Advertising Tool PrivDog Compromises HTTPS Security

security by Anonymous Coward · 2015-02-23 15:03 · Score: 0

it's a joke /discussion

Re:security by Anonymous Coward · 2015-02-24 03:38 · Score: 0

No problem as long as it's at least seven words away from the word guy.

No no! by Sir_Substance · 2015-02-23 15:03 · Score: 1, Insightful

Don't block advertising, they deserve to earn money from their work!

Yeah, right...

Re:No no! by Anonymous Coward · 2015-02-23 15:37 · Score: 3, Funny

Excuse me, but I am a (web) developer! I have a right to run whatever code I want on your computer if you visit my site. You don't have the right to edit my code!
Re:No no! by Anonymous Coward · 2015-02-23 18:16 · Score: 0

Negative. I choose what runs on my computer. no-script and request-policy thank you very much.
idiot web devs ..
Re:No no! by Anonymous Coward · 2015-02-23 18:26 · Score: 0

I have a right to run whatever code I want on your computer if you visit my site.
Start distributing drive-by downloadable malware through your site and see how far that gets you.
Re:No no! by garyisabusyguy · 2015-02-23 19:21 · Score: 3, Insightful

No, no, NO!
If the NSA does it, it is pure fucking evil
If a company does it, then it is the free market and you better suck it up

--
Wherever You Go, There You Are
Re:No no! by fuzzyfuzzyfungus · 2015-02-23 20:38 · Score: 1

Excuse me, but I am a (web) developer! I have a right to run whatever code I want on your computer if you visit my site. You don't have the right to edit my code!
Pernicious nonsense. If you elect to put some mixture of code, markup, and art assets on a public webserver my user agent will handle the results as much in accordance with my desires as I can make it do so.

This is how the 'web' has always been supposed to work: support for flexible rendering and fallback to accommodate a variety of user agents with different characteristics and capabilities is built in(although often underused, unless one forces the issue). Were it designed to be all about you, the arrangement would be much more along the lines of a relatively rigid page description language(PDF style, say) and a more robust VM for you to do whatever you want in(like the late and largely unlamented Java Applet).

Yes, unfortunately, nothing short of fire and sword will rid us of people who want the internet to be more like TV; but a web developer claiming that the user agent must take it and like it is about the same as a writer or publisher saying that highlighting sections of a book, or cutting a magazine apart, are copyright infringement. Stuff it.
Re:No no! by Zontar+The+Mindless · 2015-02-23 21:14 · Score: 2

I'm thinking the whole lot of yas just got trolled.

--
Il n'y a pas de Planet B.
Re:No no! by gl4ss · 2015-02-23 21:28 · Score: 1

well hat's joke about this product is that.. well.. they replace them with other ads.
to make money for themselves?
what's the fucking point for the consumer?

--
world was created 5 seconds before this post as it is.
Re:No no! by fuzzyfuzzyfungus · 2015-02-23 23:58 · Score: 1

It's quite possible; but there definitely are web types(and, even more so, their 'content provider' masters) who think exactly this, so I was willing to take the risk.

Pretty much this exact attitude is why the "Encrypted Media Extension" 'spec' exists, to provide something that qualifies as 'HTML 5' (Don't call it a plugin! It's a 'Content Decryption Module' that just happens to be operationally identical to or worse than a plugin!); but allows the site operator full control over execution.
Re:No no! by DarkOx · 2015-02-24 00:44 · Score: 1

Yes, I am sure the OP was either be sarcastic or trolling but the reality is there are A LOT of web developers and marketing people who think that way. The most basic form of it is web pages that don't flow. Yet people build pages that force 4:3 layouts to this day, make you page through content that could easily scroll or even fit on a single page rendered on a large and hi-res display, etc.
These people do need to be named, shamed and generally rejected.

--
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
Re:No no! by Anonymous Coward · 2015-02-24 01:20 · Score: 0

Right, because if I let you into my house, you have every right to shit on my livingroom floor.
Or, if I visit your home, you have every right to shove dry corn cobs up my butt.
I don't think so, precious, no I don't.
Re:No no! by Anonymous Coward · 2015-02-24 01:25 · Score: 0

Excuse me, but I am a WHOOOSH!
Re:No no! by Anonymous Coward · 2015-02-24 02:40 · Score: 0

Or, if I visit your home, you have every right to shove dry corn cobs up my butt.
Well, that all depends on the kind ads you answer on Craigslist.
Re:No no! by Zontar+The+Mindless · 2015-02-24 02:41 · Score: 1

My personal favourite is sites that get your screen resolution and assume your browser window has the same dimensions.
My second favourite is sites that try to force every link to open in a new window. (Yes, 90+% of Chinese websites, I'm looking at you. WTF is with that, anyway?)

--
Il n'y a pas de Planet B.
Re:No no! by sumdumass · 2015-02-24 02:56 · Score: 2

it is the free market and you better suck it up
You do not have to suck it up or even like it. The idea behind a free market is that you can stay away from what you do not like and go to what you do like.
Of course if it's the only choice, it isn't a free market is it?
Re:No no! by Anonymous Coward · 2015-02-24 04:02 · Score: 0

In the early 1990s, there was a close battle between the set top boxes and the Internet, and the main reason why the Internet "won" was because it was easier to hook up a modem to an existing POTS line than to rewire for a special box (this was well before DOCSIS.)
Had the set top boxes won, things would be quite different:
1: We would be paying $5-$12 per hour when logged on.
2: We would be paying by the individual bits, rather than the megs or gigs.
3: We wouldn't be posting to websites. We would be requesting a moderator to look over a posting, and if it is corporate friendly, then maybe, it might wind up being approved. In fact, there would be no websites, but keywords bought by the highest bidder.
4: Chatting would be limited to a "CB"-like thing, with a single "fuck" stated be grounds for a an account ban.
5: Want to send private E-mail, sure thing... it will be 35 cents for a "stamp", more if you want an attachment.
6: Online shopping? Sure, you will pay full retail, plus a shipping fee, since only the content provider sets prices.
7: Music? Yeah right. Here are some ATRAC3 files you can use for 25 cents per play, and $20 per album to download. Sorry, no indivudual tracks.
8: Video? You got your DIVX player, and there is a sale on "silver" movies for $54.99 for some old westerns, $99.99 each for anything released in the past year. Don't forget to secure your smart card when done playing, as all your movies are tied to that and the DIVX player.
We came quite close to such a world, and those same forces are at work, be it DRM extensions to brwosers, fingerprinting, adding identifying header info to each HTTP transaction, adding scumware, and so on. We might have victories, but this fight is going to go on longer than you, I, or our kids will be around.
Re:No no! by Opportunist · 2015-02-24 07:45 · Score: 1

Nobody deserves to earn money. Here I am, punching you in the face, so why don't you pay me?
Provide something I want then you may ask me to pay for it so I may use it. You may earn my money provided you give me something that I deem of equal or higher value.

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Re:No no! by Opportunist · 2015-02-24 07:46 · Score: 1

No, you do not. It's even debatable whether you may try. You may refuse to deliver the content I request if I do not comply with your requirements to do so, but that's pretty much all you may.

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Re:No no! by Opportunist · 2015-02-24 07:50 · Score: 2

It's exactly this attitude that made ad blockers and script killers popular.
You know, if companies asked whether they may display ads and if those ads were not intrusive, in-your-face, with speakers blaring, I know a lot of people would accept it and even welcome it, as a way to award those that deserve it. You know, as in what the customer's job is in the free market, to award those that provide a service they want.
Instead you abused us long enough that we simply assumed the same position as the industry: I do and take what I want and screw you!

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Re:No no! by Opportunist · 2015-02-24 07:54 · Score: 1

Such a system would have died pretty fucking quickly. Whether something like the web would have developed instead depends on how many patents could be abused to prevent it.

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.

all ads are malware by turkeydance · 2015-02-23 15:37 · Score: 0, Troll

also anything which allows ads are too.

Re:all ads are malware by invictusvoyd · 2015-02-23 16:17 · Score: 3, Funny

Does this run on linux / FreeBSD ? i'd like to try it
Re:all ads are malware by thegarbz · 2015-02-23 16:28 · Score: 1

also anything which allows ads are too.
Please don't dilute serious concerns with this hyperbole.
Re:all ads are malware by WD · 2015-02-23 18:49 · Score: 3, Insightful

"Adware is malware with better lawyers"
said @axeexcess on the Twitter

Comodo are the biggest Cert issuer by Anonymous Coward · 2015-02-23 15:42 · Score: 5, Interesting

Comodo, not to be confused with the similarly named Komodia from yesterday, are the world biggest issuer of SSL certificates. TLS hands trust over to a third party, and in this case that third party is Comodo.

People wonder how come NSA/GCHQ are able to intercept HTTPS connections so easily and in bulk. The answer is simple, the certificate authorities sign their keys as valid. Making ALL https sessions vulnerable to a man-in-the-middle attack.

We need to remove the whole signing process and replace it with *time*. The one thing an attacker cannot do is go back in time and change a key exchanged in the past. So we need to constantly be handing out public keys, and each and every end slot needs to store and track these public keys, warning us when they change. That way an attacker needs to man-in-the-middle *EVERY* communication, *ALL* the time, via *EVERY* route, and if they tried to use different keys per user then they'd need to perfectly identify every user. Which is impossible.
Likewise if they used one public key per site, then they'd need to identify every sysadmin for the site, who would notice their keys are intercepted. They'd need to provide uninterrupted keys for just those users.

We need to remove the certificate authorities, because they are the weak link in secure comms.

Re:Comodo are the biggest Cert issuer by BitZtream · 2015-02-23 16:12 · Score: 5, Insightful

Comodo, not to be confused with the similarly named Komodia from yesterday, are the world biggest issuer of SSL certificates.
Hardly. They give away a bunch of worthless email certs that aren't trusted by anyone, allow me to make wanking motions. No one that matters uses them and no browser that matters trusts their free certs by default.
Ahh, the post of someone who's riled up but doesn't actually understand what they are talking about.

People wonder how come NSA/GCHQ are able to intercept HTTPS connections so easily and in bulk.

Only the ignorant wonder that, just because you do, doesn't mean everyone does.

We need to remove the whole signing process and replace it with *time*. The one thing an attacker cannot do is go back in time and change a key exchanged in the past.
You don't have any idea how this system works currently, do you?
You want the websites to tell you their public key information, and for everyone else on the Internet to remember it and tell you when it changes ...
or ...
you could just learn what certificate pinning is.

We need to remove the certificate authorities, because they are the weak link in secure comms.
So you want me to ask Google what Google's public key is and then trust whatever I get sent is actually the public key, with no verification of that, other than it came from the request I sent asking Google for their public key. So ... then the NSA just returns a key that says its Google and intercepts the traffic.
The certificate authorities purpose in life is to provide 3rd party verification of certificates in an automated way. What you want is to remove all of that, and do it ad-hoc, by everyone on the Internet. Slashdot doesn't allow posts long enough for me to explain all the ways why thats exactly the opposite of a actual solution.
'Web of trust' doesn't work, we know this because NO ONE FUCKING USES IT BECAUSE ITS TOO MUCH FUCKING EFFORT. END USERS DON'T GIVE A FUCK about verifying every cert they see and will just click Ok/Next/Allow. THAT is WHY we use certificate authorities.
You are proposing nothing new. Its been done, and its failed repeatedly.
Certificate authorities ARE the solution you want, the problem is, no one actually cares enough about security to black ball the certificate authorities that aren't trust worthy (i.e. all of them), which means they certainly don't care enough to deal with the method you propose.

--
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Re:Comodo are the biggest Cert issuer by Anonymous Coward · 2015-02-23 17:02 · Score: 0

They give away a bunch of worthless email certs that aren't trusted by anyone, allow me to make wanking motions.
Only if you allow me to join you.
Re:Comodo are the biggest Cert issuer by Anonymous Coward · 2015-02-23 18:39 · Score: 0

Do you trust Comodo? Do you trust STARTCOM? China Mobile? Or the 50 other authorities installed by default in your browser?
So why would you trust a key they verify?
The only trust can be that time flows forward, and the key you received in 2005 is the key you use in 2015. If it isn't then your connection is flagged as intercepted. Not because Verisign says it is, but because TIME says it is and time can be trusted to flow forward.
It isn't the user that's doing this, its the browser and all the caches along the way, you can send the public key all the time, even in unencrypted http traffic. Your browser is the one building up the map of keys, and checking the map of keys.
Having an automated 'OK' from the NSA is worth nothing. A connection to a secure site, should not include a connection to a US certificate issuer to check a certificate. The visit alone passes unwanted tracking information, and the resulting 'good' is worthless.
Re:Comodo are the biggest Cert issuer by Anonymous Coward · 2015-02-23 18:51 · Score: 0

Do you trust Comodo? Do you trust STARTCOM? China Mobile? Or the 50 other authorities installed by default in your browser?
So why would you trust a key they verify?
The only trust can be that time flows forward, and the key you received in 2005 is the key you use in 2015. If it isn't then your connection is flagged as intercepted. Not because Verisign says it is, but because TIME says it is and time can be trusted to flow forward.
It isn't the user that's doing this check, its the browser and all the caches along the way, you can send the public key all the time, even in unencrypted http traffic. Your browser is the one building up the map of keys, and checking the map of keys.
Having an automated 'OK' from the NSA/Verisign is worth nothing. Worse, than nothing in fact.
Worse because it leaks info on the sites visited. A connection to a secure site, should not include a connection to a US certificate issuer to check a certificate. The visit alone passes unwanted tracking information, and the resulting 'good' is worthless because the certificate authority is inherently untrustable. They are the weak link. It may only be metadata you're leaking, details of sites visited each time the certificate is checked, but its still data.
We need to remove these untrusted third parties, even if they're only doing a yes/no "this-key-is-valid" check.
Re:Comodo are the biggest Cert issuer by BronsCon · 2015-02-23 19:37 · Score: 1

the key you received in 2005 is the key you use in 2015
Unless the other endpoint was compromised at some point and legitimately changed their key as a mitigation measure. Solve that problem and we'll be in agreement.

--
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
Re:Comodo are the biggest Cert issuer by thegarbz · 2015-02-23 20:46 · Score: 1

I disagree. The web of trust only didn't work in the past because it wasn't automated. While I agree the abolition of certificate authorities is the wrong idea, blindly trusting them is equally wrong.
I like the solution that looks to see if a particular connection is suffering from a MITM. The Perspectives plugin for browser does something like this. It is interested in not only if the certificate you received is valid, but also if the certificate you receive is the same certificate that several other people around the world receive. At that point you have a degree of trust that no one is listening with the only thing left for a CA to do is to say yes Google paid us money to send you this.
Re:Comodo are the biggest Cert issuer by Anonymous Coward · 2015-02-23 22:11 · Score: 0

> you could just learn what certificate pinning is.
The original poster knows what pinning is moron. He is saying that manual security doesn't scale. You're really an idiot at reading aren't you? (No need to answer this, it is a rhetorical question).
Re:Comodo are the biggest Cert issuer by heypete · 2015-02-23 23:13 · Score: 1

Comodo, not to be confused with the similarly named Komodia from yesterday, are the world biggest issuer of SSL certificates.
Hardly. They give away a bunch of worthless email certs that aren't trusted by anyone, allow me to make wanking motions. No one that matters uses them and no browser that matters trusts their free certs by default.
Ahh, the post of someone who's riled up but doesn't actually understand what they are talking about.
Email certs != SSL server certs. Are you sure you aren't thinking about CAcert instead, which does offer free email and server certs, but which isn't included in browsers? Obviously, CAcert's lack of inclusion in browsers makes it less useful for mose uses. Comodo, however, is a major certificate authority.
Various surveys, including this one (daily updates available here), scan HTTPS-enabled and report on the share of CAs.
Comodo recently overtook Symantec, which was probably helped by CloudFlare enabling TLS for all their customers (including free ones) using Comodo-issued certs -- that single action essentially doubled the number of HTTPS sites on the internet.
Re:Comodo are the biggest Cert issuer by DarkOx · 2015-02-24 01:16 · Score: 1

Certificate pinning (though downright irritating if you are doing local development) really is the right solution.
Outside your bank where you probably could get a self signed key given to you when you open an account, most of us don't have a way to initially verify the authenticity of a site. We need the 3rd party CAs. No web of trust does not really work because I for one don't known enough people I trust to competently handle key signing, and transitive authorization decisions better than the CAs do.
Pinning though would help a great deal. A loud warning that the certificate changed more than say a couple weeks prior to its original expiry date is a good control. Unfortunately there are still a number of perfectly legitimate reasons for that to occur and I don't have a good solution for how the end user is supposed to resolve that. One approach might be for browser software to 'require' the old CERT to either be expired or appear on the CRL before the new one is treated as valid. Now obviously that won't protect you if the CA itself is compromised, in all cases but it would close lots of holes.
NSA/other spy/criminal agency gets the original CA to issue a new cert - So mister spy now has to be able to sign for the CA as well as Google, and redirect traffic to both CA's revocation lists AND Gmail. This will be more difficult - though by no means impossible. If you manage to compromise the CA and get their private key you can do this.
However what you can no longer do is, get a cert from some other CA. IE the NSA can't use one of the DOD CA's that many browsers trust to issue a certificate for GMail, $DICTATOR in $COUNTRY can't use his national CA either. They have to actually get GEOTRUST or whoever the original issuer was to do it, or compromise them, not just any CA like today. This would be much better.

--
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
Re:Comodo are the biggest Cert issuer by Anonymous Coward · 2015-02-24 02:13 · Score: 0

https://isc.sans.edu/index.html
COMODO CA Limited. I'm suprised SANS doesn't matter.
Re:Comodo are the biggest Cert issuer by Billly+Gates · 2015-02-24 02:30 · Score: 1

Still I trusted them and privdog on an older system I used to run based on good ratings. That and I used commodo dragon for a little while so I wouldn't be spied upon.
Turns out I had been had.
Yes Comodo had a good name to it until today. Shame on you!

--
http://saveie6.com/
Re:Comodo are the biggest Cert issuer by JohnFen · 2015-02-24 04:03 · Score: 1

based on good ratings
There's your problem. People rating apps generally haven't performed security audits.
Re:Comodo are the biggest Cert issuer by Billly+Gates · 2015-02-24 06:04 · Score: 1

I used av-totals. They are a professional certification group

--
http://saveie6.com/
Re:Comodo are the biggest Cert issuer by JohnFen · 2015-02-25 05:18 · Score: 1

As near as I can tell, av-totals is just measuring how effective things are in terms of antivirus. They don't appear to be analyzing the AV software itself for security problems such as the bogus cert. That's not a fault with them -- that's expecting them to be doing something they aren't claiming to do.

Comodo, shame on you! by QuietLagoon · 2015-02-23 15:52 · Score: 1

...insecure HTTPS traffic interception ... an advertising product with ties to security vendor Comodo...

Comodo is a vendor that I [currently] rely upon for my PC firewall and my SSL certificates.

.
So, on one hand, I'm looking to Comodo to help me secure my computers and usage of my computers.

And on the other hand, Comodo is looking to install HTTPS traffic interceptors on my computers that increase the security vulnerability of my computers?

What frigging kind of security company is Comodo? Is Comodo a security company at all?

Re:Comodo, shame on you! by lucm · 2015-02-23 16:31 · Score: 1

What frigging kind of security company is Comodo? Is Comodo a security company at all?
Google for "cheap ssl" or "discount ssl", you will see them a lot. This is the Walmart of ssl.
It does not mean their certificates are not good, but buy a certificate from them and see the crappy online account management (a friggin popup that gets blocked by most browsers) and a flood of "special offers" in your inbox. Low-rent.

--
lucm, indeed.
Re:Comodo, shame on you! by WD · 2015-02-23 18:52 · Score: 1

I'll give you a multiple-choice question.
Security companies want to:
a) Keep you secure.
b) Make more money.
Just put your pencil down when you're done.
Re:Comodo, shame on you! by heypete · 2015-02-23 23:02 · Score: 1

What frigging kind of security company is Comodo? Is Comodo a security company at all?
Google for "cheap ssl" or "discount ssl", you will see them a lot. This is the Walmart of ssl.
It does not mean their certificates are not good, but buy a certificate from them and see the crappy online account management (a friggin popup that gets blocked by most browsers) and a flood of "special offers" in your inbox. Low-rent.
Who buys certs direct from Comodo? I always get them via a reseller like NameCheap. The NameCheap user interface is halfway decent: no need to deal with Comodo online management, popups, etc. I've never gotten any "special offers" or unwanted mail as a result of buying their certs. Your mileage may vary, of course.
But yeah, they're cheap, widely trusted by browsers, and generally work well. They're also the only CA I know that issues ECDSA certs from an all-ECDSA root/intermediate chain at a reasonable price (same price as RSA certs, typically less than $10/year), which is nice if you're interested in moving away from RSA for whatever reason.

Let me get this straight by 93+Escort+Wagon · 2015-02-23 16:47 · Score: 2

Their product is designed to replace ads... with OTHER ads, provided by themselves. And it's not hard to imagine that cash considerations are involved with making those choices.

Even if you set aside the security implications - that is pretty much exactly the sort of sleazy behavior that has gotten quite a few companies into trouble in the past.

--
#DeleteChrome

Re:Let me get this straight by Anonymous Coward · 2015-02-23 17:02 · Score: 0

The advertising that appears on websites is sponsored such that the content provider gets a slice of the pie for shoving specific ads in the face of their customers/viewers. If another company steps in and replaces those ads with something else they've essentially hijacked this contract. The money that goes into paying for that slot on the page is now lost to some unscrupulous advertiser that's fly-posting over the top of their banner.
Not that I'm in favor of ads at all the notion of a company deciding that one advert is bad and substituting another drives everything in one direction, and they never said what a "malicious advert" was. My guess is a malicious advert is any advert from a company that isn't paying Comodo, because I'm cynical and expect the worst from people. Comodo needs to define "malicious" - ideally they need to define it to a judge in court proceedings, and I doubt the reception will be positive.
Re:Let me get this straight by Anonymous Coward · 2015-02-23 17:35 · Score: 0

Their product is designed to replace ads... with OTHER ads, provided by themselves.
Of course! Isn't that the definition of Web 2.0?
Re:Let me get this straight by Anonymous Coward · 2015-02-23 22:47 · Score: 0

Their product is designed to replace ads... with OTHER ads, provided by themselves.
Which is why this won't fly. Never mind that other ad people might sue in some countries. The main thing is - would anyone buy replacement ads? I don't think so. When I install browser addons, I get the ones that remove ads, I have no need to replace them with other ads. Those addons are free too, this shit can't compete by any means.

Can somebody please explain by Anonymous Coward · 2015-02-23 16:56 · Score: 0

why is comodo still operating, after having previously done a boo-boo that when diginotar tried it caused them to fold?

Why is anybody still giving them business? Oh wait, buying certificates isn't actually about making everyone safer.

Why? by Jack+Griffin · 2015-02-23 16:58 · Score: 1

"The program is designed to replace potentially bad ads with safer ones" Why would anyone choose this? I mean is this an opt-in thing, or do they just force it on you? I can't imagine anyone cognitively choosing a product that replaces ads with other ads, when there are other products already on the market that replace ads with no ads instead.

Re: Why? by Anonymous Coward · 2015-02-23 19:37 · Score: 0

Comodo is CRAP through and through. I tried their fw once upon a time because it was highly rated and free. The gui sucked so badly even after multiple updates that I gave up vowing to avoid them at all cost. I remove their certs along with a few others I will not trust and wouldn't touch their products even if you payed me. Fuck comodo faggots their certs and their products.
Re: Why? by Anonymous Coward · 2015-02-23 21:26 · Score: 0

Please, tell us how you *really* feel.
Re:Why? by AchilleTalon · 2015-02-23 22:46 · Score: 1

Why people are actually buying penis enlargement pumps? You will always find enough idiots in this world to make anyone rich, it is just a matter of reach enough of them which the web excels at.

--
Achille Talon
Hop!

HTTPS by fustakrakich · 2015-02-23 17:00 · Score: 1

Not very secure, is it? Better make that a small s

This stuff is a placebo, at best.

--
“He’s not deformed, he’s just drunk!”

Re:HTTPS by Anonymous Coward · 2015-02-23 19:41 · Score: 0

Nope, it's not very secure if either end is compromised. But that's not the point of SSL/TLS. SSL/TLS worksif both ends are not compromised, as well as the CA.
This is not a fault of the protocol. Can you suggest a method of keeping communications secure when either end is compromised? Cause I bet you'd earn millions if you could!
Re:HTTPS by fustakrakich · 2015-02-23 20:00 · Score: 1

Enough 'metadata' leaks out for all your surveillance needs. HTTPS only works if you personally know who/what is at the other end. The certs are wishful thinking. And I will maintain until the end days that publicly available crypto is a fraud. The state is way ahead in every way. The absolute worst must be assumed, and just roll with it. Not a hell of a lot can be done right now.

--
“He’s not deformed, he’s just drunk!”
Re:HTTPS by Zontar+The+Mindless · 2015-02-23 21:29 · Score: 1

We'll always have postcards.

--
Il n'y a pas de Planet B.

In other news... by Anonymous Coward · 2015-02-23 17:14 · Score: 0

Slashdot Beta has found a suitable candidate software to deploy https...the advanced persistent advertisements are a feature!

TIME flows forwards by Anonymous Coward · 2015-02-23 18:15 · Score: 0

The key point you missed is TIME, because an attacker needs to intercept ALL the connections, all the time, from day one. Even then, it would be trivial for a website to notice the attack because the key does not match its own key.

So in your scenario, NSA needs to intercept the VERY FIRST use of Google, and ALL SUBSEQUENT uses and do that in a way that the site cannot notice. This is impossible, and TIME ensures the attacker can't go back and change the original key.

As it is now, they can create their own keys and get the cert authority to say "yes this is valid" and the test gives your browser the false sense of security because the cert authority has approved the key as valid.

Web of trust is not TIME, it is a web.

If certificate authorities (i.e. false third party verification of key) were the solution then NSA wouldn't be intercepting, stripping off TLS and putting it back on. They are, so Certification Authorities are not the solution.

Circle of weeds by WaffleMonster · 2015-02-23 18:28 · Score: 2

Anyone smart enough to write an HTTPS proxy able to dynamically create and sign certs surely must have known enough about underlying technology to recognize and comprehend importance of validating trust chain. How does someone innocently "overlook" this in either design or test? Simply MUST have occurred to someone.

Re:Circle of weeds by nyet · 2015-02-23 18:54 · Score: 4, Insightful

It all started with corporate "enterprise" firewall vendors who saw a demand for MiTM-in-a-box from "enterprise" IT.
Corporations are notoriously uninterested in the repercussions of their actions.
Re:Circle of weeds by WD · 2015-02-23 18:54 · Score: 1

http://en.wikipedia.org/wiki/H...
Re:Circle of weeds by BVis · 2015-02-24 03:16 · Score: 1

"Do this HTTwhatever thingy."
"It's a bad idea for *reasons*"
"Blah blah blah do it."
"I'm not comfortable doing that, it's unethical"
"I don't give a fuck about your ethics, we pay you to code, not have ethics. Do what you've been assigned or get fired."
Sooner or later you will find a coder that wants to keep feeding his/her family and will do what's requested.

--
Never underestimate the power of stupid people in large groups.
Re:Circle of weeds by Anonymous Coward · 2015-02-24 04:25 · Score: 0

Hanlon's razor fails here.

'Web of trust' doesn't work by Anonymous Coward · 2015-02-23 19:53 · Score: 0

> NO ONE FUCKING USES IT BECAUSE ITS TOO MUCH FUCKING EFFORT. END USERS DON'T GIVE A FUCK

Keith Alexander -- is that you?

(Captcha a near miss this time: "inboard" should've been "waterboard")

war by Tom · 2015-02-23 20:14 · Score: 2

It's clear advertisement companies have declared war on us, and think any and all means are permissable. No other mindset can explain these actions. If these people would not consider us enemies, they could not possibly look at themselves in a mirror.

So when will Firefox ship with ABE (or some other fork, don't use the original AdBlock, it has been sold to an advertisement company) and default to having it enabled?

I mean, aside from the hacking and privacy issues, every time I see the Internet on a browser without ad blocker, I can't believe people endure this crap.

--
Assorted stuff I do sometimes: Lemuria.org

Re:war by Billly+Gates · 2015-02-24 02:24 · Score: 2

What worries me is corporations too now bust SSL as well to spy on employees.
Now since the cat is out of the bag this maybe common. This will kill all commerce on the web as payment processing companies insurance plans won't insure online transactions without proof of a true encrypted connection.
This in term will de-value the online advertisement market if people stop buying shit online.
We need to stand up and do something and real advertisers need to step in before their business models get destroyed. This is just insanity! I would not be surprised if Google certificates do just this but Google seems too smart to be a snake which swallows its own tail.

--
http://saveie6.com/
Re:war by Anonymous Coward · 2015-02-24 03:20 · Score: 0

So when will Firefox ship with ABE
Probably never, since Application Boundaries Enforcer is part of NoScript and the entire stated purpose of Firefox's plugin system is to allow optional functionality to be added on and be optional.
Or did you mean AdBlock Edge? Because, see, I use AdBlock Plus (with the "allow blablabla" box unchecked, deal with it) and I don't need the 5-versions-behind, but idealistic, also-ran that AdBlock Edge has been allowed to become. And some people consider ad-blocking plugins to be optional. Yes, it boggles my mind too, but these people do actually exist. Thus, optional functionality should be kept optional in a plugin. I also see it as a way to make the plugin easier to keep adding new features to. You don't have to wait for another major Firefox release to add new stuff to a plugin. (Or to add stuff that will chase your users away so that they can drop your plugin and change to a fork that doesn't piss them off, as many people did with the ABP "allow some ads because whiny-bitch rent-seekers" fiasco.)
Re:war by Anonymous Coward · 2015-02-24 05:17 · Score: 0

What worries me is corporations too now bust SSL as well to spy on employees.
I have 'mixed' feelings on this. There are corporations who are doing it for the right reasons. You can't effectively control egress without this short of disallowing internet access entirely. Otherwise ONE compromised host could send lots of PII out the door in a pretty innocent looking SSL stream. Are they just using some AJAX based site or are they pushing names and SS numbers form the HR database in somewhat random sized small batches? How can you tell?
I have been 'blue team' and used one of the better devices from one of the more responsible vendors PaloAlto Networks. I can tell you our security team did not 'spy' on employees. We gave them a separate guest wifi network for their personal devices, which we did not police at all. We made it totally clear to them those devices were not allowed on the company network. If they wanted privacy they needed to use their own device, and we gave them a way to do that. If they used their employer provided computer or any systems not on our guest network they were of course subject to inspection. We made this as clear and widely known as possible. We also made it clear we did not care if they did personal business on corporate equipment provided it did not jeopardize the company or its assets. Want to message you kid on facebook fine with us, we won't look unless it gets flagged.
Really we had better things to do than read peoples personal stuff. The tools don't even make it easy to do that. For instance PANOS will show you the HTTP query strings for SSL traffic, that could expose some sensitive information itself, but only in a badly designed app. There is no way to dump plain text stream content though. You can get it because you got the private key for the CA proxy is using, but you are own your there. They don't make it easy. This is good, IT security can get data in the event forensic investigation is required but there is no just point - click - snoop function. At the same time the device can regex clear text content apply filters, heuristics, and IDS signatures to content in both directions. IT Security can block applications effectively that might pose risks or violate regulator or corporate policies.
"No you can't upload those health insurance claims to Dropbox; if you review the employee and HR handbooks you'd see that's clear, and arn't you luck we prevented your lapse in memory from causing you to do something that could get the company fined, and worse expose your co-works to various risks."
Or "Dammit that's the third person to download and open evil.pdf using the new Acrobat 0day, Lets block that thing, no matter what transport it comes in on".
Or "That damn malware is trying to upload everyone's contact lists to spammers good thing we block any messages with more 20 e-mail address pattern matches to unknown hosts, that let us spot the infected systems nice and quick"
There are GOOD reasons to do SSL inspection on corporate networks. Those are all things you basically can't do anymore without SSL inspection. Sadly the malware is more consistent about using SSL than the legitimate software. There are no doubt companies and teams out there that use SSL inspection badly as well.
Re:war by Tom · 2015-02-24 12:38 · Score: 1

You don't have to wait for another major Firefox release

I agree in principle, but this is ludicrous. Firefox releases seem to be twice a week now, and we'll probably all live to see the version number overflow.
Yeah, there should be several competing plugins. But maybe FF can ask you which one you want after install, assuming that anyone with three working brain cells wants an adblocker.

--
Assorted stuff I do sometimes: Lemuria.org

No, you abandon keys by Anonymous Coward · 2015-02-23 20:36 · Score: 0

That's not a problem, thats a useful feature!

You can change your key, but everyone is made AWARE the key has changed and you have to INFORM them why it changed and for what reason and they have to accept it or not. So Google gets hacked, has to change its public key, announces it, YOU have to accept the change or reject the change. The key isn't secretly swapped behind your back.

The difference between the two is the announcement is made to EVERYONE, not silent key changing as if its normal. And everyone has to then decide to trust the new key or not. Whereas now, the keys are swapped silently, the NSA/GCHQ certs approve the new key and the data is intercepted.

Of course with so many certificates authorities installed on a modern browser there is no real security.

Re:No, you abandon keys by BronsCon · 2015-02-25 06:13 · Score: 1

You can change your key, but everyone is made AWARE the key has changed and you have to INFORM them why it changed and for what reason and they have to accept it or not.
Or, someone else changes the key, MITM's the site, injects a brief explanation of why the key was changed into a banner on the page (oh, but you have to accept the new key in order to see that, assuming the site uses SSL everywhere as it should) or spoofs an email with the explanation, or spoofs a social media campaign with the explanation, whatever.

Maybe they target an individual user, that user gets the spoofed email and sees the spoofed tweets, and accepts the new key. Company would never be the wiser, since no fake notices would go out publicly, and the user, well...

This would work for you, this would work for me, hell it'd work for a handful of people here, because we know to spend longer than the time it takes to click "OK" to investigate these things. The real problem with your solution is that 99.999% of users either don't know to do that, or simply don't think it's a big enough deal to warrant actually doing it. You think it'd be a better situation based on your experience with a few competent and security-minded people, but the reality is we're the minority and the situation would end up much worse as a result.

--
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.

Snowden uses PGP/web of trust by Anonymous Coward · 2015-02-23 21:13 · Score: 0

Snowden of course used PGP which uses the web of trust system, it works enough to protect Greenwald and Snowden from NSA snooping.

Its the sort of multipath ad-hoc check that's very difficult to attack, because there are too many eyes checking the public keys chain. Whereas the certificate system has one authority checking the key and any one of about 50 built in that can approve a fake key.

Making a trivial to break system. Hence the Microsoft proxy can intercept HTTPS traffic on a company network (adds a fake cert), and PrivDog can intercept https sessions in a similar way.

Re:Snowden uses PGP/web of trust by heypete · 2015-02-23 23:15 · Score: 1

Snowden of course used PGP which uses the web of trust system, it works enough to protect Greenwald and Snowden from NSA snooping.
To be fair, Snowden and Greenwald met in person and verified their key fingerprints. While useful in many situations, the WoT was not really a factor there.

Yeah, right ... by gstoddart · 2015-02-24 00:50 · Score: 1

The program is designed to replace potentially bad ads with safer ones that are reviewed by a compliance team from a company called Adtrustmedia

Now there's a big frickin' lie ... Adtrustmedia is like "MRE" (meal ready to eat) ... it's three lies in one.

There simply is no entity involved in advertising who you should be trusting.

Assume they're all greedy sociopaths, and just save yourself the time.

This is precisely why I feel no guilt about blocking ads ... because I think the players are shady, and are sure as hell not entitled to all of the tracking information they shove into a web page.

Your average web page is like walking into WalMart and having the greeter put a dozen tags on your ear like a cow. It's just riddled with crap, cookies, tracking beacons, junk scripts, Flash, and who knows what the hell else.

A 'compliance team' is marketing speak, for marketing assholes maximizing their cut.

--
Lost at C:>. Found at C.

comodo firewall does the same thing. by Anonymous Coward · 2015-02-24 02:25 · Score: 0

same idea for the comodo firewall. its chock full- but really it sends back traffic to the mother ship. I like the windows firewall control product for a firewall.

what social purpose do they serve? by Anonymous Coward · 2015-02-24 02:28 · Score: 0

Can't we put people like this on a list and have a kickstarter to hire someone to kill them? /hahah, only kidding, wait, no
Or at least surgically attach electrodes to their balls and put the button to shock them on teh intarwebs.
Or maybe we can go old-timey and have them declared outlaws.

Re:what social purpose do they serve? by Opportunist · 2015-02-24 07:52 · Score: 1

How about a three strikes law? They're really popular these days.
If your page causes three waves of infections, you're no longer allowed to be on the internet. Forever.

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.

Commodo AV and Icedragon too! by Billly+Gates · 2015-02-24 02:29 · Score: 2

Shoot Hairyfeet is a big proponent of them and I used to use both too.

Wow.

I hope MS decertifies all Comodo certificates. I expect a big lawsuit from this and perhaps Commodo disabling Microsofts root certificates in return. Fun times.

Another lawsuit coming up.

--
http://saveie6.com/

Re:Commodo AV and Icedragon too! by toddestan · 2015-02-27 16:22 · Score: 1

It's a bit of a shame since Comodo Dragon was my favorite Chrome-but-not-actually-Chrome browser. However this and them dragging their feet on updates means I'll be switching to something else.

WAHHH, stop looking at my stuff that I put online! by Thud457 · 2015-02-24 02:48 · Score: 1

So much for websites crying about AdBlock stealing food from their children's mouths.
Now AdBlock prevents shitbirds like this from benefiting from attempting to steal food from webmaster's children. Which makes it more better, right?

I would welcome AdBlock having some sort of micropayment sponsor system baked in where I could choose to support sites whose content I value. Twenty years of the web, and still nobody's figured how to make that shit work. Is Ted Nelson even still alive?

--

the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

Six degrees of Bacon by Anonymous Coward · 2015-02-24 04:02 · Score: 0

Not fair, Laura Poitras he had not met when they exchanged key and it was protected by the trust web *successfully*.

It's the six degrees of Bacon problem, in a trust web, you're really not that far from everyone else, even if the web is made entirely of celebs who make movies! When it comes to the real world, we're all damn close, only a few degrees separation. And so the trust of a key is only a few degrees apart and yet verified in a thousands of separate strands of trust.

A trust web is just the same as a cert authority, only its THOUSANDS of cert authorities verifying each key, not one.

NSAs intercept of Googles SSL (they strip and re-ad the TLS) shows those certificate authorities are not trusted, we need to move on from a single verifier.

Only 1 tool works vs. ads + threats by Anonymous Coward · 2015-02-24 04:07 · Score: 0

APK Hosts File Engine 9.0++ SR-1 32/64-bit:

http://start64.com/index.php?o...

FREE & adds speed, security, + reliability, doing more with less, more efficiently vs. addons + fixes DNS' redirect security issues:

---

A.) Hosts do more than:

1.) AdBlock ("souled-out" 2 Google/Crippled by default http://techcrunch.com/2013/07/... & ABP too http://finance.yahoo.com/news/... )
2.) Ghostery (Advertiser owned) - "Fox guards henhouse" http://en.wikipedia.org/wiki/G...
3.) Request Policy -> http://yro.slashdot.org/commen...

B.) Hosts add reliability vs. downed/redirected dns (& overcome site redirects e.g. /. beta).

C.) Hosts secure vs. malicious domains too -> http://tech.slashdot.org/comme... w/ less "moving parts" complexity

D.) Hosts files yield more:

1.) Speed (adblock & hardcodes fav sites - faster than remote dns)
2.) Security (vs. malicious domains serving malcontent + block spam/phish & trackers)
3.) Reliability (vs. downed, Kaminsky redirected (99% ISP DNS' = unpatched vs. it), DGA, Fastflux, & dynDNS botnets)
4.) Anonymity (vs. dns request logs + dnsbl's).

---

* Hosts do more w/ less (1 file) @ faster levels (ring 0) vs redundant inefficient addons (slowing slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ os, & 1st net resolver queried w\ 45++ yrs.of optimization).

* Addons = more complex + slow browsers in messagepassing (use a few concurrently & see) & are nullified by native browser methods - It's how Clarityray's destroying Adblock.

* Addons slowup slower usermode browsers layering on more - & bloat RAM consumption + excessive cpu use too (4++gb extra in FireFox https://blog.mozilla.org/nneth...)

(Instead, work w/ a more capable native kernelmode part you already have - hosts (An integrated part of the ip stack))

APK

P.S.=> "The premise is quite simple: Take something designed by nature & reprogram it to make it work for the body rather than against it..." - Dr. Alice Krippen: "I am legend"

...apk

Ask yourselves these questions... apk by Anonymous Coward · 2015-02-24 04:11 · Score: 0

Can adblock do 16 things hosts do for speed, security, & reliability:

1.) Protect vs. malicious sites/servers (beyond malicious ads: See 2-10 next)
2.) Protect vs. fastflux botnets + stop communication to C&C servers
3.) Protect vs. dynamic dns botnets + stop communication to C&C servers
4.) Protect vs. DGA botnets + stop communication to C&C servers
5.) Protect vs. downed DNS (adds reliability)
6.) Protect vs. DNS redirect poisoned dns
7.) Protect vs. trackers
8.) Protect vs. spam
9.) Protect vs. phishing
10.) Protect vs. bandwidth caps
11.) Get you past a dnsbl
12.) Keep you off dns request logs
13.) Speed up websurfing by adblocks & hardcoded fav. sites
14.) Work on ANY webbound app (think stand-alone email programs) multiplatform.
15.) Give you easily texteditor controlled data for the above
16.) Do all that & block ads (better than addons) more efficiently in cpu cycles + memory usage

* ANSWER ="NO" to each above on AdBlock doing it as well or at all!

APK

P.S.=> AdBlock does FAR less than hosts do & FAR less efficiently - hosts by way of comparison, do MORE w/ less + Hosts start w/ the IP stack before REDUNDANT inefficient addons BEGIN to operate (as 1st resolver queried):

AdBlock's 4++gb & 100% CPU usage flooring inefficiency -> https://blog.mozilla.org/nneth... + ClarityRay defeats it + it 'souled-out' & is crippled by default paid off to not do its job http://techcrunch.com/2013/07/... & ABP too http://finance.yahoo.com/news/...

AdBlock adds complexity/room for breakdown/exploit + from a slower mode of operations (usermode = more messagepassing overheads vs. hosts in kernelmode).

For the BEST hosts file?

APK Hosts File Engine 9.0++ SR-1 32/64-bit -> http://start64.com/index.php?o...

MalwareBytes' hpHosts Admin (MalwareBytes employee) hosts & recommends it -> http://hosts-file.net/?s=Downl... & MalwareBytes = BEST antivirus http://www.av-test.org/en/news...

... apk

I asked AdBlock's creator those questions... apk by Anonymous Coward · 2015-02-24 04:13 · Score: 0

Result? W. Palant RAN after he wrote me by email 1st saying "hosts are a shitty solution" to which I replied:

"Show us adblock can do more for added speed, security, reliability, & anonymity than hosts can, + that adblock does it more efficiently than hosts"

Which on my latter 'point-in-challenge' on efficiency AdBlock's proven by research to be MASSIVELY inefficient -> https://blog.mozilla.org/nneth... & adblock does FAR less than hosts (especially crippled by default).

I sent Wladimir Palant that challenge in response to his statement from 2 different email addresses I use!

Result = Still no answer from him in regard to my challenge put to him to this very day MONTHS later - that tell you anything? It did me!

He knows his addon is less efficient & features laden by FAR vs. hosts - Wladimir Palant RAN like a scared rabbit!

ClarityRay's also DESTROYING AdBlock - via native browser methods to DUMP what addons you use (it can't DO THAT to hosts files).

I only tell it how it is on hosts' superiority vs. AdBlock - Funny part is, Wladimir Palant running does too!

Especially considering "Almost ALL Ads Blocked" has 'souled-out' -> Google & Others Pay Adblock Plus To Show You Ads Anyway: http://news.slashdot.org/comme... & ABP too http://finance.yahoo.com/news/...

APK

P.S.=> Bottom-Line: Hosts = a superior solution that also fixes DNS redirect security issues (vs. browser addons & their inefficiencies + messagepassing overheads as well as myriad lack of abilities hosts have from 1 file that's part of the IP stack itself - faster, more efficient, & less redundant as well, since TCP/IP has 45++ yrs. of refinement & optimization in it, & runs in a higher CPU serviced ring of privelege & operations in kernelmode vs. slower usermode layering over browsers slowing them more, & hosts = 1st resolver queried by the OS itself also)... apk

AdBlock = Inferior + 'Souled-Out'... apk by Anonymous Coward · 2015-02-24 04:42 · Score: 0

APK Hosts File Engine 9.0++ SR-1 32/64-bit:

http://start64.com/index.php?o...

FREE & adds speed, security, + reliability, doing more with less, more efficiently vs. addons + fixes DNS' redirect security issues:

---

A.) Hosts do more than:

1.) AdBlock ("souled-out" 2 Google/Crippled by default http://techcrunch.com/2013/07/... & ABP too http://finance.yahoo.com/news/... )
2.) Ghostery (Advertiser owned) - "Fox guards henhouse" http://en.wikipedia.org/wiki/G...
3.) Request Policy -> http://yro.slashdot.org/commen...

B.) Hosts add reliability vs. downed/redirected dns (& overcome site redirects e.g. /. beta).

C.) Hosts secure vs. malicious domains too -> http://tech.slashdot.org/comme... w/ less "moving parts" complexity

D.) Hosts files yield more:

1.) Speed (adblock & hardcodes fav sites - faster than remote dns)
2.) Security (vs. malicious domains serving malcontent + block spam/phish & trackers)
3.) Reliability (vs. downed, Kaminsky redirected (99% ISP DNS' = unpatched vs. it), DGA, Fastflux, & dynDNS botnets)
4.) Anonymity (vs. dns request logs + dnsbl's).

---

* Hosts do more w/ less (1 file) @ faster levels (ring 0) vs redundant inefficient addons (slowing slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ os, & 1st net resolver queried w\ 45++ yrs.of optimization).

* Addons = more complex + slow browsers in messagepassing (use a few concurrently & see) & are nullified by native browser methods - It's how Clarityray's destroying Adblock.

* Addons slowup slower usermode browsers layering on more - & bloat RAM consumption + excessive cpu use too (4++gb extra in FireFox https://blog.mozilla.org/nneth...)

(Instead, work w/ a more capable native kernelmode part you already have - hosts (An integrated part of the ip stack))

APK

P.S.=> "The premise is quite simple: Take something designed by nature & reprogram it to make it work for the body rather than against it..." - Dr. Alice Krippen: "I am legend"

...apk

Ask yourselves these questions... apk by Anonymous Coward · 2015-02-24 04:44 · Score: 0

Can adblock do 16 things hosts do for speed, security, & reliability:

1.) Protect vs. malicious sites/servers (beyond malicious ads: See 2-10 next)
2.) Protect vs. fastflux botnets + stop communication to C&C servers
3.) Protect vs. dynamic dns botnets + stop communication to C&C servers
4.) Protect vs. DGA botnets + stop communication to C&C servers
5.) Protect vs. downed DNS (adds reliability)
6.) Protect vs. DNS redirect poisoned dns
7.) Protect vs. trackers
8.) Protect vs. spam
9.) Protect vs. phishing
10.) Protect vs. bandwidth caps
11.) Get you past a dnsbl
12.) Keep you off dns request logs
13.) Speed up websurfing by adblocks & hardcoded fav. sites
14.) Work on ANY webbound app (think stand-alone email programs) multiplatform.
15.) Give you easily texteditor controlled data for the above
16.) Do all that & block ads (better than addons) more efficiently in cpu cycles + memory usage

* ANSWER ="NO" to each above on AdBlock doing it as well or at all!

APK

P.S.=> AdBlock does FAR less than hosts do & FAR less efficiently - hosts by way of comparison, do MORE w/ less + Hosts start w/ the IP stack before REDUNDANT inefficient addons BEGIN to operate (as 1st resolver queried):

AdBlock's 4++gb & 100% CPU usage flooring inefficiency -> https://blog.mozilla.org/nneth... + ClarityRay defeats it + it 'souled-out' & is crippled by default paid off to not do its job http://techcrunch.com/2013/07/... & ABP too http://finance.yahoo.com/news/...

AdBlock adds complexity/room for breakdown/exploit + from a slower mode of operations (usermode = more messagepassing overheads vs. hosts in kernelmode).

For the BEST hosts file?

APK Hosts File Engine 9.0++ SR-1 32/64-bit -> http://start64.com/index.php?o...

MalwareBytes' hpHosts Admin (MalwareBytes employee) hosts & recommends it -> http://hosts-file.net/?s=Downl... & MalwareBytes = BEST antivirus http://www.av-test.org/en/news...

... apk

I asked AdBlock's creator those questions... apk by Anonymous Coward · 2015-02-24 04:45 · Score: 0