Slashdot Mirror
New Stegano Exploit Kit Hides Malvertising Code In Banner Pixels (bleepingcomputer.com)
An anonymous reader quotes a report from BleepingComputer: For the past two months, a new exploit kit has been serving malicious code hidden in the pixels of banner ads via a malvertising campaign that has been active on several high profile websites. Discovered by security researchers from ESET, this new exploit kit is named Stegano, from the word steganography, which is a technique of hiding content inside other files. In this particular scenario, malvertising campaign operators hid malicious code inside PNG images used for banner ads. The crooks took a PNG image and altered the transparency value of several pixels. They then packed the modified image as an ad, for which they bought ad displays on several high-profile websites. Since a large number of advertising networks allow advertisers to deliver JavaScript code with their ads, the crooks also included JS code that would parse the image, extract the pixel transparency values, and using a mathematical formula, convert those values into a character. Since images have millions of pixels, crooks had all the space they needed to pack malicious code inside a PNG photo. When extracted, this malicious code would redirect the user to an intermediary ULR, called gate, where the host server would filter users. This server would only accept connections from Internet Explorer users. The reason is that the gate would exploit the CVE-2016-0162 vulnerability that allowed the crooks to determine if the connection came from a real user or a reverse analysis system employed by security researchers. Additionally, this IE exploit also allowed the gate server to detect the presence of antivirus software. In this case, the server would drop the connection just to avoid exposing its infrastructure and trigger a warning that would alert both the user and the security firm. If the gate server deemed the target valuable, then it would redirect the user to the final stage, which was the exploit kit itself, hosted on another URL. The Stegano exploit kit would use three Adobe Flash vulnerabilities (CVE-2015-8651, CVE-2016-1019 or CVE-2016-4117) to attack the user's PC, and forcibly download and launch into execution various strains of malware.
cool. glad they found it
Not no, hell no.
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
If you block the ad, you're a thief.
“He’s not deformed, he’s just drunk!”
I'm going to much more efficient. "Avoid the middleman! Download this malware, straight from me to you!"
See subject: This is a list of specific domains from ESET's research to enter into your custom hosts file to protect vs. it:
0.0.0.0 browser-defence.com
0.0.0.0 broxu.com
0.0.0.0 conce.republicoftaste.com
0.0.0.0 compe.quincephotographyvideo.com
0.0.0.0 ntion.atheist-tees.com
0.0.0.0 entat.usedmachinetools.co
0.0.0.0 connt.modusinrebus.net
0.0.0.0 ainab.photographyquincemiami.com
0.0.0.0 rated.republicoftaste.com
0.0.0.0 rence.backstageteeshirts.com
FROM http://www.welivesecurity.com/...
APK
P.S.=> All I can say to ESET is "Good job guys, & Thank you - keep up the good work!"... apk
First of all, Jesus H. Chist, I'm continually amazed at the lengths people will go and the sheer brainpower employed in malware and hacking generally. I've gotten to the point where I go to hang a towel over the mirror in the bathroom because I'm worried someone has hacked the mirror and then figure, fuck it, they probably also hacked the towel.
Secondly, is this level of malware sophistication evidence that there's economic stagnation?
I'm assuming this is software designed to create botnets or measly bank account info or whatnot and the author(s) make some money but not griping about the lack of space for their megayacht next season at Monaco kinds of money.
Is the fact that people do this kind of really clever shit for more or less ordinary income, is it proof that the economy is in some way broken? I would think that people this smart, in a functional economy, would be in real demand to do productive economy kinds of things.
Banner ads are still a thing? I haven't seen one in years. Guess those ad blockers are paying off.
A question to the readers: I've been trying to view this online comic for awhile now.
The problem is, the comic itself is written in Flash, and I can't think of any way to enable flash without downloading all the Adobe crap, or installing a browser extension that's horribly unsafe to use. My best guess is to do all this in a separate VM specifically tuned to do this one task, and then delete it when done.
Make an entire system specific to reading one website? That seems like a lot of work.
Is there some sort of offline viewer I can use, or convert the files to PDF or something?
Is this work of art now forever lost because the means to display it is gone?
Not really an issue for me as this one of the reasons I use an ad blocker. The part I found mind boggling is "a large number of advertising networks allow advertisers to deliver JavaScript code with their ads". That is just plain wrong. How can any website sell advertising with a clear conscious if they are going to allow effectively unknown people to run code on their visitor's PCs?
For all reasons mentioned and past exploits I can see cruising the internet through a VM becoming very popular. Especially since some new NAS are coming with the ability to run a VM.
Shai Schticks:"You don't make peace with friends, you make peace with enemies"
First of all, Jesus H. Chist, I'm continually amazed at the lengths people will go and the sheer brainpower employed in malware and hacking generally. I've gotten to the point where I go to hang a towel over the mirror in the bathroom because I'm worried someone has hacked the mirror and then figure, fuck it, they probably also hacked the towel.
Thanks for that laugh. The analogy was rather hilarious. Now I think I'll have a good cry over the reality of it.
Secondly, is this level of malware sophistication evidence that there's economic stagnation?...Is the fact that people do this kind of really clever shit for more or less ordinary income, is it proof that the economy is in some way broken?
Yes, perhaps it is. Another example would be the evolution of ransomware. Started out as a rather brilliant idea from a hacking standpoint to extort humans for more or less ordinary income.
I would think that people this smart, in a functional economy, would be in real demand to do productive economy kinds of things.
Across history, countless times we've caught ourselves laughing at how much more con artists could earn by walking the legal line instead of the life of crime. That said, this economy rewards the world's greatest narcissists who do little more than generate clicks. Is this economy broken? Fuck yes it is. In more ways than one.
And this isn't illegal?
Is BleepingComputer the latest Medium.com? Because it seems like every time I come to Slashdot there's yet another story from that site...
#DeleteChrome
The summary was missing details, but this link explains a bit more.
http://www.welivesecurity.com/...
At least you'll know how it works. Also, go down to the list and see if you have at least one of those security products and it'll skip the payload. :)
...reading at, "This server would only accept connections from Internet Explorer users." Now feeling smug.
Is the fact that people do this kind of really clever shit for more or less ordinary income, is it proof that the economy is in some way broken? I would think that people this smart, in a functional economy, would be in real demand to do productive economy kinds of things.
Why would anyone hire a smart guy like this, when they can buy a team of ten Indians for half his salary and get a bonus for coming in under budget? All the American economy produces anymore is lawyers, nurses, war machines, and cogs for the ever-growing police / corrections / homeland security / surveillance apparatus. And as soon as they can figure out how to have Sanjit in Bangalore remotely start your IV and empty your bedpan, you can bet the health care jobs will be gone too.
I mean, yeah bad and all, but I'm impressed.
If you can't communicate your ad with a static image, a video
A scripted vector animation has a smaller file size (and thus costs you less to view in overage fees payable to your ISP) than the equivalent H.264 or VP8 video. But I don't see how a scripted vector animation of considerable complexity can be done with CSS transitions alone. It's usually script writing to a canvas or script manipulating CSS element styles or SVG paths.
a large number of advertising networks allow advertisers to deliver JavaScript code with their ads
Third-party code. 'Nuff said.
"Steven Burn" can verify it
He audits every version of your tool? And publishes a hash so that I can verify that the version he saw is the same as the one I might download?
See the problem? Closed source cannot be constantly audited, nor checked to see if something has changed since the audit. One person vouching for another is not an answer to verifiablity.
Not going to sites I don't know protects me too
Ah, that would be because your hosts file can't protect you from sites you don't know about, yet. Got it.
You're FALSELY ACCUSING ME OF
No I'm not. I'm asking you how or why I should trust you and the example you provide (of AdBlock) is an example of why I need to ask this question. Maybe you are incorruptible. Maybe you aren't. I have no way of knowing. I cannot verify your assertions, so I cannot trust you. I'm not saying that you are accepting money to let some sites slip through, I'm saying I have no way of knowing.
What you like is DOING IT, not I
I have no idea what you are trying to say.
give up already
Very well. I'm sorry this has been so taxing for you, but I can understand that it must be difficult to have to acknowledge that the world has moved on from blacklisting being effective and that what appears to be your proudest achievement is largely irrelevant in today's security landscape. I'll leave you alone, now, as you requested.
See subject: Where's something YOU've made that's better & good enough for malwarebytes' folks to host & recommend + works vs. this threat?
* "Big talker" on security from you - but I see nothing from you that YOU have created yourself, lol... I have & it works vs. this threat & MANY others (for less resource use vs. other solutions often doing MORE than they can too), using what you already have natively operating in FASTER kernelmode (more cpu serviced).
I don't go to sites I don't know - that's why I use news aggregators like /.! I "trust" this site more than most (& there's no way they can harm me anyhow).
I can't be 'corrupted' - Mr. Burn @ malwarebytes is your proof of it (he's audited my code in every version & verified it's filters (we work on them together w/ other security community folks)). He wouldn't host & recommend it otherwise.
This isn't "taxing" for me @ all - it's easy. I've been thru weak 'arguments' like yours before & annihilated them as I have you @ every turn!
APK
P.S.=> I love how you're posting unidentifiable ac after logging out of your "registered 'luser'" acc't & then logging in again, downmodding my posts that shut you down under your UNIDENTIFIABLE ac posts (lol) @ every single turn in your weak 'arguments', & you ran DRY of those "downmodpoints" @ what? The typical 5 allotted users here daily? lol!)... apk
Secondly, is this level of malware sophistication evidence that there's economic stagnation?
I'm assuming this is software designed to create botnets or measly bank account info or whatnot and the author(s) make some money but not griping about the lack of space for their megayacht next season at Monaco kinds of money.
Is the fact that people do this kind of really clever shit for more or less ordinary income, is it proof that the economy is in some way broken? I would think that people this smart, in a functional economy, would be in real demand to do productive economy kinds of things.
A problem solved by software can often be copied for essentially zero. The initial cost may be relatively high, but let's say ordinary salary numbers, particularly in foreign countries, so what in the $30k range... If they can infect say 30k computers say 4 times a year. The computers could easily be different... That yields needing to make roughly, on average, $0.25 a computer. There is a lot of hand waving there, but I assume most of it is purely the economies of scale. Also, once a vulnerability is in the wild, it is no doubt easier to copy it than try to find your own.
Now once you compromise a PC, getting it to effectively just view and click on links for money is likely achievable. Remember you need to make like 25 cents per computer per year... There is also more direct options like scamming bank account info, holding data hostage, etc..
See subject: A list of specific hosts from ESET's research to enter into your custom hosts file to protect vs. Stegano:
0.0.0.0 browser-defence.com
0.0.0.0 broxu.com
0.0.0.0 conce.republicoftaste.com
0.0.0.0 compe.quincephotographyvideo.com
0.0.0.0 ntion.atheist-tees.com
0.0.0.0 entat.usedmachinetools.co
0.0.0.0 connt.modusinrebus.net
0.0.0.0 ainab.photographyquincemiami.com
0.0.0.0 rated.republicoftaste.com
0.0.0.0 rence.backstageteeshirts.com
FROM http://www.welivesecurity.com/...
APK
P.S.=> All I can say to ESET is "Good job guys, & Thank you - keep up the good work!"... apk
Interesting point of view. It might also be proof that software quality has improved a lot, and there aren't so many 'normal' holes to drive through anymore...
I hate to suggest yet another load for all of our CPUs... but perhaps oen way to defend against this would be a browser plugin that transcodes all .PNGs to .JPGs, and vice-versa.. repeat for any other pair of formats. Hopefully stego would not survive the transcoding process.
Or, you know, maybe sites could just stop serving up ads from god-knows-where and abdicating responsibility for being knowing middle-men for malware distribution. But that would be the sensible solution so it'll never happen.
Buy stock in Intel and hardware-based image sanitizing chips for your next PC...
Is the fact that people do this kind of really clever shit for more or less ordinary income, is it proof that the economy is in some way broken? I would think that people this smart, in a functional economy, would be in real demand to do productive economy kinds of things.
That's the trick. Highly effective people are not in demand...at least in regard to information security.
Survey the people you know that are well employed and the people that are particularly clever. Note that there is some but not complete overlap. Companies hire people that are good cogs, do what they are told without question, and are no threat to the people above them. Those are not the traits found in some highly clever people. They are the antithesis of what makes someone good at a information security.
So here we are in a situation where the people that should be in the most demand, being in short supply and of high talent, are ignored in favor of people that lack that special something. What are those people, who are continually told they are intelligent and deserve the world, going to do when the world rejects them for an H1-B that is willing to toe the line and follow a script?
They use their talents to get what they have been told they deserve in a market economy.
Not likely:
a) At best, you've just moved the problem to securing the host system. Which if you're running a bare metal VM like ESXi or Hyper-V is certainly easier than securing an entire OS that needs to explicitly allow userland programs to do arbitrary things. But its not a null issue.
b) VMs would need to become far, far less annoying to use. Basically until such time that OS's do something like load every single app into its own sandbox, invisible to the user, this won't happen on any sort of large scale. Including somehow securely sharing data between sandboxes (so for example your video player could play the movie you downloaded from your browser) and again with little to no user hassle.
c) Even given all of that, it still has the issue of persistent data. If the VM's data persists inside the VM, then its got the potential to be compromised at least within the sandbox and since most people only use a small number of apps, having one of them lose all data is still a serious issue. And if its persisted outside the sandbox (as in the shared data issue above) then its potentially compromising the entire system and we're back to square one.
Modern browsers and Flash Player and Java and whatnot all do their best to sandbox anything coming from the web already. I don't really see how moving up one step to a virtual machine will really do a whole lot better -- at least not without simultaneously introducing user experience issues that would make the setup untenable for average non-techie users.
Fine the ad creator. Can't find him? Fine the ad provider. Can't find him? Fine the owner of the site itself.
I want fines and I want jail time for malvertising. Heads must roll. This has gone on long enough.
So I ran your thing in a sandbox with a firewall on "No." mode because yolo.
Phoning home to a servers in Africa and Singapore (likely proxies), trying to download DLLs that a bit of research showed to be associated with ransomware, and at one point tried to connect to a domain that my ISP blocked due to containing child abuse material (likely associated with the ransomware, relying on blackmail instead of encryption).
They can give a few condition, but since it is my line, my bandwidth, my bill at the end of the month, my pc security, iam free to refuse fulky or partially. Now they can if they wish enforce not delivering content fully if part of it , the ad, is refused. But that is their job to enforce. They have no legal recourse if i wish to block part of it. And frankly i will stick to ad block, and would rather give up web site than clean up my pc.
The fact that he spams it in almost every thread while posting anonymously makes me think that it's malware. Doesn't help that his alleged S Burns quote is cited on a forum that isn't publicly viewable.
If it looks like malware, it's malware.
See subject: 58++ reputable sources prove you wrong here https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/ & so does Malwarebytes' Steven Burn whom you can contact here http://hosts-file.net/
That's ALL in my original post but of course as to VIRUSTOTAL clearing it past 58 antivirus programs as safe TOO!
* UTTERLY HILARIOUS - I identify myself @ least & you BITCH ABOUT POSTING AC? You do so, & unidentifiably yourself NOT EVEN DOING WHAT I DO?
ROTFLMAO - you pitiful fucking loser hypocrite!
APK
P.S.=> Lastly - I post where hosts apply to help fix things - they do in MANY cases dealing in DNS, malware, speeding up the web, etc. - et al... what've YOU done better? NOTHING! apk
Your browser isn't a docker image hosted X session?
Malware nowadays is not written by some script kiddie in his parent's basement. Malware creation is funded by crime rings in third-world countries who employ developers to analyze known exploits and code-hiding techniques, and hence the malware attacks are very sophisticated. This is what I say to various relatives who come and say their computer "is so slow it must have a virus". Modern malware tries to be as stealthy as possible, so slowing down your PC is the last thing they want to do. But that Avast hog you have (instead of a much lighter antivirus) and your never-defragged harddisk does make your computer slower. PS: Does Google ads filter the malicious JS code?
58++ sources in the security community show my code is 100% SAFE & CLEAN https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/
See subject: My program only takes in data from 10 reputable custom hosts file data sources in the security community (like Malwarebytes folks who HOST & RECOMMEND IT + audited its code in all versions!)
* Who are you desperately TRYING to fool, Ash-Fox? Yes, I know it's you dimwit...
Too bad I just "SHOT YOU DOWN" yet again today (your post history shows it) & from your posting around the same time under your "registered 'luser'" FAKE NAME for your FAKE LIFE here https://news.slashdot.org/comments.pl?sid=9962449&cid=53438743/
APK
P.S.=> What is it like being a TOTAL loser & liar, Ash-Fox? apk
I don't think the economy is broken, well, it might be but even if it were 100% healthy, we'd still have these people. Mostly, they are people who do not fit into companies working for someone else. They are freelancers. They do not have what it takes to start their own legitimate company. In the past, we'd call them pickpockets or snake oil salesmen or in some cases, politicians. The intertubes are just vehicles for them. If they weren't doing it there, they'd find some other form of criminal vice. Their lives are built around leeching. The medium is secondary.
Ad blockers get regular list updates multiple times a day. Your hosts file solution does not, which renders it useless.
Also, if you're worried about the tiny amount of CPU time an ad blocker uses, maybe you should finally upgrade from that 386 and Windows 3.1. My i7 doesn't even notice my ad blocker at work.
Useless? It works here vs. this malware! DNS propogation of hostnames takes 24 hrs. or so, so once a day is JUST fine (as malware makers can't spread their 'disease' that fast using domain names & most do, due to DNS propogation lag).
I'm not worried @ all - it's a FACT that addons are slower in usermode (vs. hosts in kernelmode) & that they do less but use FAR more vs. hosts!
NICEST PART ABOUT HOSTS IS THAT ANYONE CAN EASILY UNDERSTAND & EDIT THEM (to add or remove data in them) - try that with "regular users" who do NOT understand regular expressions.
(My sources update from 10 of them @ diff. times of day (& I use other sources that do MANY times a day ala Norton Safeweb & others like it that do so every 10 minutes or so...).
APK
P.S.=> Guess what? You FAIL as always, unidentifiable ac troll... apk
"This server would only accept connections from Internet Explorer users. The reason is that the gate would exploit the CVE-2016-0162 vulnerability that allowed the crooks to determine if the connection came from a real user or a reverse analysis system employed by security researchers."
The reason it only targets Internet Explorer is that the exploit only works on Microsoft windows.
See subject: Using a rooted phone & the Android Debugging Bridge's PULL command you can use hosts files on droid phones.
APK is totally right on this count. Adblock Plus on Firefox mobile is a dog on older, or lower end, phones. A hostfile based adblocker makes for a much better experience in this context by chihowa
his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg
APK is kinda right. I've given up on JS based adblocking and gone to blackholing in /etc/hosts, just like it was back in the 90s. The computational load has gotten intolerable for any ad-blocking using JS. I've tried his hosts file generating software. It works by bmo
APK, I know people give you a lot of shit regarding hosts, but please don't ever stop - by nasredin
APK
P.S.=> Telling me to shut up? When I am THIS right about hosts vs. bloated inefficient addons that use more & do less?? Please... apk
And that technique can go way further.
https://www.youtube.com/watch?...
Atari rules... ermm... ruled.
his hosts program is actually pretty good by xenotransplant
his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg
I've never tried to belittle (APK's) work, I've flat out said it's good by BronsCon
take a look at the APK hosts file engine by SuperKendall
APK is kinda right. I've tried his hosts file generating software. It works by bmo
APK is totally right on this count. Adblock Plus on Firefox mobile is a dog on older, or lower end, phones. A hostfile based adblocker makes for a much better experience by chihowa
I like your host file system by Karmashock
I find your hosts file admirable by vel-ex-tech
* My code's liked/used + recommended & hosted by Malwarebytes' hpHosts - Argue w/ those folks above.
APK
P.S.=> Want more like those? I've got 'em - just ask... apk
"Since a large number of advertising networks allow advertisers to deliver JavaScript code with their ads, the crooks also included JS code that would parse the image, extract the pixel transparency values, and using a mathematical formula, convert those values into a character."
So if you embed code in an image, then provide javascript to parse out the code and execute it... why not just have the javascript do the exploit directly and skip the middleman?
Miranda
I don't get the point. You've already gotten the browser to run your js before you bother loading additional js from the image. Everything it can do, you can already do.
This is like shooting someone in the head to kill them, tearing out one of their bones, and sharpening it into a knife so you can .. stab them to death? Too late.
does it work on linux or android.
does it protect lynx.
If not, then not interested.
See subject & https://it.slashdot.org/comments.pl?sid=9963399&cid=53439059/ for droid toys & Linux has hosts so copying my hosts file to it is no big chore!
* I'd port it over & it'd be EASY to do (Delphi is amazingly like FreePascal, even the Lazarus IDE for it) for MacOS X, Linux, etc. (Delphi does MacOS X, Android, & even iOS iirc) but...
I'm NOT in the stupid habit of helping the competition (far less used on PC desktops by MILES & Linux = about a 50/50 split vs. Windows on servers, so it's far behind (Applications for purpose, which windows has FAR more of, keep it that way - the way I like it))
APK
P.S.=> In any event? You fail... apk
See subject:My program imports mvps.org's hosts file data too (w/ 10 other sources which you apparently do NOT account for, which means you're missing blocking threats MVPS doesn't catch dude!)
Additionally - You're obviously illiterate - again: Hosts work on Linux & Android!
* Do you like losing? Apparently you do, you keep doing it!
APK
P.S.=> What am I saying?? You're using the least used desktop OS with the least applications for it (which I am helping by NOT porting my program to Linux when I easily could since it'd just be a matter of WinSock2 diff. vs. *NIX style sockets, drive letters vs. mounted devices, & slight diff. in location of hosts on Linux filesystems)... apk
The problem is that corporations are incapable of recognizing, appreciating in the first place, or motivating creative talent. Also, creative talent aren't necessarily good at the business game. So, the demand is probably there, but there is a market failure in the are of human resources management. No news to anyone who has had a job with a large company, really.
I get that we'd always have people at the margin who have above average intelligence but otherwise to fit into a worker mold and wind up as criminals of varying levels of success. Usually, though, they seem to suffer from various other pathologies -- substance abuse, psychological defects, the kind of panoply of sociological misintegration that limits not only their legitimate success but their ability to make even life below the line very successful.
Maybe there's just a correlation between high levels of computer skills and these same sociological maladjustments, and the medium provides an outlet previously unavailable which offers reduced risk and greater rates of success.
He didn't say it was faster vs hosts. He said hosts was faster. Read it again. What he did say - which is relevant, and which you're ignoring - is that your LIST of hosts is reactive. For the last two years it did not block that domain. You're still not going to address that point, obviously - but here's another post pointing out that you did NOT answer the question.
See subject & learn to READ https://it.slashdot.org/commen... I noted you need a ROOTED droid!
*...& if you can't handle a rooted droid YOU know ZERO about it (how to keep it safe).
APK
P.S.=> Thanks for being MY fool & making ME look GOOD (yourself, by way of comparison after shooting off your piehole & EATING YOUR WORDS? Well... lol, "not so good")... apk
Is the fact that people do this kind of really clever shit for more or less ordinary income, is it proof that the economy is in some way broken?
The economy undoubtedly is broken in many ways, but I think exploits like this are less about the economy and more about programmers getting bored and wanting to show off how clever they are; and if they can also make some money doing it, so much the better.
I don't care if it's 90,000 hectares. That lake was not my doing.
What I like is Bleeping Computer is finally calling the folks who do this stuff the right name - "crooks." The bottom line is all this attack does is take advantage of well-published vulnerabilities in proprietary software. Suggesting the answer is adblockers is like suggesting that someone driving around in a Ford Pinto with no brakes or seatbelts should buy the "Ford add-on airbag." The mistake is not their failure to purchase or implement something additional. It is in buying a load of chicken poop thinking it is chicken salad.
Hosts work vs. this & I checked my hosts file: It had the entries involved in it already (from 1 of my sources, not sure which, I use 15 in total). ESET is far from the ONLY guys out there checking this stuff is why.
How long they've been there? Not sure, but they were there already! THAT I can't answer with accuracy as I've built up this hosts file since 1997!
* I was HOPING you'd fall into this trap, pushing it, & you have (lol).
APK
P.S.=> All the unjustifiable abused downmods on my posts prove that most of all. Keep blowing those downmodpoints. You're showing how WEAK you are having to try "hide" where I blow you away. I'll run you dry of them as always when you post by unidentifiable ac posts... apk
See subject: Hosts don't work vs. less used in malware BY FAR ip addresses but firewalls do https://www.google.com/?gws_rd... & ANDROID HAS FIREWALLS (ones that work rooted or not)!
You're in over your head, boy - you lose again, lol! Quitting while you're already behind is NOT the same as quitting putting MORE EGG ON YOUR FACE & EATING YOUR WORDS you know (lol).
* You REALLY don't know how to handle your droid, do you? Obviously not (despite your big mouth).
APK
P.S.=> Keep failing - you're only making ME look GOOD & youselves by comparison? Well - "not so good"... apk
Microsoft's Virtual PC gave us "B" before they abandoned the whole idea in favor of Hyper-V. As for "C" people already intentionally lose date through things like FF's "incognito" mode. The stuff they want to keep usually ends up in the cloud anyway where stronger security measures can be applied.
Shai Schticks:"You don't make peace with friends, you make peace with enemies"
Actually you don't need to transcode. All you need to do is replace the least significant color bits and the transparency bits with random data.
See subject: Windows DACL & WFP/SFP do the job for some of its security model vs. filesystem attacks (but hosts stop that from occurring as they do here by not letting you TOUCH the threat - what you can't touch, can't hurt you).
* You can also "security harden" Windows FAR beyond the norms (e.g. using EMET http://www.theregister.co.uk/2... as well as security guides I wrote from 1997-2007 that even got me PAID https://www.google.com/?gws_rd... using the EASY TO USE CIS Tool (highly esteemed & I've had 'fixes' to it from me they accepted too)).
APK
P.S.=> I'd really like you to specify here... apk
Addons can't do (or as well) 16 things hosts do 4 speed, security & reliability:
1.) Protect vs. bad sites (past ads)
2.) Protect vs. fastflux C&C
3.) Protect vs. dynamic dns C&C
4.) Protect vs. DGA C&C
5.) Protect vs. downed DNS (reliability)
6.) Protect vs. DNS redirect poisoned/downed dns
7.) Protect vs. trackers
8.) Protect vs. spam payload
9.) Protect vs. phish payload
10.) Protect vs. caps
11.) Get past dns blocks
12.) Keep off dns requestlogs
13.) Speed up 2 ways (adblocks & hardcodes)
14.) Work on things webbound multiplatform.
15.) Ez data edit
16.) Block ads more efficiently (cpu/ram/I-O)
17.) UBlock now uses hosts (no DNS benefits vs. dns issues) - poor imitation = "sincerest form of flattery"
APK
P.S.=> They do less & less efficiently:
AB+ 151mb http://cdn.ghacks.net/wp-conte...
UBlock 64MB http://cdn.ghacks.net/wp-conte...
(hosts ~ 6mb)
ClarityRay defeats em
Ab+'s bribed not to work http://www.businessinsider.com...
They're SLOWER: http://superuser.com/questions...
his hosts program is actually pretty good by xenotransplant
his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg
I've never tried to belittle (APK's) work, I've flat out said it's good by BronsCon
take a look at the APK hosts file engine by SuperKendall
APK is kinda right. I've tried his hosts file generating software. It works by bmo
APK is totally right on this count. Adblock Plus on Firefox mobile is a dog on older, or lower end, phones. A hostfile based adblocker makes for a much better experience by chihowa
I like your host file system by Karmashock
I find your hosts file admirable by vel-ex-tech
* My code's liked/used + recommended & hosted by Malwarebytes' hpHosts - Argue w/ those quoted /.'ers above.
APK
P.S.=> See subject & those quoted /.'ers + a highly esteemed software producer's folks too - want more of them? Ask... apk
See subject: He asked if every version was verified & it is. Your unidentifiable ac posts & unjustifiable abused downmods show "what's what" here, lol - you failed. Badly.
* :)
APK
P.S.=> Keep coming boys, I'll blow you out of your unjustifiable downmods till you run dry of them + blow you away on the technicals too as always (worst part is, I actually do something that works vs. this threat & FAR more, doing FAR more for FAR less using what you have natively vs. illogically "Bolting on 'MoAr'" like you "ne'er-do-wells" do & being one of those? Clue - it's NO WAY to spend your lives leeching off the work of others + no way to learn more about the art & science of computing bettering yourselves (opensores, lol - I do better in this program alone))... apk
They can't do (or do as well) 16 things hosts do 4 speed, security & reliability:
1.) Protect vs. bad sites (past ads)
2.) Protect vs. fastflux C&C
3.) Protect vs. dynamic dns C&C
4.) Protect vs. DGA C&C
5.) Protect vs. downed DNS (reliability)
6.) Protect vs. DNS redirect poisoned/downed dns
7.) Protect vs. trackers
8.) Protect vs. spam payload
9.) Protect vs. phish payload
10.) Protect vs. caps
11.) Get past dns blocks
12.) Keep off dns requestlogs
13.) Speed up 2 ways (adblocks & hardcodes)
14.) Work on things webbound multiplatform.
15.) Ez data edit
16.) Block ads more efficiently (cpu/ram/I-O)
17.) UBlock now uses hosts (no DNS benefits vs. dns issues) - poor imitation = "sincerest form of flattery"
APK
P.S.=> They do less & less efficiently:
AB+ 151mb http://cdn.ghacks.net/wp-conte...
UBlock 64MB http://cdn.ghacks.net/wp-conte...
(hosts ~ 6mb)
ClarityRay defeats em
Ab+'s bribed not to work http://www.businessinsider.com...
They're SLOWER: http://superuser.com/questions...
PS: Does Google ads filter the malicious JS code?
Doubtful. the code was only the key and transform function, the payload was the transparency data of the image its self.
I'm sure they're going to start blocking it now, but there is no way they would have caught this in a normal screening.
whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
See subject & APK Hosts File Engine 9.0++ SR-4 32/64-bit https://www.google.com/search?...
Ads rob speed, security (malvertising) & privacy (tracking).
Hosts add speed (hardcodes/adblocks), security (bad sites/poisoned dns), reliability (dns down), & anonymity (dns requestlogs/trackers) natively.
Works vs. caps & PUSH ads.
Avg. page = big as Doom http://www.theregister.co.uk/2... & ads = 40% of it.
Hosts != ClarityRay blockable (vs. souled-out to admen inferior wasteful redundant slow usermode addons)
Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus (slows you) + less security issues/complexity.
Compliments firewalls (blocking less used IP addys vs. hosts blocking more used domains) & DNS (lightens dns load).
Gets data via 10 security sites.
APK
P.S. - Safe https://www.virustotal.com/en/... (Verified by Malwarebytes' S. Burn "seen the code & it's safe" http://forum.hosts-file.net/vi... )
They're just bypassing Ad network checks, anybody that has ever played around with image editing sofware knows that you can just write stuff to the alpha channel
Bullshit. Cy-Kill is the leader of the Renegade Go-Bots, not Cop-Tur.
Reasons WHY Cy-Kill is the leader and also better:
1.) He is stronger
2.) He is more eviler
3.) Transformed into a motorcycle
4.) Is coloured red, white, yellow and blue
5.) Isn't a big dummy like Cop-Tur
6.) Was once best friends "with" Leader-1 who is also a leader
(That's why you are a fat "doo-doo" head; you aren't a "real" Go-Bot "fan"
BQL
P.S.=> Cy-Kill beat up more Go-Bots both Guardians "and" Renegades & recommended by Doctor "Braxis"...bql
Actually people are at their most clever when creating schemes to to money out of others. Even "legitimate" advertising is of course designed for this purpose.
See subject & APK Hosts File Engine 9.0++ SR-4 32/64-bit https://www.google.com/search?...
Ads rob speed, security (malvertising) & privacy (tracking).
Hosts add speed (hardcodes/adblocks), security (bad sites/poisoned dns), reliability (dns down), & anonymity (dns requestlogs/trackers) natively.
Works vs. caps & PUSH ads.
Avg. page = big as Doom http://www.theregister.co.uk/2... & ads = 40% of it.
Hosts != ClarityRay blockable (vs. souled-out to admen inferior wasteful redundant slow usermode addons)
Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus (slows you) + less security issues/complexity.
Compliments firewalls (blocking less used IP addys vs. hosts blocking more used domains) & DNS (lightens dns load).
Gets data via 10 security sites.
APK
P.S. - Safe https://www.virustotal.com/en/... (Verified by Malwarebytes' S. Burn "seen the code & it's safe" http://forum.hosts-file.net/vi... )
See subject: A list of specific hosts from ESET's research to enter into your custom hosts file to protect vs. Stegano:
0.0.0.0 browser-defence.com
0.0.0.0 broxu.com
0.0.0.0 conce.republicoftaste.com
0.0.0.0 compe.quincephotographyvideo.com
0.0.0.0 ntion.atheist-tees.com
0.0.0.0 entat.usedmachinetools.co
0.0.0.0 connt.modusinrebus.net
0.0.0.0 ainab.photographyquincemiami.com
0.0.0.0 rated.republicoftaste.com
0.0.0.0 rence.backstageteeshirts.com
0.0.0.0 republicoftaste.com
0.0.0.0 quincephotographyvideo.com
0.0.0.0 atheist-tees.com
0.0.0.0 usedmachinetools.co
0.0.0.0 modusinrebus.net
0.0.0.0 photographyquincemiami.com
0.0.0.0 backstageteeshirts.com
FROM http://www.welivesecurity.com/...
APK
P.S.=> All I can say to ESET is "Good job guys, & Thank you - keep up the good work!"... apk
My guess is that most of these scams bring in revenue in the 1000's or tens of 1000's so certainly well below the "griping about the lack of space for their megayacht next season at Monaco". But remember that in some parts of the world, coding is cheap and what we might think of as a low income wage goes a long way.
I don't think the existence of criminals - even, of clever criminals - is in itself evidence of anything much about the state of the economy. Thieves have always been with us, some smarter than others.
There is perhaps something to be deduced about the sheer size of the scamming ecosystem, if it's developing a new niche for very-high-end-but-still-mundane (in the sense of, for-profit, rather than for-secrets or for-political-ends) exploits.
I support APK's stand on the hosts file by Trax3001BBS
Your premise that hostfiles are a good way to deal with advertising and malvertising is quite valid by JazzLad
No complaints from me, I like APK... Reminds me to use a host file. Also, his stuff is free by aaaaaaargh!
APK's monolithic hosts file is looking pretty good by Culture20
APK... Awesome to see he's still spreading the good word by Molochi
ABP is insufficient as a solid hosts file does everything that APK reminds us about by fast turtle
APK isn't wrong by cfalcon
APK, I know people give you a lot of shit regarding hosts, but please don't ever stop by nasredin
You need APK's hosts file by Teun
APK solution STILL relevant by Thud457
you're right about hosts files by drinkypoo
APK
P.S.=> They're in addition to https://it.slashdot.org/commen... in the post you replied to - For TROLLS like you that don't have anything like my program to YOUR name/credit... apk
Virtual PC gave us "B"
I don't recall that being significantly easier to setup than say VMWare Player. Perhaps a bit better but you still had to do things like install your guest OS, configure hardware devices and so on. Definitely not simple enough to be considered invisible to the user.
XP Mode was getting closer from that aspect.. if running Word or IE just magically loaded into a sandbox then we'd be getting closer to what I'm referring to, though that's got all of its own challenges as noted.
people already intentionally lose date through things like FF's "incognito" mode
Some people do. For some specific tasks that they want to hide from their families/coworkers/etc. A quick search suggests that its perhaps more people than I would have thought, though the stats I found didn't break down how much normal browsing the incognito users also did.
That said, browsing cookies and cache and history is a far cry different from say, Word documents. Sure cloud storage is a thing now and that's great (well.. as long as you don't care about MS or Google or whoever having access to your documents.) But it doesn't cover everything, introduces a bandwidth cost and generally tends to be less convenient in its own right with the exception of a few specifically designed cloud-based apps like Google Docs.
I'm not saying it can't be done or shouldn't be attempted.. just that its not really anywhere close at the moment. People value convenience over the chance of getting hacked (which is still relatively low for any specific individual -- a huge botnet with 10 million nodes is still a fraction of all the billions of computers on the planet.) Its high enough that we'll probably all know someone who loses a bunch of shit to a virus or whatever at some point, but not really so high that its worth spending huge amounts of additional time and energy doing computer gymnastics -- especially for those who aren't so good with computers and technology at the best of times.
"Thru the mystic arts we harness energy & shape reality - We travel great distances in an instant" https://www.youtube.com/watch?feature=player_detailpage&v=HSzx-zryEgM#t=20/
"The Avengers protect the world from physical dangers - we safeguard it against more mystical threats" https://www.youtube.com/watch?feature=player_detailpage&v=kNdM7b1Lm04#t=31/
* Making it FASTER + SAFER vs. using remote DNS or browser addons for more security, speed, reliability & anonymity via what you have natively vs. illogically "Bolting on 'MoAr'" that uses more & DOES LESS!
APK
P.S.=> "How do I get from here to there?" https://www.youtube.com/watch?feature=player_detailpage&v=kNdM7b1Lm04#t=107/
ANSWER APK Hosts File Engine 9.0++ SR-4 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/... apk
You're a pot calling a kettle black hypocrite doing worse by unidentifiable anonymous posts!
APK
P.S.=> QUESTION: HOW MANY TIMES have I torn you apart for attacking me 1st?
Now you "hide" behind unidentifiable anonymous posts (bad enough behind your "registered 'luser'" FAKE NAMES for your FAKE LIVES, lol) logging out of your account, blowing the cookie away, harassing/stalking me by unidentifiable ac posts then logging back in after I reply to blow all your modpoints downmodding me unjustifiably OR using sockpuppets to do so (which I exhaust you of anyhow in the end everytime)?
Yet NEVER PROVING MY POINTS VALIDLY TECHNICALLY WRONG ??
Most of you are webmasters & advertisers (hosts take your "$" rightfully for your kind infecting us + slowing us up stealing OUR bandwidth - it's why you do it!)
You start it, I finish it & YOU w/ it (along w/ the "downmoderation system" that's easily cheated)... apk
See subject: I am as "up front" as is possible vs. trolls around here & how they operate behind fake names (like you) + sockpuppets to cheat the "downmoderation system" with.
* This is the WHY of why I post ac (but I identify myself) - you can't track me (but I surely can you, lol - & QUITE often your past disarms you via your post histories).
Imo, you have to be STUPID to be THAT TRACKABLE as well as slowed up by javascript & cookie chains (mod points? Not worth it - as you can see I exhaust all the fake name for fake life moderation system cheaters here of them... lol, much like the film "Dr. Strange" when he puts Dormammu in a 'timetrap'... only a matter of time & YOUR KIND'S ALL OUT OF BULLETS!)
Bullets that don't matter - folks mostly browse here below the stupid easily cheated so-called 'downmoderation system' 0 threshold default & see my posts anyhow!
APK
P.S.=> Why do you *think* dozens of users here & many 1,000's worldwide use my program? They see you can't prove me validly technically wrong - & IF you think you're fooling anyone WHY you do it? I've caught more than my share of both webmasters & advertisers doing it to me via sockpuppets, logout/burn cookie/troll me by ac/login & downmod me SO MANY TIMES it's not even funny anymore... your kind's FAVORITE COLOR is transparent (I see right thru you & defeat you both technically + the bogus moderation system too, easily - you're webchumps, not true coders is why)... apk
My program places the sites you spend most time @ (you can determine those yourself) top of hosts (for fastest seek during file open/read/close cycles once cached in RAM by the local diskcaching subsystem, as I turn off the faulty with large hosts files USERMODE SLOWER dnscache service, keeping the ENTIRE process of resolution in kernelmode with tcpip.sys, the resolver itself that uses hosts). I spend a GOOD 95++% of my time @ them (like here on /. as one of them).
* THIS USE OF HOSTS ALMOST COMPLETELY AVOIDS DNS TOTALLY and IT RESOLVES FAR FASTER THAN CALLING OUT TO REMOTE DNS & IS SAFER (due to what you said).
APK
P.S.=> For the sub 4% of the time I hit DNS? I use OpenDNS (it's proofed vs. the Kaminsky redirect DNS security issue) & filters vs. threats - this IS as safe as it gets (& use of hosts the way I do it via my program is fastest also)... apk
Hosts shut off attacks (w/ firewalls) as I noted https://it.slashdot.org/commen... here https://it.slashdot.org/commen... & not using scripts/active x etc. (web based threat vectors) does rest.
As far as older OS? Think about what I said above. It works.
See those guides of mine & they're LOADED with things like that (simple preventative measures, like cutting off vulnerable services for instance - as I do w/ hosts hardcodes in the 1st link above vs. the slower usermode faulty w/ large hosts dnscache & why - AND getting back speed via saving cpu cycles/ram/other i-o expended needlessly quite often on them for example).
APK
P.S.=> Using OS other than 7 boggles my mind - oh, you may bring up some things 8-10 (spies on you) have, but they're "security theater" & circumventable (ASLR for instance? ROP gadgets can fish around & determine call location easily enough in a SHORT time, in ~ 4-8 lines of assembly code)... apk
See subject: Find me an exploit (remote preferably on a vulnerable service for example, assuming I need to even use it, many I don't cutting them off for speed/saving cpu-ram & other I/O they use) in Windows 2000/XP/7 & we'll see if I can cut it off or avoid it (I'd wager I can easily despite your claim) - this will be a fun exercise imo.
* Consider it a challenge to you...
APK
P.S.=> We'll see "what's-what" on your claim... apk
See subject & "EFast" (they took Chrome's "OpenSORES" & f'd it up to serve ads + malware etc.) https://blog.avast.com/2015/10/21/fake-chrome-browser-replaces-real-thing-and-serves-up-unwanted-ads/
* Do you THINK I'm as stupid as that (& you "opensores" fools + Google on that account)?
No way...
(Why do you think the next smartphone OS from Google's NOT gonna be open source? THIS is WHY!)
LASTLY I see you TRIED TO "DOWNMOD HIDE" THIS EVIDENCE LAST TIME I POSTED IT https://it.slashdot.org/comments.pl?sid=9963399&cid=53444003/ LOL!
("Gosh, I wonder why?" - NOT - it shuts your "OpenSORES" bullshit down easily IS why!)
APK
P.S.=> Stop using your "OpenSORES" bullshit on me - you can see the results of what happens IF/WHEN you do what you stupidly suggest, idiot (plus I don't just give away my work so some other FOOL can 'call it his' either (which is PRETTY MUCH what you fake coders do in 'opensores'))... apk
See subject: Is proof to kaminsky redirect (99% of ISP dns' aren't) & 95++% of the time I avoid dns! It's why I use news aggregators (I don't use script either) - I am safe here, I get the info. I need & I never have to use the source site.
IF somehow OpenDNS were exploited? I rarely use them sub 4% of time online & I don't use scripts/flash so HOW WOULD THEY ADVERSELY AFFECT ME? Answer = they can't. Period.
Plus I go faster using hosts resolving LOCALLY IN SYSTEM RAM vs. calling out to a remote DNS (& I save cpu cycles/RAM/ & other I-O used on the SLOWER USERMODE dnscache service vs. doing it as I do keeping it in PURE KERNELMODE operation between the kernelmode diskcache & tcpip.sys the resolver loading hosts up off a ramdrive too (fastest possible access for file open/read/close cycle)... triple bonus!)
APK
P.S.=> That's ALL in my security guides & more (patching & using tools like CIS Tool + EMET does the rest)... apk
See subject: That's all I am asking you do, provide example(s) & we'll see if what I do can make it a moot point... go for it, or sink your head in shame.
APK
P.S.=> You've already BLOWN IT here -> https://it.slashdot.org/comments.pl?sid=9963399&cid=53446129/ ... apk
See subject: You failed here earlier (firewalls w/ hosts do the job rooted (or not in firewall's case)) https://it.slashdot.org/comments.pl?sid=9963399&cid=53440153/ & you're running now...
* Between CIS Tool, EMET, & what's in my security guides? The ONLY way into a machine is one NOBODY can stop - "user stupid" (or rather, ignorant & uncaring).
(Simply by cutting off avenues of ingress (since local exploits say via malware CAN become remote ones so you don't let them in IN the 1st place OR stop using vulnerable mechanisms (script/flash/activeX & unpatched programs etc. - et al)).
APK
P.S.=> I've been THRU this type of thing ages ago combatting bs easily - it always ends up like this, ala "Logan's Run" (RUN, runner) or "Run, Forrest - RUN!!!", lol... apk
See subject: Use any existing known one! I never said to come up with a brand new one!
APK
P.S.=> It's a very weak attempt @ evasion on your part to avoid a simple challenge I put to you as a decent experiment to help prove my points further (I've done this before elsewhere though & came out on top, so you MAY be correct I am being 'unfair' here on THAT account @ least)... apk
Those are some mighty flimsy excuses considering nobody even knows about your hosts batch file.
his hosts program is actually pretty good by xenotransplant
his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg
I've never tried to belittle (APK's) work, I've flat out said it's good by BronsCon
take a look at the APK hosts file engine by SuperKendall
APK is kinda right. I've tried his hosts file generating software. It works by bmo
APK is totally right on this count. Adblock Plus on Firefox mobile is a dog on older, or lower end, phones. A hostfile based adblocker makes for a much better experience by chihowa
I like your host file system by Karmashock
I find your hosts file admirable by vel-ex-tech
* My code's liked/used + recommended & hosted by Malwarebytes' hpHosts - Argue w/ those folks above.
APK
P.S.=> See subject & those quoted /.'ers - want more? apk
I support APK's stand on the hosts file by Trax3001BBS
Your premise that hostfiles are a good way to deal with advertising and malvertising is quite valid by JazzLad
No complaints from me, I like APK... Reminds me to use a host file. Also, his stuff is free by aaaaaaargh!
APK's monolithic hosts file is looking pretty good by Culture20
APK... Awesome to see he's still spreading the good word by Molochi
ABP is insufficient as a solid hosts file does everything that APK reminds us about by fast turtle
APK isn't wrong by cfalcon
APK, I know people give you a lot of shit regarding hosts, but please don't ever stop by nasredin
You need APK's hosts file by Teun
APK solution STILL relevant by Thud457
you're right about hosts files by drinkypoo
APK
P.S.=> Those are in addition to https://it.slashdot.org/comments.pl?sid=9963399&cid=53509617/ many more earlier so "EAT YOUR WORDS" unidentifiable trolling "ne'er-do-well" nobody... apk