, as well as run some Windows Updates. Malwarebytes found Brocoiner.C on the system, almost all the search results about it online are from the past week.

    Saw a thread where people on the official ASUS forum were getting 100% CPU utilization while the site was open in a tab.

    Seems this stuff is getting pretty widespread, will definitely be running NoScript from here on in.

  10. #170
    Movember 2011Movember 2012 Nordstern's Avatar
    Join Date
    April 10, 2011
    Posts
    8,415
    Crunchyroll was hit by a DNS hack, which redirected people to a github file that encrypted their hard drive. Time to purge whitelists of everything but the essentials.
    "Holy shit, I ask you to stop being autistic and you debate what autistic is." - spasm
    Quote Originally Posted by Larkonis Trassler View Post
    WTF I hate white people now...

  11. #171
    Movember 2011Movember 2012 Nordstern's Avatar
    Join Date
    April 10, 2011
    Posts
    8,415
    Quote Originally Posted by Boltorano View Post
    Quote Originally Posted by Nordstern View Post
    If you needed a reason to use NoScript, here's a really good reason.
    Booted up old Win7 box that hasn't been used in over six months because I wanted to set it up out in the garage. Visited a few websites, mainly YouTube and Netgear's website, as well as run some Windows Updates. Malwarebytes found Brocoiner.C on the system, almost all the search results about it online are from the past week.

    Saw a thread where people on the official ASUS forum were getting 100% CPU utilization while the site was open in a tab.

    Seems this stuff is getting pretty widespread, will definitely be running NoScript from here on in.
    Do you want a whitelist for credit card processing domains? It will help avoid double orders.
    "Holy shit, I ask you to stop being autistic and you debate what autistic is." - spasm
    Quote Originally Posted by Larkonis Trassler View Post
    WTF I hate white people now...

  12. #172
    Movember 2011Movember 2012 Nordstern's Avatar
    Join Date
    April 10, 2011
    Posts
    8,415
    Hello guys, just relaying the information!
    Source : https://rbt.asia/g/thread/62641401/#62645883
    Images: https://imgur.com/a/NoehA
    So apparently the software of the Mantistek GK2 is sending all our keypress to an Alibaba.com server! This is sick, imagine the level of information they have about passwords and logins...
    "Holy shit, I ask you to stop being autistic and you debate what autistic is." - spasm
    Quote Originally Posted by Larkonis Trassler View Post
    WTF I hate white people now...

  13. #173

    Join Date
    May 30, 2011
    Location
    asleep
    Posts
    5,848
    Quote Originally Posted by Nordstern View Post
    Crunchyroll was hit by a DNS hack, which redirected Weebo's to a github file that encrypted their hard drive. Time to purge whitelists of everything but the essentials.
    fixt
    Please don't teach me what to do with my pc.

  14. #174
    root's Avatar
    Join Date
    April 26, 2011
    Location
    The Camel Empire
    Posts
    2,917
    What is "Mantistek GK2"?
    Do I want to google that?
    The Rapier is my love boat
    ~lowsec smallscale pvp 'n stuff~

  15. #175
    Movember 2011Movember 2012 Nordstern's Avatar
    Join Date
    April 10, 2011
    Posts
    8,415
    Quote Originally Posted by root View Post
    What is "Mantistek GK2"?
    Do I want to google that?
    mechanical keyboard
    "Holy shit, I ask you to stop being autistic and you debate what autistic is." - spasm
    Quote Originally Posted by Larkonis Trassler View Post
    WTF I hate white people now...

  16. #176
    root's Avatar
    Join Date
    April 26, 2011
    Location
    The Camel Empire
    Posts
    2,917
    oh wow. I just bought a Mechanical China keyboard from banggood, though it should work without software.
    The Rapier is my love boat
    ~lowsec smallscale pvp 'n stuff~

  17. #177
    XenosisMk4's Avatar
    Join Date
    July 13, 2017
    Location
    More turbo-lightspeed neoliberal platitudes/virtue signaling/misplaced priorities on full display.
    Posts
    1,569
    Quote Originally Posted by Nordstern View Post
    Crunchyroll was hit by a DNS hack, which redirected people to a github file that encrypted their hard drive. Time to purge whitelists of everything but the essentials.
    Thats what you get for paying for a trash service which hates its customers

    Quote Originally Posted by root View Post
    oh wow. I just bought a Mechanical China keyboard from banggood, though it should work without software.
    I have a Noppoo mech keyboard, didn't need any software to use so you should be fine

    They're all essentially the same board with a difference case/caps

  18. #178
    Movember 2011Movember 2012 Nordstern's Avatar
    Join Date
    April 10, 2011
    Posts
    8,415
    WELP

    "Holy shit, I ask you to stop being autistic and you debate what autistic is." - spasm
    Quote Originally Posted by Larkonis Trassler View Post
    WTF I hate white people now...

  19. #179
    Daneel Trevize's Avatar
    Join Date
    April 10, 2011
    Location
    T L A
    Posts
    12,022
    Do they mean they can access the JTAG debugging interface via plugging in a generic USB device (I thought JTAG/TAP access required connecting to dedicated physical pins/headers on the chipset)?
    Or do they mean they used debugging to dump the ROM of the "Converged Security and Manageability Engine", the (Minix-derived) OS inside the CPU, to then start disassembling it all?

    Reading reddit re: this, will update...

    A USB DCI is a non-generic USB device able to talk JTAG.
    By default, JTAG should be disabled in the BIOS. But some OEMs ship machines with it enabled.
    Quote Originally Posted by Intel
    To provide additional security, the DCI interface is disabled by default per Intel specification and can only be enabled with user consent via BIOS configuration
    via Digital Trends.

    So you need physical access, a specific USB device, and either a not-password-protected BIOS or a dumb configuration.

    As to the consequences, haven't found anything concrete yet, other than JTAG typically permits read & write of registers, which is basically absolute control via privilege escalation.
    Last edited by Daneel Trevize; November 9 2017 at 09:13:48 AM.
    Quote Originally Posted by QuackBot View Post
    Idk about that, and i'm fucking stupid.

  20. #180
    Lana Torrin's Avatar
    Join Date
    April 13, 2011
    Location
    Bonding around
    Posts
    17,946
    Wonder if you can do it via emulated USB....
    Quote Originally Posted by lubica
    And her name was Limul Azgoden, a lowly peasant girl.

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •