Domain: scansafe.com
Stories and comments across the archive that link to scansafe.com.
Comments · 6
-
Ummmm, yes... apk
"How about if - rather than an FBI warning or whatever - the site is replaced by a clone that sniffs your info or installs trojans?" - by phorm (591458) on Friday November 26, @01:29PM (#34351528) Homepage
HOSTS can also be used to block KNOWN bad websites that serve up malware:
http://ddanchev.blogspot.com/
http://www.malwareurl.com/listing-urls.php?page=1&urls=off&rp=
http://www.malware.com.br/lists.shtml
http://securitylabs.websense.com/content/alerts.aspx
http://www.stopbadware.org/
http://blog.fireeye.com/
http://mtc.sri.com/
http://www.scansafe.com/threat_center/threat_alerts
http://news.netcraft.com/
http://www.shadowserver.org/
https://zeustracker.abuse.ch/monitor.php?filter=onlineMany of those sites have "removal lists" IF a site cleans itself up, or if it just "drops out of site"!
(The latter I don't trust though, because malware makers "recycle" domainname/hostnames they own, & the RBN (russian business network) though thought 'dead'? Has had it's domain/host names reused by ANOTHER botnet recently!)...
Thus, I add those sites that are known as serving up malware exploits as BLOCKED in my HOSTS file, and I can't get to them, until they're proven clean (I don't remove ones that just "drop" because they've been shown to get "recycled/reused").
APK
P.S.=>
"And when the server gets bushwhacked instead of the domain, and they move to a new host - but you're still getting the old IP from your hosts file - then what?" - by phorm (591458) on Friday November 26, @01:29PM (#34351528) Homepage
I again confronted you today on this, as to HOW you were "modded up" here -> http://slashdot.org/comments.pl?sid=1887878&cid=34387450 because I already covered the other part in my initial reply with this statement (as to sites changing IP addresses) requoted, again, below next:
"& if they change it again? Re-Ping (with a double verifying WHOIS) said site & the TLD that does NOTHING but resolve hosts/domains to their correct IP will give you a correct IP address (provided you're NOT being "man-in-the-middle" attacked) to reinsert into your hosts file to update it..." - by Anonymous Coward on Friday November 26, @12:36PM (#34351132)
As to verifying IP addresses changing on sites.
So, if a site also is proven to harbor malware exploits?? A custom HOSTS file is also used to block those out until they are proven CLEAN... get it??
I don't see HOW/WHY you were modded up, because I cover the 1st point & anyone that knows how to use a HOSTS file knows it can be used to BLOCK OUT BAD SITES/SERVERS THAT SERVE UP EXPLOITS TOO, per the above... apk
-
Agreed on DNSSEC, but until then?
I use a "hard-coded" HOSTS file entry for my "fav" websites (like this one for example) that allows me to reach what ping'd off as "legit" @ the start of the year here, and remains so today (which is how I validate it, against the TLD that does nothing but resolve IP addresses to their correct domainname/hostname).
Additionally: This allows me to also reach them faster by not making DNS requests for them, which involves turn around response times from DNS servers, which this technique avoids said "lag"...
(Especially since 200 of my favs. are done thus in my HOSTS file, and I block out KNOWN bad sites/servers in it as well to avoid "sucking in" malscripted or other types of exploits via malevolent people)
This practice also allows me to be less "trackable" (sure, I'm still trackable by ISP/BSP, but not as easily) since I am NOT showing up on DNS request logs for my favs (where I spend a GOOD 95% of my time online each day anyhow).
Lastly, this practice also allows me to reach said sites IF my DNS servers I do use "go down" or are "misdirected" via the Kaminsky 'hack' (since they're hardcoded)... I do so, because I can't do the entire net in my HOSTS file as "hard-codes"!
Now, IF a site I like & hardcode "turns up bad" or "infected"? I get notification via the sources listed below
... and it gets blocked, even if temporarily only (& if they clean themselves up, it shows in the removal lists those sources provide too, & those sources also have "validation" screens where you can check if a site is currently "a plague ship" too - can't beat that!).As far as DNS servers though?
Well, I use either ScrubIT DNS or OpenDNS (both are good & fast + per many DNS flaws, OpenDNS is KNOWN to "patch right away" if possible + they DO pay attention to blocking out various forms of "questionable" or "threatening" material). I also "alternate them", periodically, between those 2 (for avoiding tracking a BIT better, yes, & even from they, via DNS requests logs).
APK
P.S.=> What I do know though, is that it makes me FASTER online & SAFER TOO, by far!
My friends + family & even customers, plus others in forums I have "turned on" to this very old technique (that nowadays seems forgotten) also note it!
E.G.-> My best pal says "my online speed has DOUBLED using HOSTS files" & he used to get 200++ infestations a month (no joke) & he's down to MAYBE 2 a yr. now using HOSTS alone! We even setup his system for 8++ months without a firewall, on older Windows 2000 unpatched, & no firewall... he still had a much lower infection rate!
I also block out adbanners (sorry webmasters - I pay for my online time out of my own pocket)
I want ALL the speed I pay for, & I get a "no commercials/HBO internet" this way, much faster & safer too (since adbanners have been found w/ malicious script content in them many times the past 4-5 yrs. now no less),
This also protects myself vs. the "Kaminsky security crack" in DNS, noted above!
I also protect users & myself via HOSTS files, vs. KNOWN bad sites, via these reputable sources (others too, but here are the "bulk" of them I use to populate my HOSTS file for these purposes):
http://ddanchev.blogspot.com/
http://www.malwareurl.com/listing-urls.php?page=1&urls=off&rp=
http://www.malware.com.br/lists.shtml
http://securitylabs.websense.com/content/alerts.aspx
http://www.stopbadware.org/
http://blog.fireeye.com/
http://mtc.sri.com/
http://www.scansafe.com/threat_center/threat_alerts -
I add between 50-2000 new bad sites a day... apk
To a custom hosts file: That tell you anything? It used to only be that many a month years ago prior to I'd say, 2004 or thereabouts...
Additionally, to so do, I'm still using the same decent sources as well as my own I built up from the same sources since 1997:
Spybot Search & Destroy's "IMMUNIZE" feature
http://ddanchev.blogspot.com/
http://www.malwareurl.com/listing-urls.php?page=1&urls=off&rp=
http://www.malware.com.br/lists.shtml
http://securitylabs.websense.com/content/alerts.aspx
http://www.stopbadware.org/
http://blog.fireeye.com/
http://mtc.sri.com/
http://www.scansafe.com/threat_center/threat_alerts
http://news.netcraft.com/
http://www.shadowserver.org/
https://zeustracker.abuse.ch/monitor.php?filter=onlineToday/Nowadays? It's worse than it was as far as PC's being @ risk online just on sheer numbers of bogus sites or even banner ads that are maliciously scripted in intent. Just on sheer numbers alone.
APK
P.S.=> In summation, all I can tell you, from my "POV" of making a hosts file full of known malware or maliciously scripted sites for a LONG time now is, it's gotten worse, & is happening FAR faster than it used to be (more folks understand coding now is why most likely & the tools are simpler/better too), & I've been building up a closing in on 1 million bogus sites based HOSTS file for over 14 or so years now as my basis in fact here is all...
-
I don't know about 1 million in Q2 2010, but...
"Web anti malware firm Dasient has published data claiming that more than 1 million Web sites were compromised in the second quarter, 2010 - a sharp increase. *In Sean Connery's James Bond voice* Of course they have." - by AnonymousClown (1788472) on Thursday September 16, @12:25PM (#33600940)
I don't know about THAT, however? Well - I DO know that my personal custom HOSTS file is nearly @ 1 million absolutely unique entries of known bad sites/servers, and it took me nearly 10++ yrs. now to get it to that # no less!
I populate it from very reputable & reliable sources listed below:
----
http://ddanchev.blogspot.com/
http://www.malware.com.br/lists.shtml
http://securitylabs.websense.com/content/alerts.aspx
http://www.stopbadware.org/
http://blog.fireeye.com/
http://mtc.sri.com/
http://www.scansafe.com/threat_center/threat_alerts
http://news.netcraft.com/
http://www.shadowserver.org/
https://zeustracker.abuse.ch/monitor.php?filter=online
http://en.wikipedia.org/wiki/Hosts_file
http://www.mvps.org/
http://someonewhocares.org/
http://hostsfile.mine.nu/hosts0
http://hosts-file.net/?s=Download
http://www.stopbadware.org/home+ Spybot "Search & Destroy" IMMUNIZE feature add ons also...
----
In fact, as far as growth this summer alone? It's been more than usual, and last summer last year was the same it seems/iirc too...
However: Ahem - 1 million++ new known bad sites &/or servers, & in just 1 quarter?
(Hey, anything's possible, but that's a bit "excessive/steep" imo @ least... still, one never knows! Still, I somehow DOUBT it's that bad out there. Yes, it's bad, but not THAT bad... I don't think so @ least, and I tend to keep pretty steady-eddy tracking of this up (for over 10++ yrs. now @ sites & sources such as those listed above via populating my custom HOSTS file for both added security AND added speed))
I.E./E.G.-> The # of entries of known bad sites &/or servers in my HOSTS file, which a great deal of came from my sources listed above no less, had grown this year from July 15th 2010 to Sept. 15th 2010 by almost 18,000 entries alone at the tail-end of this summer alone (up to 881, 543++ total entries, & gaining typically between 50-250 more each day).
It's crazy out there now, but it doesn't affect "me or mine", because I cannot be hurt by that which I cannot enter to get hurt by it, such as a bad website that's malscripted or bears a malware, because that's what HOSTS files do, at least part in the way of security (and more for speed such as adbanner blocking (which also helps security too, because many a banner ad has been found with malicious code in it too the past few years now as well), and site IP-to-URL hardcoding): HOSTS files, if done right, can keep you from getting burned in a bogus kitchen, so-to-speak!
Still - 1 million++ new known bad sites in just 1 quarter this year 2010? I have trouble with that estimation, in believing it to be blunt about it, & yes, I have been looking at this type of data for quite a long time now (over 10++ yrs. in fact, in making a custom HOSTS file to protect vs. this type of lunacy).
APK
P.S.=> Since I
-
If this is about stopping botnets, malware, etc.?
Per my subject-line above. & this quote from the article here on
/.:"The Cybersecurity Act of 2009 passed a Senate panel, giving the president unprecedented power to issue a nation-wide blackout or restriction on websites without congressional approval" - by Akido37 (1473009) on Tuesday March 30, @10:49AM (#31670706)
?
Well, then from the SOUND of it @ least, I am ALL FOR IT personally!
Why??
Well, because online attacks DO go on, & they DO exist, & they DO INTERFERE WITH PEOPLE'S LIVES IN SERIOUS WAYS IS WHY!
(AND, in many ways, because a LOT goes over "the public internet" people, a lot more than say, slashdot webpages, whether you know it or not)...
E.G.-> Such as databases' drivers & libs using ports on the net, like:
----
A.) SQLServer = default ports usually used -> 1433/1434/4022/2382/2382/443 (SSL)/135 (RPC) & on both UDP & TCP/IP
B.) Oracle = default ports usually used -> 66/1521/1525/1526/1527/1529/1571/1575/1630/1748/1754/1808/1809/1830/2481/2482/2483/2484/3872/3891/3938
C.) IBM DB/2 = default ports usually used -> 523/532/6789/50000/60000 (probably more here, this is the one I am LEAST familiar with, sorry I could not be more "complete" here)
D.) MySQL = default ports usually used -> 3306 (probably more here too, I am JUST "getting into" this one lately (hey, it's FREE man!!!)
----
(Those tools, as I am sure MOST of you know, are for businesses where YOU yourself do business, which means YOUR MONIES or other life-crucial information, for instance - which again, is a LOT more than & of most likely far greater import than merely the web's HTML data alone you use, while you browse websites, in other words...)
And, then there are things like POWER PLANTS (which, like it or not, DO conduct things over the public internet), & even life-monitoring devices + security systems.
SHOULD THE GOV'T. TAKE ACTIVE MEASURES vs. ATTACKS ON THESE THINGS NOTED ABOVE? Hey guys...?? ABSOLUTELY!
(Especially IF they're being "cyber-attacked", OR, just to prepare for such an event, JUST IN CASE!)
APK
P.S.=> See- The past 12 yrs. now or so, I've taken a more than "somewhat" active interest in things 'security-related' online... &, know what sort of "spooks me" (& yes, even shocks me, because of the cultures/nations I see it coming from mainly)?
CHINA...
Yes - It really "blows my mind" that a culture w/ more than 5,000++ yrs. of recorded history behind it is showing up, & MORE THAN ANY OTHER NATION BY FAR, in the lists I use to populate my HOSTS file here, & here are the sources (all known & reputable) I typically utilize, so you can check this yourselves (or, perhaps, even USE THEM yourselves for hosts file population to block out known bogus sites &/or servers):
-----
http://ddanchev.blogspot.com/
http://www.malwareurl.com/listing-urls.php?page=1&urls=off&rp=
http://www.malware.com.br/lists.shtml
http://securitylabs.websense.com/content/alerts.aspx
http://blog.fireeye.com/
http://mtc.sri.com/
http://www.scansafe.com/threat_center/threat_alerts
http://news.netcraft.com/
http://www.shadowserver.org/
https://zeustracker.abuse.ch/monitor.php?filter=online
http://en.wikipedia.org/wiki/Hosts_file -
"Leaked blacklists"
Interesting topic. First, there is no loss of security in publicising blacklists. It is a bit silly (or nasty) to claim this is some security breach when it simply isnt.
The problem with web filtering is that there is a market for it. People want to buy it. People are making money on it. It is not going away.
Now, what aussie govt is doing is plain wrong. But, at least, they are not doing it in secret like in the UK... On balance, UK's filter is not mandated by the government, rather it is chosen by ISPs.
Either way, the technology simply isn't there yet.