Comcast Using JavaScript Injection To Serve Ads On Public Wi-Fi Hotspots

An anonymous reader writes: For some time now, Comcast has setting up public Wi-Fi hotspots, some of which are run on the routers of paying subscribers. The public hotspots are free, but not without cost: Comcast uses JavaScript to inject self-promotional ads into the pages served to users. "Security implications of the use of JavaScript can be debated endlessly, but it is capable of performing all manner of malicious actions, including controlling authentication cookies and redirecting where user data is submitted. ... Even if Comcast doesn't have any malicious intent, and even if hackers don't access the JavaScript, the interaction of the JavaScript with websites could "create" security vulnerabilities in websites, [EFF technologist Seth Schoen] said. "Their code, or the interaction of code with other things, could potentially create new security vulnerabilities in sites that didn't have them," Schoen said."

JavaScript

Yet another reason to disable JavaScript from your computing devices.

Re:JavaScript

[bondsbw]

Better yet, disable HTTP. This is a MITM injection attack and SSL was invented to help prevent this.

Re:JavaScript

[thieh]

People still have JavaScript on while using a public wifi network? O_o

Re:JavaScript

honestly the number of times i have to whitelist a page to run javascript is surprisingly small. In fact, some even end up working better (I'm looking at you theonion.com and your regional paywall-after-a-certain-number-of-pageviews).

Re:JavaScript

A lot of browser addons like NotScript and NoScript even allow you to easily whitelist javascript permissions by domain trying to do so on a page, so if things are not happy you just click the icon, and click allow for the domains that are pertinent to the site and not the ad networks et al.

Re:JavaScript

[MacDork]

Came here to say that. Would mod up. No points.

Re:JavaScript

That would be nice, but it's impossible to use the modern web and HTML5 without JavaScript.

Just disable JavaScript from third party sites. When you browse your local news page there is no reason for them to pull in scripts from adtech, google-analytics or whatever.
The pages that doesn't work when you disable external JavaScripts are just a handful and usually you just need to enable "samename-cdn.com" or similar because they store some stuff on another domain to distribute the load.

Re:JavaScript

[wonkey_monkey]

No points.

Or pronouns.

Re:JavaScript

[thegarbz]

Yes because often public wifi refuses to work altogether if you turn it off.

Re:JavaScript

> That would be nice, but it's impossible to use the modern web and HTML5 without JavaScript.

Tell that to the 2.2 millions users that have made NoScript the 3rd most popular non-developer add-on for firefox.

Re:JavaScript

[IndustrialComplex]

Which is great if you only visit the same sites. I try to do something similar to what you request, but if you don't have a regular set of websites you visit, you are going to be constantly twiddling permissions.

It's annoying enough when it's just me, but my parents/wife/family respond, "This website is broken, your setup drives me nuts, I just want things to work."

Re:JavaScript

Well then set up a virtual machine for everyone else so that they can have their slow, add riddled, web surfing nightmare.

Or get a second cheep computer that is "just for web browsing" that you dont care if you have to wipe every other week.

Re:JavaScript

[brm]

Better yet, disable HTTP. This is a MITM injection attack and SSL was invented to help prevent this.

FTP for the win.

Re:JavaScript

[RockDoctor]

It's annoying enough when it's just me, but my parents/wife/family respond, "This website is broken, your setup drives me nuts, I just want things to work."

Then disable disabling javascript for their users and keep their accounts in a sandbox, or on separate machines. If it's your network, and they've authorised you to manage security, backups and hardware then they get what you decide. Or they get to manage it themselves.

They do understand binary?

Copyright violation?

[crow]

Does this violate the copyright of the sites the user is visiting? By modifying the content stream, they're creating a derivative work without authorization.

On the other hand, user-controlled plugins and ad blockers do that all the time, so I wouldn't be too quick to make that argument in court.

Re:Copyright violation?

[thieh]

There is a subtle difference: user modification on visit is personal use and mostly not shared, what Comcast is doing is broadcasting modified content.

Re:Copyright violation?

[steppin_razor_LA]

I think it is.

It is one thing to install software on your own computer that serves modified content. When you start serving the modified content to other people, I believe that creates the difference.

If comcast can inject ads, then there would be no problem with ISPs offering "Advertising Filtering" proxy servers for their customers and serving them sanitized content.

Re:Copyright violation?

[arbiter1]

Well since you are getting connection to the internet for free, ad's are kinda normal end results so it can stay free.

Re:Copyright violation?

you are not getting internet for free, you have to sign in using your comcast id which is included with the comcast service you are paying for.

Re:Copyright violation?

[taustin]

And doing so for a commercial purpose. Which, in theory, could make it criminal.

Re:Copyright violation?

[taustin]

Of course there'd be a problem with that. Comcast's users won't pay as much for ad free content as their customers - advertisers - will pay to shove ads down your throat.

Re:Copyright violation?

Comcast users 'are' the product.

Re:Copyright violation?

[Em+Adespoton]

And doing so for a commercial purpose. Which, in theory, could make it criminal.

If I recall correctly, Comcast is currently arguing just this in court -- but for third parties stripping ads from their cable streams.

I think they're going to try really hard to differentiate between the goose and the gander here.

Re:Copyright violation?

[gstoddart]

As I recall, it's not free ... it's available to people who are already Comcast subscribers.

In other words, this should be no different from any other context in which you connect to the interwebs via your Comcast service.

Except Comcast is letting the people who host the routers pay the electrical bill, and injecting even more ads into it.

And I definitely agree that modifying other people's content is getting into a sketchy area of copyright, and possibly stealing the ad revenue from those site owners.

Because, if the people who actually own the sites aren't having their ads serves, but suddenly someone else's ads are showing up, then isn't Comcast just skimming from someone else's stuff?

Re:Copyright violation?

[sjames]

But Comcast is leading the user to believe that the page looks like their modified version. If the user mods the page with plugins, they know it isn't being displayed as I intended. I don't mind the user doing that, but I do mind an intermediary doing it.

Perhaps a plugin that checks the integrity of a page against an embedded signed hash and launches a DOS against the ISP if it has been corrupted.

Re:Copyright violation?

[j127]

No -- people already pay Comcast for service. This is just an attempt to unethically squeeze more money out of people.

Re:Copyright violation?

[Charliemopps]

Does this violate the copyright of the sites the user is visiting? By modifying the content stream, they're creating a derivative work without authorization.

On the other hand, user-controlled plugins and ad blockers do that all the time, so I wouldn't be too quick to make that argument in court.

I'd argue against that... except... by modifying the content en-route, they are likely pushing legitimate ad-content out of the users view. i.e. If I ran a search engine, and paid for that service by placing a banner add at the bottom advertising chicken wings... and then Comcast did their injection attack and pushed that add further down, they would most certainly be affecting my commercial revenue.

If the user chose to block that add themselves, that would be entirely different. They made a choice to do so, or to scroll their screen. But this is an intermediary company forcing that content out of the users view for a profit. I'd say the EFF should throw up a page, visit it on one of these networks and then sue the living crap out of Comcast.

Re:Copyright violation?

[sjames]

The owner of the copyright on the web page isn't getting free anything from Comcast. In fact, if they're getting hit up for protection money (nice website you have there. It'd be a real shame if it took 5 minuted to load....)

Re:Copyright violation?

[wiredlogic]

There are no legal issues with an end user altering the presentation of what they receive to suit their needs. It's not like you're under contract to download all of the cross-site scripts today's hipster web developers burden their creations with. Injecting some Greasemonkey Javascript or blocking malicious code can be interpreted as a derivative work but there is no further distribution to other parties to make the case of damages through copyright infringement. This is commonly done with screen readers and other non-traditional browsers that need to simplify the content. Having a middle man do that without consent by either sender or receiver is another thing entirely.

Re:Copyright violation?

[Penguinisto]

And doing so for a commercial purpose. Which, in theory, could make it criminal.

At the very least they are modifying user content, which should by all rights push them out of any DMCA safe harbor protections.

Re:Copyright violation?

[Penguinisto]

Well since you are getting connection to the internet for free...

Nope, not true.

I don't have Comcast's phone or TV service (both of which suck), and only have their internet service because that's what we're stuck with in this little town for broadband (at least until sat/wireless catches up in speed). ...and yeah, those bills they send me every month say that you're sadly mistaken.

Re:Copyright violation?

[FatdogHaiku]

I think they're going to try really hard to differentiate between the goose and the gander here.

goose = about to be cooked
gander = watching goose process

Re:Copyright violation?

[jamesjw]

STFU

Why is ComCast's marketing dept posting as 'AC'? :)

Re:Copyright violation?

Concast technically aren't broadcasting a single thing.
The router is what is doing the changing, which is under ownership of the end-user.

This is a full grey-area topic that nothing covers.
I can assume it is going to get dealt with over the coming years though.
Some people are likely not going to like this feature at all.

I personally wouldn't mind mesh-networking and public Wifis if the hardware that controls it is COMPLETELY separate from the hardware which my network exists on.
The only connection should be the shared power supply and a very basic read-only API that lets you see the public wifis activity, and a password that is encoded on the bottom of each router and never in any manual (even not mentioned at all) to deter the average user from getting in to the admin panel for the thing.
They can log whatever the hell they want in the public network as well, so if some dodgy tit uploads child porn or terrorist manuals or whatever else, I'd not get arrested for it. But considering this awful new world, technological morons still think IPs = identities. That will only be partially true when IPv6 comes around.

Re:Copyright violation?

[Nite_Hawk]

Oh, a DOS doesn't need to be launched, that would imply you are trying to circumvent the courts. Merely have the plugin send a DMCA take down notice to the content provider every time it detects that an unauthorized derivative work has been made and shared.

Re:Copyright violation?

STFU

Why is ComCast's marketing dept posting as 'AC'? :)

Shhhhush now, or you might wake up the product. Let them sleep, they so cute and quiet when their eyes are closed.

Re:Copyright violation?

[dugancent]

Only leased routers do this, so the router is under ownership of Comcast and is rented to the end-user.

Re:Copyright violation?

[thieh]

... I don't think it is necessarily the end-user: the guy getting free hotspot wifi isn't necessarily the same guy who rents the router.

Re:Copyright violation?

[sconeu]

Please. Copyright is to be used *BY* the $BIG_CORPORATIONS against $LITTLE_PEOPLE and $SMALL_BUSINESS, not the other way around.

That's why $BIG_CORPORATIONS bought the current laws!!!

Re:Copyright violation?

[MobSwatter]

Soon... Valentines Day...

Re:Copyright violation?

It's more serious. It violates the CFAA, since it injects code that make other computers do things they weren't indended to do (put advertising).

The responsible people should be jailed.

Re:Copyright violation?

[taustin]

What a crushing rejoined. I'm going to go commit suicide now out of shame.

Re:Copyright violation?

[Tablizer]

Leave it to Comcast to test the boundaries of sleazy practices.

Re:Copyright violation?

[arner]

Exactly. I know for a fact that this is the case in Europe (if you're interested, it's in the E-Commerce Directive, article 12: http://eur-lex.europa.eu/legal...). Cases are known in the Netherlands where acting as a moderator on a forum made someone liable for stuff that got posted there, whereas if you don't do anything with the content you're pretty much safe...

Re:Copyright violation?

which should by all rights push them out of any DMCA safe harbor protections.

And outof the realm of a "common carrier", which could have the effect that they may be held accountable when any of their datastreams serves malware to the user. That could get very costly to them -- either in payments to the user, or in equipment to scrub such malware from their data streams.

Re:Copyright violation?

[Jason+Levine]

Well, then obviously, you charge those ad distributors for a silver ad plan that gets by the filters.

Then charge customers for a silver ad blocking plan that blocks them.

But a gold ad plan will get by that.

But a gold ad blocking plan will block that.

But a platinum ad plan will get by even that....

Queue Comcast's CEO singing "We're In The Money!"

Re:Copyright violation?

And then the writers of that plugin and quite possibly its users better be planning on being prosecuted for those DOS attacks.

Re:Copyright violation?

[sjames]

How about if a EULA is includes as a recognition string on the signature? "By altering this page you request our extra special network resiliency testing service. If EULAS are legal, then so is that.

Re:Copyright violation?

[Aaden42]

There’s nothing grey here. What matters is who’s instructing the router to make changes.

Car analogy time: If you borrow a car that I own, and you run someone over with it, you are generally speaking liable for actions you initiated, not me as owner of the car. (Granted, if I cut the brake lines before you borrowed it, that changes things, but let’s assume a mechanically sound vehicle for sake of argument.)

Comcast programs the routers(*) to modify content. The Comcast subscriber where the router is installed has no control over that process. The act that causes the modification to occur is purely done by Comcast. If there are copyright or other issues here (not sure that there are, but seems plausible) only Comcast bears responsibility for them. Not grey at all in terms of culpability here.

(*) Some routers somewhere. I haven’t read anything that suggests that it’s actually modified at the subscriber’s WiFi endpoint router. They could (more) easily modify it upstream in their network somewhere. That seems a more likely implementation approach and would moot this entire conversation.

Re:Copyright violation?

[Aaden42]

Contract law doesn’t work like that, fortunately.

The ISP (allegedly a common carrier) isn’t a party to that EULA. Only the end-user accessing the site is. The end user has no power to bind the ISP legally to anything.

Aside from that, such a term would never be enforceable in any kind of website AUP. I can put, “By accessing my home page, you owe me a million dollars,” but it ain’t gonna fly...

Re:Copyright violation?

Since when did anyone here ever care about copyright? I guess copyright is only good when it works in your favor?

Steal away, now. Steal away.

Thanks,
Robert Plant.

Re:Copyright violation?

[sjames]

That is actually why I oppose EULAS in general. I'm just noting that the courts have a sketchy record when it comes to making sense.

For the rest, I could argue that since the ISP inspected the payload of the packet rather than just the header, they imposed themselves as a party to the transaction. A common carried just sends the bits along.

Another amusing option would be accessing the GOP homepage and then starting a stink over them so blatantly endorsing Comcast...

Or perhaps some .gov pages...

Re:Copyright violation?

[david_thornley]

Okay, IANAL, but this is my understanding. If you're the copyright holder, nobody has the right to change your work without your permission (which may be a CC license or something).

Copyrights in the US are registered and unregistered. Both are valid, but there's differences in the enforcement. If somebody violates your unregistered copyright, I believe you'd have to sue for actual losses, which in most cases is a whole lot below the filing fee to sue. If somebody violates a copyright you'd registered previously,. I believe you can sue for statutory damages, which are a lot more than a filing fee. There's also criminal copyright violation, which is partly based on number of distributions and the fact that it's commercial copyright infringement. However, you'd have to get a prosecutor interested in suing Comcast, and that may be difficult.

So, create a static web page (it has to be static for it to be registered). Actually, do it with several web pages. Find somebody who's accessed them through ComCast's leased routers and finds them altered. Sue Comcast. Profit. (Where does the "???" come in?)

My standard disclaimer about how taking legal advice from a pseudonymous guy on the internet being stupid, and strongly recommending you talk to a real lawyer on any important issue should really go here.

Re:Copyright violation?

[j127]

Perhaps a plugin that checks the integrity of a page against an embedded signed hash and launches a DOS against the ISP if it has been corrupted.

Maybe Cloudflare could add that as a feature, since they rewrite HTML before delivery.

Re:Copyright violation?

[j127]

For clarification: definitely don't do a DOS. If the page is corrupted, just show the user a warning message and a way to take action, like click to tweet some bad publicity about Comcast. Twitter would be full of the hashtag and media would pick up the story.

Re:Copyright violation?

[j127]

And it would provide documentation for legal action against Comcast.

Re:Copyright violation?

It is tampering with a communication between two parties.

Which is a Federal criminal offense.

And this is why we're moving towards SSL only

Only way to keep the junk out.

Re:And this is why we're moving towards SSL only

[thieh]

I don't see why Comcast can't block everything that cannot be injected or block contents to you unless you allow them to separately launch ads using JavaScript.

Re:And this is why we're moving towards SSL only

Put your junk back away. This is no time to hang out with your wang out. But the point of SSL only is good as far as it goes. Of course we will probably eventually get ISPs that will use proxy servers to man-in-the-middle attack the SSL and serve this shit anyway.

Re:And this is why we're moving towards SSL only

If they want to render their service useless, they can of course do that. "Comcast Hotspot? Forget it, doesn't work." Yeah, that's what you want people to remember.

Re:And this is why we're moving towards SSL only

[sjames]

That should go over really well for internet banking and other security sensitive uses.

Re:And this is why we're moving towards SSL only

[thieh]

Just that the fine print for the Hotspot portal associated with the "agree" can contain a lot more than you can ever imagine. We are lucky they didn't include stuff like "by using this service you agree to let us modify everything of the operating system of your device(s)."

Re:And this is why we're moving towards SSL only

[Aaden42]

“To ensure your security, in order to use our service, you must follow these simple instructions so that your system will trust our security certificate.”

Then MitM every SSL request. There’s commercial carrier grade hardware that will carry out the MitM & injection, and I’d bet you get a huge portion of users who blindly do it. SSL be damned...

Re:And this is why we're moving towards SSL only

[Aaden42]

Easy fix for them: Whitelist of banks, etc. to not run injection on. They get to claim they’re preserving security for important sites while still injecting adds on everything else. Pretty sure most non-geeks would fall for it.

I've called comcast to "op out" four times

All FOUR times they told me "no problem sir". I finally went out and bought my own router.

Re:I've called comcast to "op out" four times

[Aaden42]

It drives me nuts that I have to give my cable company (TW) rights to modify the DOCSIS cable modem I bought & own by pushing TFTP configurations down to it. I can’t even imagine giving them ownership of a device that connects directly to the green side of my network that they can modify any time they want.

You can have my old PC router when you pry my cold dead fingers off it...

so don't use them!

[lophophore]

Don't use random hot spots. It's like safe sex, only for your computer. Stay away from sketchy connections.

Re:so don't use them!

But, I have needs!

(Captcha: packet)

Re:so don't use them!

[Ol+Olsoc]

Don't use random hot spots. It's like safe sex, only for your computer. Stay away from sketchy connections.

It's even like not buying what is advertised. I won't.

Re:so don't use them!

[dissy]

Don't use random hot spots. It's like safe sex, only for your computer.

[me] Aight baby, play with that packet. You know how I like it
[ap] tee hee *beep*
[me] oh yea, deeper inspection, deeper inspection! oh yea!
[ap] *56k carrier sound*
[me] That's what I like to hear! Now, I put on my robe and wizards hat
[ap] ... *stp-broadcast* ...
[me] baby-aye-pee you still there? Where'd ya go??

Re:so don't use them!

Don't use Comcast. It's like safe sex, only for your computer.

FTFY.

Re:so don't use them!

When partaking in safe computer sex, please remember that Trojans are a Bad Thing.

Re:so don't use them!

BUt just like sex, if you're jonesing hard enough, you'll do it with the bucktoothed fatty if you're feeling desperate

Re:so don't use them!

Don't use random hot spots. It's like safe sex, only for your computer.

[me] Aight baby, play with that packet. You know how I like it
[ap] tee hee *beep*
[me] oh yea, deeper inspection, deeper inspection! oh yea!
[ap] *56k carrier sound*
[me] That's what I like to hear! Now, I put on my robe and wizards hat
[ap] ... *stp-broadcast* ...
[me] baby-aye-pee you still there? Where'd ya go??

Good old BloodNinja... a true legend! Back when men were men, the Internet was much better, and people didn't call such things "meme" or "viral" and we didn't put shit in the "cloud."

So setup a case where harm is being done

[Mister+Liberty]

then take 'em to court.

Re:So setup a case where harm is being done

Take 'em to court for providing free WiFi? WTF. This is exactly why we can't have nice things. Fuck.

Re:So setup a case where harm is being done

[mcfedr]

take em to court for claiming to provide free internet and actually providing something quite different

Re:So setup a case where harm is being done

[david_thornley]

The WiFi isn't free; it's only for Comcast subscribers who already pay Comcast money. This makes it commercial, which means that Comcast is likely planning criminal copyright violations.

Wow.

What a bunch of colossal vermin.

Comcast:

Because Fuck You...That's Why.

FrontPorch Technology Ransacks the Device!!!

[TechForensics]

Did anyone catch the promise in the FrontPorch video ad that customers could use the technology to "gather valuable business intelligence"? Guess it doesn't only deliver ads... it ransacks the device!!!

Encrypt Everything

The ISPs can not be trusted with our data.

Terms and Conditions

[BKDotCom]

I'm sure the terms and conditions you agree to when using their hotspots explicitly grant them permission to do so.

Re:Terms and Conditions

[__aanbvm4272]

And AFAIK the article I read about the free wi-fi is ONLY for other comcast users that have similar devices enabled in their home spaces. Not everyone gets to use the Comcast "free" WiFi. Comcast put it this way to encourage customers to become part of their WiFi system. "Where ever you go you can get free WiFi from other Comcast user participants" (A paraphrase). Like one guy here said use your own router DON"T LEASE. please...

Re:Terms and Conditions

Last time I checked, I did not get give Comcast a permission to create derivative works from my content. Site users (/hotspot users) also do not have a license to grant that kind of permission.

Re:Terms and Conditions

[Aaden42]

That’s the grey area I wonder about. I think you’re right, but I could see arguments made the other way.

If it’s in the AUP that end-users are granting Comcast the right to modify pages they request, then they’re essentially granting a limited agency to Comcast to act on their behalf. The one similar case that comes to mind was some religious nutcase company that would send you DVD’s with all the racy & violent bits edited out so your good Christian family could still watch the 30 or so minutes that was left of most blockbuster movies... They had you buy a copy of the original, and I’m pretty sure they sent you both the original you purchased along with the modified version (for an additional fee over retail on the movie itself) so they could claim they weren’t really making a “copy” since you bought the original one. If I recall, the studios sued them for copyright infringement / derivative work, and the studios won, putting the god nuts out of business.

As an end-purchaser of a work, I certainly have the right to modify it for my own personal use (editing out the jiggly bits, removing ads, whatever) so long as I don’t distribute it. The decision in the video editing case means that at least in that situation, I can’t grant agency to someone else to create derivative works on my behalf. It seems like the same should apply to Comcast in this case, and even more-so given that the modifications in this instance are unlikely to be what the end user actually wants, but was merely tricked into agreeing to.

Content Security Policy

[Lightn]

It would be interesting to see what would happen if you browsed a website with Content Security Policy headers on a Comcast public Wi-Fi hotspot.

The technology is new enough that the injection technology might not handle it and thus the browser would block the ad. But if they did, by changing the CSP headers, the website might have a stronger case for suing Comcast since they would be explicitly bypassing a security technology.

Re:Content Security Policy

They already have a strong case. There doesn't need to be security in place to be liable for CFAA (IANAL, but there's plenty of cases out there)

Couldn't website owners sue them?

For lost ad revenue, dilution of trademarks or service quality, etc?

Illegal

[j127]

This must be illegal, since it modifies copyrighted content before delivery to the consumer. If this happens to your site, sue them for violating copyright. Can you imagine what it would do to a ad-free website's reputation to have some ads injected into it? This is an attack on web publishers.

Pick one

[ourlovecanlastforeve]

So now the Internet is complaining that the wifi access points they're totally not going to use because comcast is morally wrong to share your broadband without your permission is injecting ads into the experience. How do you know?

Copyright violation?

[j127]

Yes, definitely. Also, it violates the policies of ad-free sites to not subject their visitors to ads. Websites will not be able to maintain their terms of service. For example: if you pay the website for an ad-free subscription, and Comcast then injects ads, your customers are screwed.

An ad-blocker is for personal use -- kind of like marking a page in a book that you're reading or removing a picture because you don't want to see it. Systematic modification of copyrighted content before delivery to customers is definitely criminal.

JavaScript

[j127]

That would be nice, but it's impossible to use the modern web and HTML5 without JavaScript. Maybe Privacy Badger or Ghostery can block it.

Faraday Cage!

After calling Comcast several times asking them to please shut off the public wifi signal on my cable modem, I finally just put the whole thing inside a Faraday bag. Problem solved.

Re:Faraday Cage!

[Aaden42]

You know you can just buy your own DOCSIS cable modem and not pay them a monthly lease (and pay for the extra electricity), right?

Not surprised

[j127]

Comcast are serving ads with Doubleclick? Start a campaign to put pressure on Google to disallow the practice. DNS highjacking is another serious problem. T-Mobile and MetroPCS are going that at the moment. I get a page of T-Mobile ads when I try to search Google on my phone.

What Could POSSIBLY Go Wrong?

Well, since I write a system that uses HTTP:80 calls to send JSON and XML to AJAX handlers, if these systems piss ads into that stream, we'll have a problem...

Re:What Could POSSIBLY Go Wrong?

[Aaden42]

Most injection systems look at the Content-Type header and only inject text/html. Most of them are pretty conservative at this point and actually manage not to foul up most sites. Still evil and probably a copyright violation, but they’re generally smart enough not to monkey with AJAX calls, binary downloads, etc.

Around in Circles

ISPs used to be ad supported. There were tons of free dial-up ISPs like NetZero or Juno that gave you free internet access, but displayed an ad banner on your desktop. If Comcast is injecting ads (which has been done before by other ISPs and covered on Slashdot) into their 'free' wireless (you have to pay after an hour, I've used the service) then I'd don't have any moral issues switching mac address so I can continue using their ad supported service forever (though the speed is slower than dial-up during peak hours and at random other hours. Probably the wireless bandwidth was linked with the customer's real service instead of being separate).

Cookie settings help

[viperidaenz]

Always make sure your session cookies are tagged with HttpOnly, so Javascript code has no access to them.

From a user of a wifi hotspot's point of view, use a VPN or only browse HTTPS sites.

Re:Cookie settings help

[TheGratefulNet]

vpn. all the way.

you see that stream of octets? you can't get into them!

bwahahaha!

now, it seems that comcast (my isp) drops my vpn connection every few hours. I'm working on a modem reboot system that keeps my network up but its a huge PITA that comcast resets my connection several times a day and it requires a full modem reboot to get it back again.

still, I'll continue to use a vpn for many reasons. the 'opaque stream of octets' keeps their fingers out of my data, very nicely. they can't modify or read it in any way.

Re:Cookie settings help

Run your VPN over UDP instead of TCP. UDP doesn't even have the concept of a "reset" just lost packets which the higher-level protocol should take of retransmitting automatically.

Hosts file solution?

[keith_nt4]

Maybe I'm missing some thing here but it seems like a edit to a local hosts file could resolve this.

Generically, for instance, if the ads injected were coming from ads.comcast.net one could simply add a line to the hosts file:

0.0.0.0 ads.comcast.net

Wouldn't this prevent the ads from loading to begin with? I mean sure it's a little more difficult on phones and tablets but regular PCs it should be at all difficult to make this edit.

Since I'm apparently in a generous mood, for windows users, open an "administrator command prompt" and paste in the following line. You should be able to save the changes. If not the you might have take off the read-only flag. Sorry, it's been a while since I set it up on a fresh install.

notepad c:\Windows\System32\drivers\etc\hosts

Or do like a real geek and pipe all network traffic coming in to windows through a (properly configured) pfSense virtual machine.

Re:Hosts file solution?

[penix1]

You forgot a step if you are running 8.*. If you only do what you have, then Windows Defender will reject your edits as being "malicious".

See here to fix that:

http://winhelp2002.mvps.org/ho...

Re:Hosts file solution?

[mcfedr]

Everyone agrees that its easily worked around, a simple adblock extension will do it, but the point is rather more serious, that comcast think its ok to supply you not with the internet, but the internet according to comcast.

If I choose to do business with comcast?

Am I considered responsible for any damage done to someones data or computer system if it came from the access point in my house that I choose to connect to comcast?

Windows 8 reverts the hosts file

[tepples]

Maybe I'm missing some thing here but it seems like a edit to a local hosts file could resolve this.

You're not the only one who uses hosts files like this. When Flash ads first appeared on Slashdot, I started blocking servers that send Flash ads. (I'll never buy Splunk because it was the first thing I ever saw advertised in a Flash ad.) I've since switched to click-to-play plug-ins for that, but I have written a few thoughts on how to make hosts file parsing more efficient than it currently is.

Alex P. Kowalski (APK) has long been an advocate of using hosts files for DNS blacklisting and acceleration, and his tool for Windows aggregates multiple sources over a million lines long. It also looks up the IP addresses for commonly accessed sites and caches them locally. He claims that his tool is more efficient than DNS because the operating system's hosts file parser allegedly runs in kernel space (fewer context switches) and the most commonly accessed sites (good or bad) are at the top of the list.

But lately, Windows Defender has been reverting the hosts file so that malware can't use the hosts file to redirect Facebook and the major webmails and "steal" users' credentials that way. You have to opt out of hosts file protection if you want to continue using APKware.

Re:Windows 8 reverts the hosts file

[Akaihiryuu]

Or better yet...turn off Windows Defender and disable the services it needs to run. Yes, Windows will complain at you. But you can forcibly turn off those warnings as well. And if the warnings do pop up and annoy you, you can disable the service that shows the warnings as well. It's my computer, I will do whatever I want to with it, and the OS will let me, or I will modify it until it does.

Re:Windows 8 reverts the hosts file

[Khyber]

Please read my sig to see why APK's crap is crap.

Then go back to basic website programming school and learn how to do it the right way.

Re:Windows 8 reverts the hosts file

[sexconker]

Are you really starting this up again?
He called you out last time and you were made to look like quite the fool.

Re:Windows 8 reverts the hosts file

[tepples]

On ISPs that apply caps, real estate is not quite as valuable as bandwidth.

Re:Windows 8 reverts the hosts file

[Khyber]

http://en.wikipedia.org/wiki/T...

"Your additions have been removed (twenty times now) because they are not suitable."

"Frequently, bad sites can substitute porn sites for things like Google in your hosts file"

So many ways to exploit custom HOSTS files. Even using LEAST privileges.

Common Sense 2014 - Wetware doing what Notepad documents fail to do.

Question

[Tasha26]

Sometimes when I log into Yahoo mail (https log-in page), the secure icon in Firefox changes from padlock to exclamation mark. Same problem on Twitter, the https turns into an exclamation mark. This is a permanent problem on Google Image search. The worst thing about this problem is in Yahoo. When I press tab and am about to fill in my password, the caret jumps from password field to username field, which means part of my username now has appended to it part of my password. I only notice that after hitting Enter and the screen returns an invalid login error. My suspicion is that my ISP has somehow managed to inject a tiny Java script into my https log-in page. In Facebook, sometimes my first login attempt doesn't even register, so I have to hit Enter again. Is that me being too paranoid?

Re:Question

[Fnord666]

Sometimes when I log into Yahoo mail (https log-in page), the secure icon in Firefox changes from padlock to exclamation mark. Same problem on Twitter, the https turns into an exclamation mark. This is a permanent problem on Google Image search. The worst thing about this problem is in Yahoo. When I press tab and am about to fill in my password, the caret jumps from password field to username field, which means part of my username now has appended to it part of my password. I only notice that after hitting Enter and the screen returns an invalid login error. My suspicion is that my ISP has somehow managed to inject a tiny Java script into my https log-in page. In Facebook, sometimes my first login attempt doesn't even register, so I have to hit Enter again. Is that me being too paranoid?

I suggest that you take a look for yourself.

Malicious

[sunderland56]

Even if Comcast doesn't have any malicious intent

Of course they have malicious intent; they are inserting ads where previously there were none. Isn't that malicious enough for you?

Re:Malicious

This is exactly what it used to happen when i was travelling in China. I saw a lot of strange chinese ads injected on foreigner websites where should be none.

Re:Malicious

I would tend to use words like counterfeit or fraud.

You think you are seeing ads supporting a site but that is not the case at all and there is not clear indication what is going on.

Until today, I didn't see the point...

[kylemonger]

... of using https for everything. I do now.

Re:Until today, I didn't see the point...

Come to soylent news instead.
Not only does https work, they even have a TOR service set up too.

Re:Until today, I didn't see the point...

[singularity]

I am able to load https on Slashdot. You have to be a subscriber, but that is one perk. It costs me about $10 every few years, so I am willing to pay for a secure connection and no ads.

site by site

this could be reversed easily by either the browser or a site could do it themselves.

when the page is loaded, check for the comcast javascript in the dom. If found redirect to https.

Re:site by site

[sexconker]

Or just always use https.
There's no fucking reason not to.

comcast is where googles evil goes

[goombah99]

conservation of evil. It has to go somewhere. Comcast seems to be at the root of every bad deed these days. I think we figured out that google is dumping its evil quota on comcast.

Re:comcast is where googles evil goes

Don't be Comcast. Friends don't let friends Comcast.

Re:comcast is where googles evil goes

[thunderclap]

OMG, so you are saying that all of Google's supposed evil manifesting in Comcast Google isn't evil enough. WTF?! ROTFLOL. This alone deserves five points.

you don't either

https everywhere

Until today, I didn't see the point...

[riceracer]

To bad you can't use https for slashdot. Redirects back to http. (And after all their own coverage of NSA spying?) FAIL.

ISP?

[dutchwhizzman]

Why do you think this would be your ISP and not some malware on your computer or a neighbor phishing you? Have you bothered inspecting the traffic to see what gets sent back and forth?

VPN

[MoZ-RedShirt]

Who uses an unsecured, unencrypted wireless network without tunneling all of the traffic through a VPN anyway?

Re:VPN

99.9% of the population. Next.

Defetism

> it's impossible to use the modern web and HTML5 without JavaScript

If we are that far, it's because of defetists like you.

I truth I have Javascript disabled most of the time. Now if those @#*$&! at Mozilla gave me that convenient checkbox to enable/disable Javascript without having to mess with about:config, I'd have one gripe less. It's as if they wanted to force us to keep that stuff enabled.

One of these days I'll lose all trust in this and do it at the proxy level.

Re:Defetism

[parkinglot777]

Now if those @#*$&! at Mozilla gave me that convenient checkbox to enable/disable Javascript without having to mess with about:config, I'd have one gripe less.

Then you should use the NoScript plug-in which automatically blocks JavaScript from sites you visit (except certain white list sites and you may have to block them yourself). Besides, the plug-in remember what you have set it up (allow/not allow) even after the browser update (thump up for the developers to keep up with the browser). It is a simple workaround.

Good advice. But the subject is abuse by Comcast.

[Futurepower(R)]

Yes, use the NoScript add-on for Firefox.

But the subject is about Comcast abuse. Here is just one example, from Comcast's "Automatic Payment Terms & Conditions", retrieved a few minutes ago:

"6. COMCAST SHALL BEAR NO LIABILITY OR RESPONSIBILITY FOR ANY LOSSES OF ANY KIND THAT YOU MAY INCUR AS A RESULT OF A PAYMENT MADE ON ITEMS INCORRECTLY BILLED..."

Most people don't have time to read legal language. Many would not understand it fully. It is overly broad. And, in my experience, Comcast often tries to over-bill.

My opinion? Chairman and CEO Brian L. Roberts (The page jumps around if you move the mouse over the menu.), and Tom Karinshak, Senior Vice President of Customer Experience at Comcast (See the bottom of the page.), should be removed from office.

Another example: The Login page has a link at the bottom left, Contact Us. As of Tuesday, September 9, 2014, 4:18 am Pacific Time, it is a dead link.

Comcast: Least popular company in the U.S.

[Futurepower(R)]

From the Wikipedia entry for Comcast:

"In April 2014, Comcast was awarded the 2014 "Worst Company in America" award; an annual contest by the consumer affairs blog The Consumerist that runs a series of reader polls to determine the least popular company in America."

More from the same Wikipedia article:

In 2004 and 2007, the American Customer Satisfaction Index (ACSI) survey found that Comcast had the worst customer satisfaction rating of any company or government agency in the country, including the Internal Revenue Service.

Prove me wrong here then, Khyber... apk

Up to 40% of sites = ads: My FREE hosts program adds speed, security, reliability, & more, by doing more, more efficiently vs. addons + fixes DNS' issues:

APK Hosts File Engine 9.0++ 32/64-bit:

http://start64.com/index.php?o...

---

A.) Hosts do more than:

1.) AdBlock ("souled-out" 2 Google/Crippled by default http://techcrunch.com/2013/07/... )
2.) Ghostery (Advertiser owned) - "Fox guards henhouse" http://en.wikipedia.org/wiki/G...
3.) Request Policy -> http://yro.slashdot.org/commen...

B.) Hosts add reliability vs. downed/redirected dns (& overcome site redirects e.g. /. beta).

C.) Hosts secure vs. malicious domains too -> http://tech.slashdot.org/comme... w/ less "moving parts" complexity

D.) Hosts files yield more:

1.) Speed (adblock & hardcodes fav sites - faster than remote dns)
2.) Security (vs. malicious domains serving malcontent + block spam/phish & trackers)
3.) Reliability (vs. downed or Kaminsky redirect vulnerable dns, 99% = unpatched vs. it & worst @ isp level + weak vs DGA, & Fastflux + dynDNS botnets)
4.) Anonymity (vs. dns request logs + dnsbl's).

---

* Hosts do more w/ less (1 file) @ faster levels (ring 0) vs redundant inefficient addons (slowing slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ os, & 1st net resolver queried w\ 45++ yrs.of optimization).

* Addons = more complex + slow browsers in messagepassing (use a few concurrently & see) & are nullified by native browser methods - It's how Clarityray's destroying Adblock.

* Addons slowup slower usermode browsers layering on more - & bloat RAM consumption + excessive cpu use too (4++gb extra in FireFox https://blog.mozilla.org/nneth...)

Instead, work w/ a native kernelmode part - hosts (An integrated part of the ip stack)

APK

P.S.=> "The premise is quite simple: Take something designed by nature & reprogram it to make it work for the body rather than against it..." - Dr. Alice Krippen: "I am legend"

...apk

not just the free hot spots.

there is an xfinity user around here that broadcasts a wifi signal.you get directed to a log on screen if you try to use. i now get weird redirects when using my regular service. it seems my computer hooks itself back up to the xfinity router even though i have edited my network connections. is this the java script doing this?

Ask yourselves these questions... apk

Can adblock do the following things (that custom hosts files can):

1.) Secure you vs. known malicious sites/servers
2.) Secure you vs. downed DNS servers aiding reliability
3.) Secure you vs. DNS redirect poisoned dns servers
4.) Protect you vs. fastflux using botnet attacks and stop their communications back to their C&C servers
5.) Protect you vs. dynamic dns using botnet attacks and stop their communications back to their C&C servers
6.) Protect you vs. domain generation algorithm using botnet attacks and stop their communications back to their C&C servers
7.) Speed you up for websurfing not only by adblocking but also hardcoding favorite sites
8.) Get you past a dnsbl you may not agree with
9.) Keep you off dns request logs
10.) Do all of those things and block ads (better than adblock) more efficiently in cpu cycles and memory usage
11.) Work on ANY webbound application (think stand-alone email programs, for example).
12.) Give you direct, easily notepad/texteditor controlled data for all of the above
13.) Block out trackers
14.) Block spam mails sources
15.) Block phishing mails sources

"?"

* Simple YES or NO answers will do for repliers to this - that's all.

APK

P.S.=> Of course, ANSWER ="NO" to each enumerated item above as far as "Almost ALL Ads Blocked" (crippled by default & 'souled-out' defeating it's very base purpose) is concerned -> http://techcrunch.com/2013/07/...

So, *IF* you feel like doing things LESS efficiently as well -> https://blog.mozilla.org/nneth... ontop of doing less than hosts do (by far) with more complexity + from a slower mode of operations (usermode with more messagepassing overheads vs. hosts in kernelmode, also starting up w/ the IP stack itself, before REDUNDANT inefficient addons even BEGIN to operate, & as the 1st resolver queried by the OS as well)?

That's illogical, but up to you - I can lead a horse to water, but I can't make them drink!

... apk

Re:Ask yourselves these questions... apk

[Khyber]

FACT: APK's Hosts file turns almost any website into a horrible version of Slashdot Beta, with all that white space and broken-up article text.

It's about the ONLY thing the HOSTS file he made is good for.

Common Sense 2014 - far superior to HOSTS in any way, shape, or form. Intelligent, efficient, and much more able to asses a situation to determine if it poses a problem.

Wetware>HOSTS

Re:Ask yourselves these questions... apk

[sexconker]

FACT: APK's Hosts file turns almost any website into a horrible version of Slashdot Beta, with all that white space and broken-up article text.

No it doesn't. Screenshots or STFU.

Re:Ask yourselves these questions... apk

[Khyber]

I'm not stupid enough to utilize APK's nimrod HOSTS file.

Betting you are, though.

Re:Ask yourselves these questions... apk

[sexconker]

I'm not stupid enough to utilize APK's nimrod HOSTS file.

Betting you are, though.

So you don't use it yet you claim it breaks things?
Yeah, keep being a dumbass.

Addendum: True story, AdBlock vs. Hosts

W. Palant wrote me by email 1st saying "hosts are a shitty solution" to which I replied:

"Show us adblock can do more for added speed, security, reliability, & anonymity than hosts can, + that adblock does it more efficiently than hosts"

Which on my latter 'point-in-challenge' on efficiency AdBlock's proven by research to be MASSIVELY inefficient -> https://blog.mozilla.org/nneth... & adblock does FAR less than hosts (especially crippled by default).

I sent Wladimir Palant that challenge in response to his statement from 2 different email addresses I use!

Result = Still no answer from him in regard to my challenge put to him to this very day MONTHS later - that tell you anything? It did me!

He knows his addon is less efficient & features laden by FAR vs. hosts - Wladimir Palant RAN like a scared rabbit!

ClarityRay's also DESTROYING AdBlock - via native browser methods to DUMP what addons you use (it can't DO THAT to hosts files).

I only tell it how it is on hosts' superiority vs. AdBlock - Funny part is, Wladimir Palant running does too!

Especially considering "Almost ALL Ads Blocked" has 'souled-out' -> Google And Others Reportedly Pay Adblock Plus To Show You Ads Anyway: http://news.slashdot.org/comme...

APK

P.S.=> Bottom-Line: Hosts = a superior solution that also fixes DNS redirect security issues (vs. browser addons & their inefficiencies + messagepassing overheads as well as myriad lack of abilities hosts have from 1 file that's part of the IP stack itself - faster, more efficient, & less redundant as well, since TCP/IP has 45++ yrs. of refinement & optimization in it, & runs in a higher CPU serviced ring of privelege & operations in kernelmode vs. slower usermode layering over browsers slowing them more, & hosts = 1st resolver queried by the OS itself also)... apk

Re:Addendum: True story, AdBlock vs. Hosts

[Khyber]

"a superior solution that also fixes DNS redirect security issues"

Guess what's more superior? Having the actual brainpower to remember the addresses by number, not domain name.

Your brain must be pretty weak, considering that crutch you're leaning upon.

Keith_NT4, you'd *love* this then... apk

Uses 12 reputable security sites to populate hosts - My FREE hosts program adds speed, security, reliability, & more, by doing more, more efficiently vs. addons + fixes DNS' issues:

APK Hosts File Engine 9.0++ 32/64-bit:

http://start64.com/index.php?o...

---

A.) Hosts do more than:

1.) AdBlock ("souled-out" 2 Google/Crippled by default http://techcrunch.com/2013/07/... )
2.) Ghostery (Advertiser owned) - "Fox guards henhouse" http://en.wikipedia.org/wiki/G...
3.) Request Policy -> http://yro.slashdot.org/commen...

B.) Hosts add reliability vs. downed/redirected dns (& overcome site redirects e.g. /. beta).

C.) Hosts secure vs. malicious domains too -> http://tech.slashdot.org/comme... w/ less "moving parts" complexity

D.) Hosts files yield more:

1.) Speed (adblock & hardcodes fav sites - faster than remote dns)
2.) Security (vs. malicious domains serving malcontent + block spam/phish & trackers)
3.) Reliability (vs. downed or Kaminsky redirect vulnerable dns, 99% = unpatched vs. it & worst @ isp level + weak vs DGA, & Fastflux + dynDNS botnets)
4.) Anonymity (vs. dns request logs + dnsbl's).

---

* Hosts do more w/ less (1 file) @ faster levels (ring 0) vs redundant inefficient addons (slowing slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ os, & 1st net resolver queried w\ 45++ yrs.of optimization).

* Addons = more complex + slow browsers in messagepassing (use a few concurrently & see) & are nullified by native browser methods - It's how Clarityray's destroying Adblock.

* Addons slowup slower usermode browsers layering on more - & bloat RAM consumption + excessive cpu use too (4++gb extra in FireFox https://blog.mozilla.org/nneth...)

Instead, work w/ a native kernelmode part - hosts (An integrated part of the ip stack)

APK

P.S.=> "The premise is quite simple: Take something designed by nature & reprogram it to make it work for the body rather than against it..." - Dr. Alice Krippen: "I am legend"

...apkb

Ask yourselves these questions... apk

Can adblock do the following things (that custom hosts files can):

1.) Secure you vs. known malicious sites/servers
2.) Secure you vs. downed DNS servers aiding reliability
3.) Secure you vs. DNS redirect poisoned dns servers
4.) Protect you vs. fastflux using botnet attacks and stop their communications back to their C&C servers
5.) Protect you vs. dynamic dns using botnet attacks and stop their communications back to their C&C servers
6.) Protect you vs. domain generation algorithm using botnet attacks and stop their communications back to their C&C servers
7.) Speed you up for websurfing not only by adblocking but also hardcoding favorite sites
8.) Get you past a dnsbl you may not agree with
9.) Keep you off dns request logs
10.) Do all of those things and block ads (better than adblock) more efficiently in cpu cycles and memory usage
11.) Work on ANY webbound application (think stand-alone email programs, for example).
12.) Give you direct, easily notepad/texteditor controlled data for all of the above
13.) Block out trackers
14.) Block spam mails sources
15.) Block phishing mails sources

"?"

* Simple YES or NO answers will do for repliers to this - that's all.

APK

P.S.=> Of course, ANSWER ="NO" to each enumerated item above as far as "Almost ALL Ads Blocked" (crippled by default & 'souled-out' defeating it's very base purpose) is concerned -> http://techcrunch.com/2013/07/...

So, *IF* you feel like doing things LESS efficiently as well -> https://blog.mozilla.org/nneth... ontop of doing less than hosts do (by far) with more complexity + from a slower mode of operations (usermode with more messagepassing overheads vs. hosts in kernelmode, also starting up w/ the IP stack itself, before REDUNDANT inefficient addons even BEGIN to operate, & as the 1st resolver queried by the OS as well)?

That's illogical, but up to you - I can lead a horse to water, but I can't make them drink!

... apk

Addendum: True story, AdBlock vs. Hosts

W. Palant wrote me by email 1st saying "hosts are a shitty solution" to which I replied:

"Show us adblock can do more for added speed, security, reliability, & anonymity than hosts can, + that adblock does it more efficiently than hosts"

Which on my latter 'point-in-challenge' on efficiency AdBlock's proven by research to be MASSIVELY inefficient -> https://blog.mozilla.org/nneth... & adblock does FAR less than hosts (especially crippled by default).

I sent Wladimir Palant that challenge in response to his statement from 2 different email addresses I use!

Result = Still no answer from him in regard to my challenge put to him to this very day MONTHS later - that tell you anything? It did me!

He knows his addon is less efficient & features laden by FAR vs. hosts - Wladimir Palant RAN like a scared rabbit!

ClarityRay's also DESTROYING AdBlock - via native browser methods to DUMP what addons you use (it can't DO THAT to hosts files).

I only tell it how it is on hosts' superiority vs. AdBlock - Funny part is, Wladimir Palant running does too!

Especially considering "Almost ALL Ads Blocked" has 'souled-out' -> Google And Others Reportedly Pay Adblock Plus To Show You Ads Anyway: http://news.slashdot.org/comme...

APK

P.S.=> Bottom-Line: Hosts = a superior solution that also fixes DNS redirect security issues (vs. browser addons & their inefficiencies + messagepassing overheads as well as myriad lack of abilities hosts have from 1 file that's part of the IP stack itself - faster, more efficient, & less redundant as well, since TCP/IP has 45++ yrs. of refinement & optimization in it, & runs in a higher CPU serviced ring of privelege & operations in kernelmode vs. slower usermode layering over browsers slowing them more, & hosts = 1st resolver queried by the OS itself also)... apk

Copyright Violation

This seems to me a clear case of copyright violation. The original webpage author should claim it. The original content was modified and redistributed without his consent and, worse of all, with the intent of profit...

Real life wins

[jbmartin6]

You just can't make this stuff up, Doyle (via Holmes) was right:

"We think it's a courtesy, and it helps address some concerns that people might not be absolutely sure they're on a hotspot from Comcast," Douglas said.

Tepples, 1st of all: Windows 8, blows... apk

See subject: 2ndly - Antivirus = ineffective & SYMANTEC/NORTON *admits* it as only "55% effective" nowadays - > http://beta.slashdot.org/story...

All that "said & aside":

Yes - You can disable Windows Defender & substitute a better antivirus/antispyware that does *NOT* do that to hosts file!

(Plus, my program APK Hosts File Engine 9.0++ 32/64-bit http://start64.com/index.php?o... additionally PROTECTS the hosts file *IF* left running, above + beyond Windows' File Protection too).

* Antivirus programs = Ineffective & "REACTIVE TECHNOLOGY" (poor & the results above prove that much) vs. HOSTS as a "PROACTIVE TECHNOLOGY" by comparison!

(Hosts = proactive, in that they act for stopping threats BEFORE they can get to you by blocking their source online 1st before you can touch it - & what you can't touch, can't hurt you - plus, even *IF* you are infected already? Hosts even STOP communication BACK to malware's C&C Servers, effectively nullifying them - bonus!)

Hosts work, antivirus doesn't - Since threats are WEBBOUND delivered, & what cuts that off? Hosts can... easily (& more efficiently than ANY single slower usermode browser addon by far).

APK

P.S.=> Bottom-Line: Hosts = a superior solution that also fixes DNS redirect security issues (vs. browser addons & their inefficiencies + messagepassing overheads as well as myriad lack of abilities hosts have from 1 file that's part of the IP stack itself - faster, more efficient, & less redundant as well, since TCP/IP has 45++ yrs. of refinement & optimization in it, & runs in a higher CPU serviced ring of privelege & operations in kernelmode vs. slower usermode layering over browsers slowing them more, & hosts = 1st resolver queried by the OS itself also)... apk

Calling Khyber out yet again, sexconker

Khyber'll fail to disprove my points here, yet again, too -> http://mobile.slashdot.org/com...

* :)

(Yes folks - it's *ALWAYS* the same vs. these trolls who shoot their mouths off, & I slam them shut with that challenge in the link I just posted above... every single time!).

APK

P.S.=> Fools like Khyber + their BIG mouths write checks their asses CANNOT ca$h... which, of course, works out just FINE for me - why?

Well, they can NEVER meet that challenge - ever. I love it... & thus, well - you KNOW I've just GOTTA say it (as is per my own "inimitable style"), that THIS?

This was just "too, Too, TOO EASY - just '2ez'" & it ALWAYS IS, per the reasons noted above & trolls doing their usual "Run, Forrest: RUN!!!" vs. my completely FAIR challenge put to them... apk

Re:Calling Khyber out yet again, sexconker

[Khyber]

Yet your HOSTS file still fails to deal with the additional whitespace it creates.

You're still a failure. Your HOSTS solution basically turns any website into fucking Slashdot Beta.

Why settle on 1 hosts source only?

Use 12 reputable from the security community instead - My FREE hosts program adds speed, security, reliability, & more, by doing more, more efficiently vs. addons + fixes DNS' issues:

APK Hosts File Engine 9.0++ 32/64-bit:

http://start64.com/index.php?o...

---

A.) Hosts do more than:

1.) AdBlock ("souled-out" 2 Google/Crippled by default http://techcrunch.com/2013/07/... )
2.) Ghostery (Advertiser owned) - "Fox guards henhouse" http://en.wikipedia.org/wiki/G...
3.) Request Policy -> http://yro.slashdot.org/commen...

B.) Hosts add reliability vs. downed/redirected dns (& overcome site redirects e.g. /. beta).

C.) Hosts secure vs. malicious domains too -> http://tech.slashdot.org/comme... w/ less "moving parts" complexity

D.) Hosts files yield more:

1.) Speed (adblock & hardcodes fav sites - faster than remote dns)
2.) Security (vs. malicious domains serving malcontent + block spam/phish & trackers)
3.) Reliability (vs. downed or Kaminsky redirect vulnerable dns, 99% = unpatched vs. it & worst @ isp level + weak vs DGA, & Fastflux + dynDNS botnets)
4.) Anonymity (vs. dns request logs + dnsbl's).

---

* Hosts do more w/ less (1 file) @ faster levels (ring 0) vs redundant inefficient addons (slowing slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ os, & 1st net resolver queried w\ 45++ yrs.of optimization).

* Addons = more complex + slow browsers in messagepassing (use a few concurrently & see) & are nullified by native browser methods - It's how Clarityray's destroying Adblock.

* Addons slowup slower usermode browsers layering on more - & bloat RAM consumption + excessive cpu use too (4++gb extra in FireFox https://blog.mozilla.org/nneth...)

Instead, work w/ a native kernelmode part - hosts (An integrated part of the ip stack)

APK

P.S.=> "The premise is quite simple: Take something designed by nature & reprogram it to make it work for the body rather than against it..." - Dr. Alice Krippen: "I am legend"

...apk

OK to continue

[Hypotensive]

If browsers treated HTTP GET nowadays like they have treated HTTP POST (i.e. pop up an annoying modal dialog that says "This connection is untrusted. Are you sure you want to continue?"), I daresay this would motivate everyone to move to HTTPS.

The problem is the web of trust and the cost of getting certificates. There needs to be a mechanism for getting a free or trivial cost certificate if you are not a corporation.

QuickJava

[ArhcAngel]

Now if those @#*$&! at Mozilla gave me that convenient checkbox to enable/disable Javascript without having to mess with about:config, I'd have one gripe less.

Consider your request granted. QuickJava puts buttons to enable/disable Flash, JavaScript, Java, Silverlight, etc., etc. on the menu bar.

WTF is 'whitespace' & WRONG again... apk

AC users get "/. classic", *IF* they want it, using hosts thus:

Add these lines to your hosts file 1st (& do NOT take a cookie, & disable javascript too - I don't use them period unless I absolutely HAVE to on most sites, by setting a GLOBAL policy in Opera by default that way, & only creating "exception sites" as needed - very easy to do in Opera 12.17 64-bit, as it's the MOST flexible browser under the sun STILL (db access stuff, see below)).

216.34.181.45 slashdot.org
216.34.181.45 beta.slashdot.org
216.34.181.46 images.slashdot.org
216.34.181.48 it.slashdot.org
216.34.181.48 developers.slashdot.org
216.34.181.48 yro.slashdot.org
216.34.181.48 mobile.slashdot.org
216.34.181.48 news.slashdot.org
216.34.181.48 ask.slashdot.org
216.34.181.48 tech.slashdot.org
216.34.181.48 apple.slashdot.org
216.34.181.48 books.slashdot.org
216.34.181.48 games.slashdot.org
216.34.181.48 hardware.slashdot.org
216.34.181.48 interviews.slashdot.org
216.34.181.48 linux.slashdot.org
216.34.181.48 science.slashdot.org
216.34.181.48 idle.slashdot.org

---

* Note the BOLDED lines above? They're key!

It forces you to go to "classic" /. that way by doing that (see the one above, same IP address), overriding the redirect, easy as apple-pie!

(To quote Tony Stark/Iron Man, regarding his Arc Reactor? "It works"... & "it's as strong as steel & 1/3rd the weight" of other "so-called 'solutions'" that're INEFFICIENT as hell (Howard Stark this time regarding Capt. America's Shield...))

APK

P.S.=> You *may* also wish to force the other "normal/classic" sites that way beneath too, e.g.:

216.34.181.48 it.slashdot.org
216.34.181.48 beta.it.slashdot.org

& ANY others you may frequent - I note I don't have to, & always get "classic" pages: Works for me, should any fellow "AC" user, like myself... apk

WRONG again (my program protects hosts)

""Frequently, bad sites can substitute porn sites for things like Google in your hosts file" - by Khyber (864651) on Tuesday September 09, 2014 @10:25AM (#47861729) Homepage

Using my free hosts program it PROTECTS HOSTS vs. infestation ontop of Windows File Protection doing so as well, fool...

* :)

(How many times must I put you in your place?)

As far as the DUNCE over on wikipedia managing that hosts file page? LMAO - I *truly* & SEVERELY doubt that moron can even *BEGIN* to touch me on knowledge in computing: No questions asked.

(He is, after all, completely FREE to show *any* of us that he's done MORE, BETTER, & EARLIER in computing in this field than I have, including commercially sold code to MY name & credit, that won finalist placement @ MS TechEd 2000-2002, 2 yrs. in a ROW in its hardest category: SQLServer Performance Enhancement).

APK

P.S.=> This "did you in" along with your erroneous b.s as well, ontop of THIS post, here -> http://mobile.slashdot.org/com... regarding YOUR ERRORS on /. beta which hosts gets you BACK "/. classic" *IF* you want it to, easily... apk

Re:WRONG again (my program protects hosts)

[Khyber]

"Using my free hosts program it PROTECTS HOSTS vs. infestation ontop of Windows File Protection doing so as well, fool..."

Uh, you very apparently know nothing about LEAST privileges.

Are you too stupid to see the easy-enough for a five-year-old to beat vulnerability you have? It won't protect against MITM, DPI, or other forms of attack.

One day you might have a site whitelisted, the next day it's taken over and your next visit gets you infected (because you're likely the kind of person that *THINKS* you're safe when in reality you are not.)

Simple logic defeats you any time you open your mouth. This is why you're banned from /., Wikipedia, and other places.

"You're 'all wet'" & WRONG again (lol)

"Eat your words" fool - hosts get ac users back "/. classic", easily -> http://mobile.slashdot.org/com... & that post in that link shows them all how to do so, easily, using hosts.

* Seriously: Is THAT set of lies &/or b.s. "the best you got"?

APK

P.S.=> It ain't much... apk

Your list of NUMEROUS fails so far... apk

"Your brain must be pretty weak" - by Khyber (864651) on Tuesday September 09, 2014 @10:16AM (#47861619) Homepage

Considering you can't disprove my points here -> http://mobile.slashdot.org/com... ?

You're clearly FULL OF IT, lol...

Your other NUMEROUS fails/blunders in this exchange vs. myself were as follows as well:

Hosts work to get ac users /. classic easily: http://mobile.slashdot.org/com...

My program PROTECTS HOSTS vs. alteration by malware easily: http://mobile.slashdot.org/com...

P.S.=>

"Guess what's more superior?" - by Khyber (864651) on Tuesday September 09, 2014 @10:16AM (#47861619) Homepage

Ok: MY brain, & SKILL, for a couple things, in creating the MOST superior solution for added speed, security, reliability & more there is, bar-none, especially vs. usermode layered on messagepassing bound "souled-out" so called 'solutions' (ALMOST all ADS BLOCKED + GHOSTERY) that betrayed their users & defeated their BASE PURPOSE, in browser addons (& hosts even fixes DNS redirect security issues + proofs you vs. downed dns servers too - bonus)... apk

Re:Your list of NUMEROUS fails so far... apk

[Khyber]

Hah.

You know what's more secure than your shit HOSTS file?

Text-only browser.

Probably twenty or so times faster, too.

I don't need to prove anything when Wikipedia outright rejects your inanity.

Re:Your list of NUMEROUS fails so far... apk

An amateur edited site known to be full of inaccuracies is your expert witness? You fail again http://www.bing.com/search?q=w...

Re:Your list of NUMEROUS fails so far... apk

[tepples]

An amateur edited site known to be full of inaccuracies

Ad hominem. Did you try following the chain of sources that Wikipedia cites?

AdBlock = INFERIOR + 'Souled-Out' vs. hosts

My FREE hosts program adds speed, security, reliability, & more, by doing more, more efficiently vs. addons + fixes DNS' issues:

APK Hosts File Engine 9.0++ 32/64-bit:

http://start64.com/index.php?o...

---

A.) Hosts do more than:

1.) AdBlock ("souled-out" 2 Google/Crippled by default http://techcrunch.com/2013/07/... )
2.) Ghostery (Advertiser owned) - "Fox guards henhouse" http://en.wikipedia.org/wiki/G...
3.) Request Policy -> http://yro.slashdot.org/commen...

B.) Hosts add reliability vs. downed/redirected dns (& overcome site redirects e.g. /. beta).

C.) Hosts secure vs. malicious domains too -> http://tech.slashdot.org/comme... w/ less "moving parts" complexity

D.) Hosts files yield more:

1.) Speed (adblock & hardcodes fav sites - faster than remote dns)
2.) Security (vs. malicious domains serving malcontent + block spam/phish & trackers)
3.) Reliability (vs. downed or Kaminsky redirect vulnerable dns, 99% = unpatched vs. it & worst @ isp level + weak vs DGA, & Fastflux + dynDNS botnets)
4.) Anonymity (vs. dns request logs + dnsbl's).

---

* Hosts do more w/ less (1 file) @ faster levels (ring 0) vs redundant inefficient addons (slowing slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ os, & 1st net resolver queried w\ 45++ yrs.of optimization).

* Addons = more complex + slow browsers in messagepassing (use a few concurrently & see) & are nullified by native browser methods - It's how Clarityray's destroying Adblock.

* Addons slowup slower usermode browsers layering on more - & bloat RAM consumption + excessive cpu use too (4++gb extra in FireFox https://blog.mozilla.org/nneth...)

Instead, work w/ a native kernelmode part - hosts (An integrated part of the ip stack)

APK

P.S.=> "The premise is quite simple: Take something designed by nature & reprogram it to make it work for the body rather than against it..." - Dr. Alice Krippen: "I am legend"

...apk

Ask yourself these questions... apk

Can adblock do the following things (that custom hosts files can):

1.) Secure you vs. known malicious sites/servers
2.) Secure you vs. downed DNS servers aiding reliability
3.) Secure you vs. DNS redirect poisoned dns servers
4.) Protect you vs. fastflux using botnet attacks and stop their communications back to their C&C servers
5.) Protect you vs. dynamic dns using botnet attacks and stop their communications back to their C&C servers
6.) Protect you vs. domain generation algorithm using botnet attacks and stop their communications back to their C&C servers
7.) Speed you up for websurfing not only by adblocking but also hardcoding favorite sites
8.) Get you past a dnsbl you may not agree with
9.) Keep you off dns request logs
10.) Do all of those things and block ads (better than adblock) more efficiently in cpu cycles and memory usage
11.) Work on ANY webbound application (think stand-alone email programs, for example).
12.) Give you direct, easily notepad/texteditor controlled data for all of the above
13.) Block out trackers
14.) Block spam mails sources
15.) Block phishing mails sources

"?"

* Simple YES or NO answers will do for repliers to this - that's all.

APK

P.S.=> Of course, ANSWER ="NO" to each enumerated item above as far as "Almost ALL Ads Blocked" (crippled by default & 'souled-out' defeating it's very base purpose) is concerned -> http://techcrunch.com/2013/07/...

So, *IF* you feel like doing things LESS efficiently as well -> https://blog.mozilla.org/nneth... ontop of doing less than hosts do (by far) with more complexity + from a slower mode of operations (usermode with more messagepassing overheads vs. hosts in kernelmode, also starting up w/ the IP stack itself, before REDUNDANT inefficient addons even BEGIN to operate, & as the 1st resolver queried by the OS as well)?

That's illogical, but up to you - I can lead a horse to water, but I can't make them drink!

... apk

Re: Ask yourself these questions... apk

[mcfedr]

I don't disagree that hosts file might not be better, adblock is just a very simple solution, for non Slashdot users, my point is simply that I am not interested in working around the problem, I would be more interested in solving the problem at the source.Clearly ISPs are lacking proper regulation, net neutrality is being allowed to be destroyed, by a lack of response to such things.

True story, AdBlock (loses) vs. Hosts (wins)

W. Palant wrote me by email 1st saying "hosts are a shitty solution" to which I replied:

"Show us adblock can do more for added speed, security, reliability, & anonymity than hosts can, + that adblock does it more efficiently than hosts"

Which on my latter 'point-in-challenge' on efficiency AdBlock's proven by research to be MASSIVELY inefficient -> https://blog.mozilla.org/nneth... & adblock does FAR less than hosts (especially crippled by default).

I sent Wladimir Palant that challenge in response to his statement from 2 different email addresses I use!

Result = Still no answer from him in regard to my challenge put to him to this very day MONTHS later - that tell you anything? It did me!

He knows his addon is less efficient & features laden by FAR vs. hosts - Wladimir Palant RAN like a scared rabbit!

ClarityRay's also DESTROYING AdBlock - via native browser methods to DUMP what addons you use (it can't DO THAT to hosts files).

I only tell it how it is on hosts' superiority vs. AdBlock - Funny part is, Wladimir Palant running does too!

Especially considering "Almost ALL Ads Blocked" has 'souled-out' -> Google And Others Reportedly Pay Adblock Plus To Show You Ads Anyway: http://news.slashdot.org/comme...

APK

P.S.=> Bottom-Line: Hosts = a superior solution that also fixes DNS redirect security issues (vs. browser addons & their inefficiencies + messagepassing overheads as well as myriad lack of abilities hosts have from 1 file that's part of the IP stack itself - faster, more efficient, & less redundant as well, since TCP/IP has 45++ yrs. of refinement & optimization in it, & runs in a higher CPU serviced ring of privelege & operations in kernelmode vs. slower usermode layering over browsers slowing them more, & hosts = 1st resolver queried by the OS itself also)... apk

Upgrade your browser

"Whitespace saves bandwidth ads steal + protects vs. ads infecting users via malicious code in them!

I have dozens of evidences of malicious code in ads over the last decade also - *IF* you want proof? Ask & "ye shall receive"!

I also see no ad placeholders in IE11, Opera 12, FireFox, or Chrome.

This is what I am assuming you mean in your terming it "whitespace" - see subject-line then & upgrade to a modern browser is my suggestion to you before you risk infestation due to old software vulnerabilities and to get a normal view of a webpage if you're having problems.

APK

P.S.=> I use hosts, as do 100's here on /. too mind you, & I see NONE of what you complain of, whatsoever - & hosts give me more speed (for MY money paid out monthly to be online & bandwidth ads rob users of + infesting us with malicious scripts code), security (vs. said javascript fails I just noted, AND known bad sites-servers that serve up malicious content), reliability (vs. downed OR dns poisoned redirected sites), & even more anonymity (vs. dns request logs)!

So - "Beat THAT with a stick" (oh, that's right - you haven't so far, & evaded that challenge to you, here -> http://mobile.slashdot.org/com... where YOU ARE UNABLE TO PROVE MY POINTS incorrect, validly & technically - YOU? Fail, lol)... apk

Re:Upgrade your browser

[Khyber]

"see subject-line then & upgrade to a modern browser is my suggestion "

Uh, yea, about that, using the latest version of Firefox.

See, you're so stupid you have to assume I'm running outdated software.

Also, your HOSTS file does nothing if the ads are served from the root of the domain. What're you going to do, block the entirety of the site? Good luck reading it!

Common Sense 2014 - still 300x superior to any HOSTS file.

There's NO "might be better" about hosts

"I don't disagree that hosts file might not be better" - by mcfedr (1081629) on Tuesday September 09, 2014 @11:45AM (#47862521)

See subject-line above 1st: Hosts are way better & do more with less (especially vs. Almost All Ads Blocked which is INEFFICIENT AS HELL -> https://blog.mozilla.org/nneth... AND which 'souled-out' to advertisers & crippled it by default, defeating its VERY base purpose no less -> http://mobile.slashdot.org/com...

---

"adblock is just a very simple solution, for non Slashdot users" - by mcfedr (1081629) on Tuesday September 09, 2014 @11:45AM (#47862521)

That doesn't DO ITS JOB/WORK RIGHT anymore, by default & is 'souled-out' to advertisers (just like Ghostery is) -> http://techcrunch.com/2013/07/...

APK

P.S.=> I can lead a horse to water, however, I can't make him drink - I only tell it how it REALLY is, & that reality is that hosts files (especially via my free program to automate their efficient population + creation -> APK Hosts File Engine 9.0++ 32/64-bit http://start64.com/index.php?o... ) are the "SUPERIOR WARRIOR" for giving users more speed (via adblocking + hardcoding favorite websites into hosts = faster than remote DNS lookups), security (vs. known bad sites/servers that serve up malicious code, + vs. malcode in adbanners too), reliability (vs. downed/crashed OR dns poisoning redirected dns servers), & even anonymity (vs. dns request logs)...

... apk

Re:There's NO "might be better" about hosts

[Cederic]

After a few pages of spam from you I just have one question:

Does your host file based solution block your fucking annoying Slashdot comments?

Re:There's NO "might be better" about hosts

Others brought up hosts, not apk. He just thrashed every one of you with facts you can't prove wrong is all.

Re: There's NO "might be better" about hosts

hahaha +1. APK is a fucking scumbag trying to peddle his software using spam and attacking people. slashdot has many programmers who responsibly share their code and programs without spamming it out. if APK and his host file program were so good he wouldn't need to peddle it in slashdot using spam techniques. it's just further proof that nobody wants to use his shitty program.

Re: There's NO "might be better" about hosts

You're attacking him and losing when you call him names. Prove him wrong instead. Seems you can't.

Re: There's NO "might be better" about hosts

Sounds like you fear apk and his program. Are you a botnet herder, advertiser, inferior competitor? Must be.

public hotspots?

You mean the Cable WIFI and Xfinity? I thought only customers of Cox and Comcast (forgot the other companies) could use these cable WIFI hotspots with a proper username and password. Never knew the hotspots are public.

Hosts get you back BOTH... apk

Courtesy of "yours truly", gratis, & this APK Hosts File Engine 9.0++ 32/64-bit http://start64.com/index.php?o...

* :)

(Hosts get you back BOTH screen realestate AND bandwidth for the monies YOU paid out to be online monthly via the easiest to manage with less moving parts complexity + the MOST efficient way BY FAR (especially vs. clearly INFERIOR slower usermode messagepassing overheads laden browser addons like AdBlock &/or Ghostery - BOTH of which "souled-out" to advertisers no less, defeating their VERY BASE PURPOSE)).

APK

P.S.=> Some "backing evidences" to my statements on AdBlock selling out to admen -> http://techcrunch.com/2013/07/...

AND

AdBlock GROSS INEFFICIENCIES in RAM + CPU overuse -> https://blog.mozilla.org/nneth...

... apk

So?

All ISPs can do that. Why focus on public wifi? I don't mind ads(I'll find a way to disable them) for free internet access. I sell my soul.

Commercial WiFi Hot Spots

* the article fucked up, and really meant was Commercial WiFi Hot Spots, not Public WiFi -- the public is only a "user" on said network
* rest of this tripe is irrelevant because of this
* YOU ARE THE PRODUCT

It's annoying to you Mr. advertiser

Or Mr. BotnetHerder OR inferior competitor sockpuppet but us using hosts, getting more speed, security, reliability and anonymity too love it and You can't prove apk's points on hosts regarding those things wrong here either http://mobile.slashdot.org/com... so you FAIL as always vs. apk.

Shameful Advertising Business Models

We are to blame for these advertising practices where there is no shame. These corporations should be made to pay us for their advertising in our face. We all just keep on letting push their crap into our lives. Its a form of mind pollution. AND, its unwanted.

I use NoScript; I also have a weak connection

[Josh-Levin]

I use NoScript, and only allow Javascripts that I trust.
I am also a Comcast customer. The cable connection is through an old, weak cable that goes through the apartment downstairs, and it slows down my connection a bit, but that is tolerable. To fix it, they would have to rip apart the walls in a bedroom occupied by an eight-year-old girl, and I don't want to put any child through that trauma. If I allow Comcast to share my cable connection, then I might be slowed down to an unacceptable level.
Also, their new cable modems DO NOT come with a battery backup -- they make you buy the battery from them.
They say that nobody can take advantage of you without your permission. Well, I'm paying enough in cable bills, and I'm not going to let them. Unfortunately, FiOS is not available in my apartment complex, so Comcast has a monopoly.

What government will do?

[sentiblue]

I'm pretty clue-less in this so I'll just ask straight up...

Is it not against the laws in some ways that Comcast does this? What is the Justice Department and the rest of government authorities going to do about it?

Just leave the site and not come back

[tepples]

Also, your HOSTS file does nothing if the ads are served from the root of the domain. What're you going to do, block the entirety of the site? Good luck reading it!

A lot of Slashdot users have told me that if a site has objectionable ads that slip past the ad blocker, they will in fact just leave the site and not come back. I've done that, for example, to www.facebook.com in my laptop's hosts file.

Whitespace defined

[tepples]

In the context of ad blocking, "whitespace" appears to refer to the fact that even if the computer's DNS resolver has blocked a GIF, SWF, or iframe from loading, the pixels that the blocked object occupies remain allocated to it. This leaves an ugly blank box behind where the ad used to be. I'm guessing that Khyber prefers ad blockers that rewrite the HTML DOM to remove the box entirely.

Which MITM?

[tepples]

[Client-side DNS blacklisting] won't protect against MITM, DPI, or other forms of attack.

What sort of man-in-the-middle attack are you referring to? Hosts protects against DNS MITM (admittedly by being one). HTTPS protects against HTTP MITM on sites that support it (such as Reddit). And Perspectives protects against HTTPS MITM.

Re:Which MITM?

[Khyber]

The kind of man in the middle attack where someone's already physically present in the middle of your the network you're choosing to utilize.

HOSTS files, defeated by social engineering and the weakest link - users.

Interesting you mention Nimrod

[tepples]

Just as Nimrod was "a mighty one in the earth [and] a mighty hunter before Jehovah" (Genesis 10:8-9) who helped Asshur build Assyria, APK Hosts File Engine is a mighty hunter of bad hosts that helps build a wall against malware.

Re:Interesting you mention Nimrod

[Khyber]

Helps and fails miserably against anyone with half a clue regarding web development. I know of several ways to make that HOSTS file useless. Packet Injection, MITM attacks, serve from the root of the domain instead of a blocked CDN, etc. Please. A HOSTS file is a bandaid over a gaping axe wound.

Re:Interesting you mention Nimrod

You don't have a clue how to disprove apk's point here, do you? Nope http://mobile.slashdot.org/com...

Putting words in my mouth I never said?

Did I say hosts protect against MITM? No. Did I say hosts protect vs. BGP even?? No. In fact, on the latter, I've admitted hosts can't protect you there before. See subject-line.

As far as being "banned" HERE or on wikipedia? I'm posting here aren't I? I can on wikipedia all I wish as well. Nothing's stopping me. So much for that line of b.s. from you now too.

APK

P.S.=> You're pitiful - and you fail, again - especially since you're unable to prove my points wrong... apk

You haven't proven what apk wrote's wrong

Screenshots? I can say something's wrong (even when it's not) too. I use hosts, no problems in FF.

I get no such "box" in Opera 12, IE 11, etc.

See subject-line: ONLY time I've ever seen that was in old IE (sub 9 iirc) versions - not anymore w/ new browsers like the ones I mentioned in my subject-line OR even latest FireFox or Chrome.

APK

P.S.=> He's FULL of it & can't manage to prove my points here wrong, incorrect, or inaccurate -> http://mobile.slashdot.org/com...

... apk

Khyber defeated by apk is more like it

Show me where I said hosts protect vs. MITM? I never did. Putting words in my mouth I never said now?? Please... lol!

See subject-line above, & you're defeated by myself here http://mobile.slashdot.org/com... since you can't technically validly prove my points there wrong on how hosts give users more speed, security, reliability, & anonymity even.

APK

P.S.=> Big talk from a "ne'er-do-well" like you is 1 thing (considering you can't show us anything you've created that does a better job than my hosts file program for 1 thing), but *trying* to put words in my mouth I never stated now too? Give us a break - you fail (& you know it)... apk

Re:Khyber defeated by apk is more like it

[Khyber]

HOSTS *IS* A MITM, you fucking idiot. Can't protect against MITM when you're utilizing one in the first place. You're exploitable.

I'm not the only one telling you this

Sexconker did also http://mobile.slashdot.org/com... & that's pretty much what I'd have said to you also.

By the way: I haven't SEEN 'whitespace boxes' using hosts since, oh... Internet Explorer 7 iirc - hence my suggestion to you of "upgrade your browser"!

(It's that, or use a better one that doesn't do that. I use Opera 12 (best one, not "Chopera"), latest Chrome, latest FireFox, and IE 11 (latest) - no whitespace boxes using hosts).

APK

P.S.=> Funniest part of all is this: You *claim* hosts cause that for you, YET YOU DON'T USE HOSTS FILES MY PROGRAM GENERATES? Then, how can you *make* such claims as hosts causes these alleged 'whitespaces' you bitch about AND blame hosts for it?? Give us a break - you fail, & you can't prove my points on hosts wrong here http://mobile.slashdot.org/com... and you know it (anyone reading with 1/2 a brain knows it)... apk

Where'd I state hosts protect vs. all threats

Fact - you can't show that anymore than you can disprove what I DID ACTUALLY STATE hosts works against, here http://mobile.slashdot.org/com... and for what hosts DO GIVE YOU, in more speed, security, reliability, & anonymity.

In fact, You're making the SAME STUPID MISTAKE BarbaraHudson = TomHudson = Barbara, not Barbie (the known multiple registered account sockpuppeteer) did -> http://slashdot.org/comments.p...

I.E.-> He/She failed on making the claim I said "hosts protect vs. all threats" & when I confronted him/her on it, he/she ran & LIKE YOU, SHE/HE COULD NOT BACKUP THAT FALSE ACCUSATION + attempting to put words in my mouth I never once stated...

Clue: I never ONCE have said hosts protect vs. every possible threat (even with ME admitting they fail vs. say, BGP attacks -> http://tech.slashdot.org/comme... ), & with GOOD REASON - I wrote the very 1st guides for securing Windows vs. threats online:

https://www.google.com/search?...

(Starting in 1997 over @ NTCompatible.com (speed & security guides), & later in that bunch above, I even got paid @ one spot for it - bonus ("The Lord works in mysterious ways" - for me, "The LORD OF HOSTS" (just kidding on that latter part)).

* I favor "layered-security"/"defense-in-depth" since there IS NO SINGLE PERFECT DEFENSE OUT THERE, period - & it's the best thing we have going currently vs. threats online.

APK

P.S.=> You're a fool, & YOU ARE certainly one that cannot prove my points here technically inaccurate OR wrong either (on what I actually *did* say hosts can do for users adding more speed, security, reliability, + more) -> http://mobile.slashdot.org/com...

Re:Where'd I state hosts protect vs. all threats

[Khyber]

Yea, meanwhile, Comcast's Xfinity injection attack TOTALLY bypasses your HOSTS file. How're you going to stop that, dumbass?

Here's what your HOSTS file does to websites: http://i.imgur.com/BMR5Qnc.png

Again, my point is 100% proven. You are 100% full of shit.

I run and design websites for a job. Guess what? Your HOSTS file idea, long before you started spouting it, was one of the first things for me to bypass, by request of my employer.

And the fun part is, I can keep ads from showing to you long enough for you to whitelist the site, and then slam your ass with ads anyways. See a new IP address? No ads displays for several visits, then BAM show ads on your 5th visit from that IP.

Absolutely trivial to implement in PHP and AJAX. Takes eight lines of code. I could probably do it in two if the web supported brainfuck.

Ads that pay aren't served from same site

Admen don't trust webmasters' hit counts = why my subject's true above. Go back to fantasy land Khyber.

I see no problems there in that pic

Just ads not showing the very point of hosts saving bandwidth ads hog & infecting users with malicious script too (I've got DOZENS of evidences of those, want 'em? Just ask).

* Bottom-Line: YOU are FULL OF SHIT!

I.E. - there is NOTHING WRONG with that webpage (it's even BETTER & FASTER minus ads, if not safer as well).

APK

P.S.=> You're avoiding my question to you: Can you show us WHERE I said hosts are "the perfect defense online & you need NOTHING else besides hosts" - ?

No, you can't, since I never *once* have said that - however, YOU are *trying* vainly to said I said so from what you're inferring... & by the way, since you're so full of "big talk" - implement a MITM on me right now... go for it (you can't), and implement a BGP attack me on, RIGHT NOW (you can't manage THAT either, now can you?)...

Point-Blank: You're an effete BLOWHARD, nothing more (lots of talk, no action).

You're also a "webchump" that *thinks* he can "program" (lol, it's the province of FAILED coders) too!

Lastly: It's funny you can't create a BETTER defense program that adds not only SECURITY, but also SPEED, & yes, RELIABILITY (+ even anonymity to an extent too) than I have either... apk

WTF? No hosts aren't a "MITM" fool... apk

What gives you THAT rather STUPID idea, you lame little wannabe coder (webchump, lol)?

APK

P.S.=> My hosts file's also protected vs. exploit/alteration by BOTH Windows File Protection AND my APK Hosts File Engine 9.0++ 32/64-bit, concurrently (especially *if/when* left resident & running, but also even when it's not)... apk

Re:WTF? No hosts aren't a "MITM" fool... apk

[tepples]

Normally DNS requests are sent from the browser to the operating system's DNS resolver to the public DNS servers. Hosts has the same effect as a man in the middle at the level of the operating system's DNS resolver.

Re:WTF? No hosts aren't a "MITM" fool... apk

[Khyber]

Hah. You think you're secure.

SFP/SFC bypass. How the fuck do you think Blaster worked on XP?

It is also possible to differentiate HOSTS file resolution vs DNS resolution, and bypass by forcing you through a proxy. Your HOSTS will not bypass this.

On "rotating ads" like ClarityRay does?

You're copping ideas from ClarityRay thief, & hosts stop that (unlike adblock): Just add the new domains into hosts & boom - no more ads, simple.

Whitelisting idiot? I don't *DO* that in hosts!

What I *DO* do, is add favorite sites @ the TOP of my hosts file only!

(Which resolves FASTER than remote OR local DNS lookups even - hosts are the 1st resolver queried by the IP stack & mine's cached into RAM by the kernelmode diskcaching subsystem (not the slower broken with larger hosts files usermode dnscache service)).

APK

P.S.=> Any NEW ads put in are easy to stop that way, & 12 reputable sources in the security community spot them + add them, then my hosts program "automagically" adds them to a hosts file you use & boom - no problem, vs. even ClarityRay techniques (which you're only STEALING now, claiming them "as your own" when they clearly, aren't)... apk

Re:On "rotating ads" like ClarityRay does?

[Khyber]

"Just add the new domains into hosts & boom - no more ads, simple."

That doesn't stop HOSTS when the ads are being served from the root of a domain. You do know what the root of a domain is, yes?

No wonder your shit got canned from Wikipedia. You don't even know web basics.

Again: Where'd I state hosts = all you need

(see subject above) protect vs. ALL possible threats online?

* Show us that...

(NOTHING DOES - however, you also CONVENIENTLY omit the fact I favor "layered-security"/"defense-in-depth" per the 1st security guides for windows https://www.google.com/search?... , that I WROTE MIND YOU, that prove that much & yes - in their contents, I list hosts as a valuable measure for security - which even got me PAID (more than you can say on the note of security I am sure) & "The Lord works in mysterious ways" for me: THE LORD OF HOSTS (not really, but it fits here)).

In fact, even Aryeh Goretsky of NOD32 feels hosts are a valuable layer of defense - per an email he sent me this a.m. - would you LIKE to see it's content? Ask.

APK

P.S.=> I merely state hosts protect vs. *MOST* forms of exploit, AND add speed, reliability, & even anonymity (and you CAN'T manage to disprove that, now can you -> http://mobile.slashdot.org/com... ? Nope... NO MORE THAN YOU CAN CREATE & MOUNT A TRUE "MITM" ON ME, or a BGP attack - you're a LOT OF TALK, no action, & that's additionally proven by you being unable to not only disprove my points validly, but you not being able to create a program like mine that adds security, speed, reliability, & anonymity)...apkAryeh Goretsky of NOD32 feels hosts are a valuable layer of defense

Hosts + HTTPS + Flashblock

[tepples]

Comcast's Xfinity injection attack TOTALLY bypasses your HOSTS file.

How is Comcast going to inject into an HTTPS session without my browser's certificate verifier smelling a rat?

And the fun part is, I can keep ads from showing to you long enough for you to whitelist the site, and then slam your ass with ads anyways.

At this point I'm ready to split the difference. I agree with APK that hosts is a useful first line of defense, but I agree with you that it doesn't do everything. HTTPS and Flashblock are the next lines.

Re:Hosts + HTTPS + Flashblock

[Khyber]

How is Comcast going to inject into an HTTPS session without my browser's certificate verifier smelling a rat?

Easy. Hide it as a check point object, which can bypass HTTPS inspection.

Where did I even ONCE say hosts

"secure you vs. every threat online"? That's all I've asked that idiot Khyber to show us.

* That little LOSER's vainly *trying* to put words in my mouth I NEVER ONCE STATED... he's a douchebag for that, no questions asked!

APK

P.S.=> Tepples, also & in case you don't *KNOW* this?

I favor "layered-security"/"defense-in-depth", proven by the VERY FIRST SECURITY GUIDES EVER WRITTEN FOR WINDOWS ONLINE (originated in 1997 @ NTCompatible.com as "APK Speedup & Security") -> https://www.google.com/search?... authored by 'yours truly'

( & yes, hosts are NOTED THERE as a valuable line of defense (heck - even Aryeh Goretsky of NOD32/ESET feels that way & wrote me so this a.m. by email - would you like to see that too?))

... apk

Re:Where did I even ONCE say hosts

[Khyber]

You don't have to explicitly state it to imply it, moron. This is why you're banned from /. and Wikipedia, you're too stupid to understand. Take your autism and go elsewhere.

Hosts = a resolver queried BEFORE dns

Tepples see subject-line above: Hosts != a "MITM" by any means, proof here -> http://www.speedguide.net/arti...

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\ServiceProvider]
"Class"=dword:00000008
"DnsPriority"=dword:00000006
"HostsPriority"=dword:00000005
"LocalPriority"=dword:00000007
"NetbtPriority"=dword:00000008
"Name"="TCP/IP"

( LOWER NUMBER = HIGHER PRIORITY )

HECK - they're even using MY NUMBERS, not the default 500/600/700 etc. MS gives you over @ speedguide.net, except I change mine SLIGHTLY favoring hosts cached into RAM vs. using the slower usermode dnscache service (which is FAULTY with large hosts due to POOR DESIGN by MS, & I've pointed it out to them, with other flaws regarding hosts (0 allowed in Win2k/XP/Server2003 but not in VISTA onwards after MS Patch Tuesday 12/09/2009))!

APK

P.S.=> Hope you learned something from that - it's only truth! apk

Re:Hosts = a resolver queried BEFORE dns

[tepples]

It's in the middle because it's checked before DNS. It's not MITM in the strict sense, but it has the same effect.

You just *ADMITTED* it's no "MITM"!

Hosts = a native part of the IP stack & ARE queried BEFORE DNS - or was proof from a reputable source NOT enough?

APK

P.S.=> See subject-line above all else... apk

Hosts = queried before remote DNS (fact)

I proved that to tepples already, & yes - I am secured by layered security/defense in depth - best thing we have going!

(& I practically "wrote the book" on it online, in the FIRST SECURITY GUIDES FOR WINDOWS NT BASED OPERATING SYSTEMS authored by "yours truly", unlike YOU, + I proved that here earlier, unlike you)

I wager I even did so, STRONGLY, before the "ne'er-do-well" likes of YOU got out of diapers, you webchump (unless that was pre-1997), & you're a fool that can't prove my points on hosts wrong validly technically above all else here!

You're merely a "webchump" (province of failed coders), that can't write a BETTER SECURITY, SPEED, RELIABILITY & ANONYMITY solution than I have - show us YOU have, ok? You can't - period.

On System File Protection/Windows File Protection + my program protecting hosts?

Ok - let's SEE a malware/virus blow past BOTH (not possible *IF* my app's resident - it locks hosts vs. alteration).

APK

P.S.=> See subject-line fool - you can *try* all the b.s. you want, but this exchange is FULL of your FAILS vs. myself... shall I list them ALL again for you? LMAO... apk

For a guy that's "banned" here

How come I can post here then? You're reduced to illogical ad hominem attacks after all your crap was disproven by myself thru this exchange!

(With NUMEROUS technical blunders on your end webchump, some of which I consolidated & listed already here http://mobile.slashdot.org/com... SO - shall I do a FINAL consolidated list of them? They've grown since then... just ask!)

Yet you can't disprove MY points on hosts adding speed, security, reliability, & even anonymity validly -> http://mobile.slashdot.org/com...

APK

P.S.=> Go figure, lol - another "webchump" wannabe programmer *trying* me & FAILING hugely... that's Khyber, to a tee, lmao... apk

They ARE known to be inaccurate

Or was the proof I put up from search engines not sufficient proof of that?

APK

P.S.=> Tepples, listen: I would go up against ANYBODY on the subject of hosts files, & win...

Heck, I'll give you an EXAMPLE you can VERIFY AS FACT RIGHT NOW:

I have vs. MS themselves & proven myself right!

(on 0 being more efficient than 0.0.0.0 or 127.0.0.1 which is ALL YOU CAN USE NOW post 12/09/2009 MS Patch Tuesday on VISTA onwards, yet you can use 0 in Win2k post SP#2 onwards so someone saw the value in 0 too, XP, Server 2003 still...)

What happened?

Their own staff, a CS degreed one no less, even ADMITTED 0 is faster & better in fact, a VP there right here quoted verbatim on it -> http://slashdot.org/comments.p...

(vs. myself WHICH WAS MY POINT there, + here to you now - I will go against ANY "wannabe expert" on this & come out on top - I have YET to not do so, since I merely use fact & tech information to do so, validly)... apk

Khyber doesn't know web basics

Ads that pay aren't served from the same domain as content: Admen don't trust websites on clickcounts is why.

See subject-line: GO BACK TO "FANTASY LAND" you utter fool... lol - what a fool you are, trying *THAT* utter b.s. after the FACT I just put out that webmasters are NOT trusted by advertisers on clickcounts on ads, hence WHY ads that actually PAY aren't served from the same website as content is, 99/100 times.

Yet you *claimed* to be some "expert" on chumpy web page creation? LMAO... you can't even get THAT right!

APK

P.S.=> Learn to read - TRUTH & FACT vs. your b.s. now was said to you already long ago in this exchange ON THIS VERY NOTE I've SHOT YOU DOWN ON, here http://mobile.slashdot.org/com...

... apk

The "LORD OF HOSTS" = better tepples... apk

Screw Nimrod, see subject-line above, & this quote from https://answers.yahoo.com/ques...

"The image this title brings to mind is of a mighty military commander, one who can at a mere word summon rank upon rank of protective power."

So, what's the "MAGIC WORD" I use?

Hosts!

APK

P.S.=> I do those better than ANYONE ALIVE currently, with a LOT of excellent help from folks in the security community (gotta give credit where it's due, 12 such sites with custom hosts file data that give users of hosts more speed, security, reliability & even anonymity) via APK Hosts File Engine 9.0++ 32/64-bit http://start64.com/index.php?o...

So... how can I make that BOLD statement? Easily:

The BEST IN THE BUSINESS for antivirus/antispyware per this VERY CURRENT TEST from a reputable source here http://www.av-test.org/en/news... proves they're the best with valid tests first of all!

Secondly:

MalwareBytes feature my program & recommend it as "best of breed" on one of their sites (hpHosts - they recommend me as best @ the top center of the page & MalwareBytes "powers" them, see right-hand side top of page) http://hosts-file.net/?s=Downl...

Let's see Khyber achieve the same (never WILL happen - he's a webchump "wannabe coder", nothing more, who talks a BIG GAME, but can't manage to perform the attacks he notes on ME, in MITM (or BGP I noted) - both of which I admitted hosts don't work on (neither do firewalls or antivirus/antispyware though)).

Cripes - I was achieving great things BEFORE that fool Khyber even got outta diapers I'd wager (since 1996 in publications like Windows IT Pro, then Windows NT Magazine, & many others as well as winning finalist placement 2000-2002 @ MS TechEd in its hardest category: SQLServer performance enhancement) !

That little "webchump wannabe programmer" Khyber actually *thinks* he can get the BETTER of me? Guess again!

FACT - I've got a list of 7 things he's already screwed up on vs. myself in this exchange already, lol... apk

Good luck with that certificate

[tepples]

CheckPoint HTTPS description states that the proxy "Creates a new SSL certificate for the communication between the Security Gateway and the client, sends the client the new certificate and continues the SSL negotiation with it [...] you must deploy [your Security Management Server's root certificate] in the Trusted Root Certification Authorities Certificate Store on the client computers." This is MITM, and Comcast is going to have a hard time getting the required root certificate installed on everyone's browser.

I admit that language is approximate

[tepples]

I think you need to learn the the value of being approximate with language for the purpose of illustrating a point. Though hosts is part of the IP stack on many platforms, it's like a DNS MITM in that it returns a response before the configured DNS server has a chance to see the request. It has the same net effect as a DNS MITM that a machine's administrator controls.

Tepples, a question (yes or no answer only)

Is hosts a MITM?

APK

P.S.=> Answer = No, & it's a native part of the IP stack - heck: If you say "yes", then you're also calling firewalls a "MITM" too!

After all - FIrewalls do essentially the same as hosts (albeit by application OR by IP address typically vs. host-domain names though)... apk

Tepples don't waste your time on Khyber

Khyber's list of horrendous technical blunders vs. myself:

1.) He can't disprove a SINGLE point of mine when challenged to do so http://mobile.slashdot.org/com...

2.) He *tried* to put words in my mouth I NEVER ONCE STATED (hosts protecting you vs. everything - nothing does) on MITM http://mobile.slashdot.org/com... - he certainly isn't able to mount either BGP or MITM attack on me either. SAME mistake known sockpuppeteering troll tomhudson = BarbaraHudson = Barbara, not Barbie made too.

3.) He OVERLOOKED I wrote the 1st security guides online for Windows NT-based OS from as far back as 1997 which espouse hosts usage for security (even Aryeh Goretsky of NOD32/ESET agreed with me on that this VERY a.m. by email no less) https://www.google.com/search?... & they're about MORE than hosts: They're about "layered-security"/"defense-in-depth".

5.) Khyber's WRONG on hosts making /. look like "beta" - hosts get AC users like ME an safer, FASTER way of seeing /. "classic" -> http://mobile.slashdot.org/com...

6.) He can't show a way for malware to hijack hosts between APK Hosts File Engine protecting hosts combined with WFP/SFP http://mobile.slashdot.org/com...

7.) He *tried* to use b.s. NOBODY DOES (ads served on same domain) - advertisers don't TRUST webmasters on clickcounts http://mobile.slashdot.org/com...

8.) Sexconker verified the SAME THING I told him (& Khyber's 'whitespace' b.s. isn't boxes like YOU THOUGHT TOO, which old IE showed circa sub IE8 iirc only): Hosts made pages faster & safer minus ads http://mobile.slashdot.org/com... & Khyber's own screenshot showed that much (no box placeholders).

FUNNIEST PART there is Khyber doesn't use hosts yet he made that ERRONEOUS statement: Talking out his ass.

APK

P.S.=> Don't waste time on Khyber the webchump wannabe programmer - he's a blunderer (see above) pissed @ hosts since they can't be bought out, crippled by default & controlled (AdBlock + Ghostery are) & he's losing money... apk

What does this mean?

So what does " Comcast uses JavaScript to inject self-promotional ads into the pages served to users. " really mean.

At first look this is copyright violation or steps on the Creative Commons Attribution-ShareAlike License a little or a lot.

Copyright law is sufficient to tell them to stop all such activity and make payments to all they abuse.

There was a big expensive stink where copyright owners objected to their material (movies) being edited
for content, to fit the screen and to fit the allocated time. An artifact of this is a banner that they do
this to material they do not own. There was another big stink where top ten radio modified the playback rate
a little bit to make their 440-A a slightly brighter 442-A and all the other notes too.

Conservative or not injecting your content on top of some site's content selling product A finds that vendor B content for a competing product is inserted
in the content they author and pay to display... The legal folk will get rich...

What if Amazon printed little Gamazon stickers and inserted them at random on the pages of books they sell.
Perhaps only on the margin but clearly defacing the books layout and artistic value. (Gamazon==GreedyAmazonThing).
What is preventing them from inserting evil world domination stenography dots in the book or web page.

Sensu stricto, no.

[tepples]

In the strict sense, hosts is not the same thing as a transparent proxy, which is what MITM originally meant. But hosts, software firewalls, dedicated firewalls, and transparent proxies have similar effects on an Internet connection. It appears we're missing a good name for the larger category.

Re:Sensu stricto, no: Good... apk

See subject & your answer: There's NO way to call my ware a MITM or malware then on that basis!

* That's like saying tanks are weapons of war (they kill people) & they have tracks/treads - therefore, bulldozers are weapons of war and kill people too: They also have treads/tracks!

(Thanks for your reply)

APK

P.S.=> Which IS what Khyber tried to do here, scumbag that he is, trying to equate hosts with MITM attacks (might as well have put firewalls in there too then - they block too, albeit on programs running OR IP addresses)... apk