Malvertising Campaign Infects Your Router Instead of Your Browser (bleepingcomputer.com)

Linux router by ls671 · 2016-12-14 12:51 · Score: 2

Just configure a Linux router and be done with this non-sense (flashing your router, etc.). That's what I have been doing since 1995.

--
Everything I write is lies, read between the lines.

Re: Linux router by ArmoredDragon · 2016-12-14 12:55 · Score: 5, Interesting

Better yet, I'd just say that it's your duty to use an ad blocker, mich like it was to use antivirus software in the past.
Re:Linux router by Anonymous Coward · 2016-12-14 13:17 · Score: 1

I use a Pentium space heater from 1995 as my router, because I love the soothing roar of fan noise, and Linux saves me so much money on the heating bill.
Re: Linux router by Anonymous Coward · 2016-12-14 13:53 · Score: 0

The problem isn't ads, it's scripts.
Re: Linux router by starless · 2016-12-14 14:17 · Score: 2

Better yet, I'd just say that it's your duty to use an ad blocker, mich like it was to use antivirus software in the past.
The trouble is that more and more sites are now not allowing you to access them without turning off your ad-blocker.
So far I've been avoiding those sites, but if the trend continues I might have to do so for at least some sites...
Re: Linux router by KiloByte · 2016-12-14 17:54 · Score: 3, Insightful

Yes, ads are malware. They waste your time, attention, bandwidth and battery time, and run hostile third-party code on your machine.
Let's take a look at Wikipedia take at it:

Malware, short for malicious software, is any software used to disrupt computer or mobile operations, gather sensitive information, gain access to private computer systems, or display unwanted advertising.
Check, check, check and check.

--
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
Re:Linux router by unixisc · 2016-12-14 18:00 · Score: 1

I was using a Belkin router w/ my PC-BSD laptop, and I'd occasionally get under Chromium an ad where a voice announcement would start and there was no way I could even close the browser - it just seemed to lock it. My only escape was to log out and back in. I ultimately changed the router for a Netgear and escaped the problem.
I wish I could know how to trouble shoot it so that the router could be fixed.
Re:Linux router by antdude · 2016-12-14 20:54 · Score: 1

How easy is it compared to a real router? Running computers as a router takes too much power, makes too much heat and noises, etc. :(

--
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
Re: Linux router by ArsenneLupin · 2016-12-14 21:22 · Score: 1

The trouble is that more and more sites are now not allowing you to access them without turning off your ad-blocker.
Indeed, there is the German tabloid "Bild Zeitung" which does this (no big loss...). Which other site does this?
And, if you are so inclined, Bild's block is easy to subvert: just do View->PageStyle->NoStyle. Yeah, "No Style", quite fitting for that rag.
Re: Linux router by AmiMoJo · 2016-12-14 23:30 · Score: 2

Some banks require you to use anti-virus software. If you don't and your money is stolen, they will try to blame you and not pay out.
I'm just waiting for the first bank to start asking customers if they run an ad-blocker and then claiming the lack of one is poor security and shifts the liability on to the account holder.

--
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Re: Linux router by Anonymous Coward · 2016-12-15 01:39 · Score: 0

Define antivirus software. Matching virus signatures? Do immune sw count, such as using linux?
Re: Linux router by amias · 2016-12-15 02:55 · Score: 1

banks trying to make their policies seem like law to customers is nothing new

--
[site]
Re: Linux router by starless · 2016-12-15 03:27 · Score: 1

Indeed, there is the German tabloid "Bild Zeitung" which does this (no big loss...). Which other site does this?
Forbes and Wired are the ones I notice the most.
Re:Linux router by pnutjam · 2016-12-15 03:34 · Score: 1

You can pick up microtik router for under $40, their routerOS is not open source, but it's very powerful. They also support wireless better then bsd or linux and many of their low cost routers have wireless.

--
Cheap storage VM.
Re: Linux router by ArsenneLupin · 2016-12-15 04:29 · Score: 1

No problem with Wired here.
For Forbes however, you're right. Interesting to see that they've sunk down to the level of Bildzeitung...
Re:Linux router by mlts · 2016-12-15 04:31 · Score: 1

I personally prefer PFSense with 2FA. Bonus points if the config page is on its own segment so most machines can't access it.
Done right, it is extremely hard for malware to get access to the configuration, much less trash it.
Re: Linux router by Cramer · 2016-12-15 11:21 · Score: 1

That's a game of whack-a-mole. It only takes a few minutes to break their anti-adblocker bullshit. At the end of the day, it's my browser; I control what it does or does not do. Pornhub started randomizing ids, which you'd think would kill adbolckers, but they've done it so wrong, it's only two mouse clicks to defeat. cpu-world, despite their (impressive) highly complicated, multi-thousand line crap, is defeated by a single rule.

it's always JavaScript by turkeydance · 2016-12-14 12:54 · Score: 4, Insightful

well, it seems that way.

That's why I encrypted the firmware in my router by jfdavis668 · 2016-12-14 12:55 · Score: 4, Funny

Of course, it doesn't work any more, but now I am safe.

Netgear by 110010001000 · 2016-12-14 13:01 · Score: 2

This fits in nicely with the recent attack that works on Netgear routers where you can execute a cgi-bin script as root without authorization. http://lifehacker.com/psa-seve...

Seriously. What the fuck? Cgi-bin exploits in 2016?

Re:Netgear by ls671 · 2016-12-14 13:26 · Score: 1

yep, along with shellshock in 2014...
https://en.wikipedia.org/wiki/...

--
Everything I write is lies, read between the lines.
Re:Netgear by DigitAl56K · 2016-12-14 14:54 · Score: 1

Most home routers have similar exploits (executing commands via a web interface while not authenticated), either currently or recently. While I can't defend Netgear in this instance, we also shouldn't falsely make people believe they are the worst of the bunch (IMO DLink is in the running for that honor).
For anyone affected, Netgear has a beta FW update on their support site today. You need to manually upload it to your router via the web console.

More router fun by Anonymous Coward · 2016-12-14 13:09 · Score: 1

If this link or this link reboots your router, you should probably also seek new firmware (or better firmware like dd-wrt/openwrt/tomato). It would be fun to embed those as invisible images on Google for a day...

Re:More router fun by Anonymous Coward · 2016-12-14 20:13 · Score: 1

Jokes on you, my router's ip address is 127.0.0.1. Links won't wor%^&()!@@# __CARRIER LOST

Ads and eyeballs by JaredOfEuropa · 2016-12-14 13:11 · Score: 4, Insightful

Everybody hates ads, but in the end, it is ads that drove the value of companies like Google and Facebook to ridiculous heights (in fact it drove the last Internet bubble), and is now encouraging criminals to go to ridiculous lengths to serve us their ads instead of legitimate ones. What is wrong with this world?

--
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...

Re:Ads and eyeballs by Anonymous Coward · 2016-12-14 14:45 · Score: 2, Insightful

What is wrong with this world?
Nobody in the west is executing criminals.
captcha: contempt
Re:Ads and eyeballs by Anonymous Coward · 2016-12-14 20:04 · Score: 0

Execution has never been a successful deterrant to crime.
It's the unavoidability of punishment, whatever the punishment might be, that has the (slim) possibility of being a deterrant, and not the severity of the punishment.
Re:Ads and eyeballs by Anonymous Coward · 2016-12-14 22:01 · Score: 0

You know, I hear that alot, but sometimes I wonder if it's not just because we've never tried enough of it.
Re:Ads and eyeballs by GuB-42 · 2016-12-14 22:08 · Score: 1

Nobody in the west is executing criminals.
Unlike browsers, which execute criminal scripts.
Re:Ads and eyeballs by JaredOfEuropa · 2016-12-14 23:25 · Score: 1

I suspect ad agencies make shit ads on purpose because they work. And publishers aren't going to reject them because they need the income.

The best ads I've ever seen were from an insurance company, they were well made and really funny. Everybody loved them, and talked about them at the water cooler. "Did you see that ad?", yes of course, but if you asked people to name the insurance company, turns out they forgot.

In contrast, one of the worst ads was from a supermarket. It had a guy literally shout out the bargains: "THIS WEEK AT EDAH, CHOCOLATE DONUTS FROM €3.99 FOR €1.99". Everybody hated those ads: "Not this again, damnit, too loud, why do they even do that, they are the worst... though, €1.99 is a pretty good deal".

--
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
Re:Ads and eyeballs by Anonymous Coward · 2016-12-15 00:33 · Score: 0

It sure cuts down on repeat offences, though.

Ad servers at fault? by Michael+Woodhams · 2016-12-14 13:11 · Score: 4, Interesting

If you are a web advertising company, why should you ever allow advertising clients to include arbitrary Javascript in their ads? Could you not provide a Javascript library of your own to do the legitimate things ad Javascript might do, and only allow advertising clients to use simple calls into your library?

I'm not knowledgeable about Javascript or web advertising - these are genuine questions, not rhetorical ones.

--
Quattuor res in hoc mundo sanctae sunt: libri, liberi, libertas et liberalitas.

Re:Ad servers at fault? by guruevi · 2016-12-14 13:22 · Score: 2

Then how would you do things like tracking your users or serving them exploits or show them ads that pop up/under or cover the entire screen?
If ads can't be annoying they would have less value.

--
Custom electronics and digital signage for your business: www.evcircuits.com
Re:Ad servers at fault? by Yvan256 · 2016-12-14 13:38 · Score: 5, Interesting

The real question is, why do ads require fucking javascript in the first place? Limit ads to static images (JPEG, PNG) and we'll be done with all this nonsense.
Re:Ad servers at fault? by Solandri · 2016-12-14 13:55 · Score: 5, Interesting

That's what I'd like - an ad blocker which lets static images through but blocks any scripting or flash or other weirdness. That way instead of websites having to beg me to turn off my ad blocker, I can just tell them to find an advertiser who only serves static ads. And hopefully that would exert some pressure on the industry to abandon scripted ads in favor of static ads.

While we're at it, I'd also like a law making the ad farm serving the ads legally liable for any damages a malicious ad does. They're the ones in the best position to vet the ads before they're unleashed onto users' browsers. The lack of liability has resulted in them not giving a damn about security, and just accepting anything handed over by anyone wishing to "advertise" and adding it to their ad rotation. If they were liable, we'd probably see them morph into a self-service website where you (1) upload the JPG/GIF you wish displayed as an ad, (2) pick which tracking service you wish to use, and (3) enter the account and ad ID that the tracking service should send the ad impression info to. Don't give "advertisers" the opportunity to script their own ads, make it a cookie cutter form so there's no way to insert anything malicious.
Re:Ad servers at fault? by Anonymous Coward · 2016-12-14 14:54 · Score: 0

Static images can still be used to track you using the browser cache and steganography.
Furthermore, ads are a common source of misinformation, especially on health-related subjects, and they can lead to people buying things they don't need.
It's best to just block all ads and advice your friends to do the same.
Re:Ad servers at fault? by Big+Hairy+Ian · 2016-12-15 01:36 · Score: 1

Static images can also be used to deliver exploits too

--
Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.

WebRTC by Motherfucking+Shit · 2016-12-14 13:14 · Score: 5, Informative

which use a WebRTC request to a Mozilla STUN server to determine the user's local IP address

Yay, more garbage Web 3.0 anti-features! In Firefox, go to about:config and set these preferences:

media.peerconnection.enabled = false
media.peerconnection.video.enabled = false
media.peerconnection.turn.disable = true
media.peerconnection.use_document_iceservers = false

--
"BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.

Re:WebRTC by guruevi · 2016-12-14 13:25 · Score: 1

I don't have a problem with features like WebRTC, there is a problem with browsers just allowing it to do things without asking. If you got a message saying, hey this site is trying to make a phone call. Or simply block all code that doesn't originate from the website you're trying to visit.

--
Custom electronics and digital signage for your business: www.evcircuits.com
Re:WebRTC by raind · 2016-12-14 14:06 · Score: 1

Using latest FF update 50.1.0 last two were not listed in about:config - thanks though...

--
Get up!
Re:WebRTC by jmv · 2016-12-14 15:27 · Score: 1

Except that WebRTC is very useful, and (at least in principle) much more secure than most proprietary conferencing services. For example, it has (and mandates) end-to-end encryption, with perfect forward secrecy.
(disclaimer: I work for Mozilla)

--
Opus: the Swiss army knife of audio codec
Re:WebRTC by Anonymous Coward · 2016-12-14 17:50 · Score: 0

Well that's horseshit, I'm using 50.1.0 right now and all 4 are there.
Re:WebRTC by caseih · 2016-12-14 18:09 · Score: 3, Insightful

Well tell the devs to ensure that anytime a web site initiates any kind of WebRTC traffic, the user is asked to okay this (with an option to remember). Make the message clear and easy to understand. Something like, "This web site is trying to initiate a internet telephone or internet video chat connection with another computer. Is this something you asked the web page to do?" Or how about letting the user opt into some kind of safe-webRTC list that tracks known "bad" webrtc connection attempts reported by users.
But maybe we should just stop trying to make a web browser do everything and be its own OS. If an app wants to embed a browser engine as it's primary UI and use WebRTC, that's fine, since we can sandbox it on a per-app basis.
Re:WebRTC by Anonymous Coward · 2016-12-14 21:57 · Score: 1

FF addon uBlock Origin offer a setting to: Prevent WebRTC from leaking local IP addresses. Default setting is off.
Re:WebRTC by jmv · 2016-12-15 02:24 · Score: 1

Well tell the devs to ensure that anytime a web site initiates any kind of WebRTC traffic, the user is asked to okay this (with an option to remember).
This is exactly what's *already* supposed to happen. Otherwise any website could spy on anyone.

But maybe we should just stop trying to make a web browser do everything and be its own OS.
Browsers will keep doing more stuff because people want them to do more. The choice we have is between proprietary binary plugins or actual standards. I'd rather have html5 than flash.

--
Opus: the Swiss army knife of audio codec
Re:WebRTC by Anonymous Coward · 2016-12-15 16:42 · Score: 0

Except that WebRTC is very useful, and (at least in principle) much more secure than most proprietary conferencing services. For example, it has (and mandates) end-to-end encryption, with perfect forward secrecy.
(disclaimer: I work for Mozilla)
But were you paid in any way to say that? That is, were you paid a bonus for making this post, or equivalently, did you make this post while on Mozilla's time? Are you an official representative of Mozilla? You seem to have included a disclaimer while leaving out important bits of information.
Depending on the truthiness of those, I tend to extend a little benefit of doubt and think that as an insider, you would tend to know what you're talking about. Anything important to me is cross-referenced, of course.
My own disclaimer: Firefox (at least, on Linux) is my favorite browser, by far. Yet that's no reason to have a bias of my own.

Ubuntu linux router FTW! by Anonymous Coward · 2016-12-14 13:19 · Score: 0

-Iptables
-hostapd
-NAS w/ ZFS + Samba
-NX server 3.5 & SSH
-Tor proxy
-Squid proxy

The rest of you can enjoy this hell of careless IOT manufacturers dropping the ball every 5 minutes.

Re: Ubuntu linux router FTW! by Anonymous Coward · 2016-12-14 18:25 · Score: 0

Nas on your router. Somebody missed security 101.

What??? by Anonymous Coward · 2016-12-14 13:22 · Score: 0

"brands targeted by the attackers include Linksys, Netgear, D-Link, Comtrend, Pirelli..."

Because everyone's tires should also be wireless access points.

Yep, NoScript is my default defence by evanh · 2016-12-14 13:22 · Score: 2

Most sites I simply don't engage if they require any scripting at all.

Before NoScript existed I just left scripting disabled at all times. Now I also use additional selective blocking, ie: all third party scripts, for the few sites that I deem important (banking, Google Maps) to use scripts on.

Re:Yep, NoScript is my default defence by Anonymous Coward · 2016-12-14 15:33 · Score: 0

Immense pain in the arse, I started using NS in the early 00's, really tried to use it properly over 5-6 years. Now it just does ABE and blacklisting, default action is allow. Java and JS->Java interop is definitely disabled though.
Every new site requiring 20 cycles of selective allow->reload->still broken is too difficult, especially across 3-4 personal and work machines being used at various times in a single day.
Re:Yep, NoScript is my default defence by another_twilight · 2016-12-14 15:54 · Score: 1

Have a look at uMatrix. It has a very intuituve interface. It's not stopping the scripts, but rather allows you to block connections by type and domain. I find that this cuts down the amount of fiddling with NoScript/Scriptsafe that I used to do.

A trap for stupid people by fnj · 2016-12-14 13:26 · Score: 0

I don't get my DHCP and my DNS from my router because I'm not stupid. I have a Beaglebone Black running my DHCP and DNS. Let the dumb fucks try to hack that.

Re:A trap for stupid people by Anonymous Coward · 2016-12-14 13:51 · Score: 1

I get my DHCP and my DNS from dnsmasq in my router because I don't feel the need to have an necessary dongle waving around like an epeen to impress gay hipster idiots.

Summary is misleading by Anonymous Coward · 2016-12-14 14:26 · Score: 4, Informative

Because the attack is carried out via the user's browser, using strong router passwords or disabling the administration interface is not enough. The only way users can stay safe is if they update their router's firmware to the most recent versions, which most likely includes protection against the vulnerabilities used by this campaign.

Apparently anonymous reader didn't read the actual article, where it says:

The exploit packages contain vulnerabilities or list of hardcoded admin credentials that can allow the crooks to control the victim's local router.

Updating your firmware will not help with this. It is an issue of admin passwords being left at the default on 99.99% of routers. The admin password is used to change DNS settings on the router, which allows the attackers to redirect any traffic they want.

Re:Summary is misleading by mrbester · 2016-12-14 18:40 · Score: 1

Joke's on them then: I have a BT Home Hub 5. Can't change DNS settings on those babies.

--
"Wait. Something's happening. It's opening up! My God, it's full of apricots!"
Re:Summary is misleading by Anonymous Coward · 2016-12-15 11:47 · Score: 0

Actually it looks as though the router model is identified during the 'reconnaissance' phase of the exploit (see under 'figure 7' in the proofpoint article). If there is a *known* exploit then that is used. If there isn't then it tries to guess admin credentials.
so I guess it means if there is a known exploit for your router then your superawesome admin password might be useless. In which case - yes, updating your firmware probably will help.

Just goes to show by Anonymous Coward · 2016-12-14 14:28 · Score: 0

You should ALWAYS hard-code your DNS settings to Google's DNS servers: 8.8.8.8, 8.8.4.4

Re:Just goes to show by Anonymous Coward · 2016-12-14 17:12 · Score: 0

or if you have IPv6 you can use SprintLink DNS at 2600::1 and 2600::2

Browser addons via scripted detection, yes... apk by Anonymous Coward · 2016-12-14 14:38 · Score: 0

See subject: Hosts files no & hosts block communique w/ C&C's too + sources of infestation!

(... & more in added speed via adblocking + hardcoded fav. sites @ top of hosts cached in RAM (best how I do it by turning off windows' slower faulty w/ large hosts files slower usermode dnscache service & instead opting to use PURE kernelmode diskcaching subsystem from ramdrive + tcpip.sys (all kernelmode & more cpu serviced))).

* I list what domains to block (so IF you have this thing it can't talk back to C&Cs + what to block so you don't get it @ all) https://it.slashdot.org/comments.pl?sid=9995967&cid=53487497/ & on the BEST hosts file creation program bar-none (by "yours truly") https://it.slashdot.org/comments.pl?sid=9995967&cid=53487513/

Does all that & more (protects vs. threats like this & MANY others + more speed 2 ways I noted).

APK

P.S.=> Script detection of addons doesn't work vs. hosts + hosts = faster vs. addons... apk

Declare the ad networks malware.. by Anonymous Coward · 2016-12-14 15:12 · Score: 0

.. and nuke them from orbit.

Seriously - it's like advertising is the number one source of malware these days. And it slows down browsing to boot: most of the time, when a web page takes an age to load, it's because of the advertisements, not the page itself.

If we can go back to just plain images or text, that'd be acceptable, but I don't see advertisers doing that, so ... nuke them from orbit, it's the only way to be sure.

Hosts do the job faster & better: How? by Anonymous Coward · 2016-12-14 15:28 · Score: 0

See subject: Blocking javascript sources that sites running ads point to https://news.ycombinator.com/i... & hosts files run in more cpu serviced faster kernelmode vs. slower usermode that addons bloat even more w/ added RAM, cpu & messagepass bloat hosts files don't incur (as part of tcpip.sys in kernelmode).

* For the BEST hosts file bar-none courtesy of "yours truly" https://it.slashdot.org/comments.pl?sid=9995967&cid=53487513/

Does FAR more for FAR less than ANY other single "so-called 'solution'" out there that are full of security issues (locally installed DNS/antivirus) or addons (including NoScript) that are 'souled-out' to NOT do the single job they had http://www.businessinsider.com/google-microsoft-amazon-taboola-pay-adblock-plus-to-stop-blocking-their-ads-2015-2/ & hosts do so, for FAR less resources used yet doing far more & FASTER too!

APK

P.S.=> HOW hosts do it https://it.slashdot.org/comments.pl?sid=9995967&cid=53487497/ ... apk

Re:For more protection vs. threats like this? by Anonymous Coward · 2016-12-14 15:46 · Score: 1

Here we go, again.

A hosts file, alone, is insufficient to protect you, as you admit

P.S.=> I don't allow script in my browser

Few users, these days, are using machines to browse that are constrained by resources. Saving 100MB of RAM may have been noticeable in the 90s, but where RAM is measured in GBs, 100MB is a single digit percentage gain. It's simply not noticeable in most cases. Even more so with IO or CPU. Using a hosts file will use less resources than an ad-blocker, but that is irrelevant in most cases.

Blocking ads via a browser add-on that allows wild-cards allows blocking of domains based on format, rather than exhaustive listing. Add-ons update more frequently and require no user intervention. This cannot be overstated. Security that is automatic and easy will be used where security that might be better, but requires manual intervention will not (in the cast majority of cases).

That just leaves edge cases - hardening DNS, blocking resolution for non-browser software. Maybe there are people for whom this is necessary, but for the vast majority of users, hosts file blacklist are not even part of the answer.

YT

Re:WRONG: Hosts block script sources pointed to by Anonymous Coward · 2016-12-14 16:09 · Score: 0

Of course hosts will block scripts that point to them. Where did I say otherwise?

Once again, you don't seem to be able to read, comprehend or stay on subject.

You stated, when you were being pressed to answer how your hosts files protected you during the two _years_ that Stegano flew under the radar, that you didn't allow scripts to run in your browser. You admit, then, that a host file, alone, is not what you use and you are right not to rely only on a hosts file. It's not enough. Nothing you have said, addresses that. You ignored it in that thread, you are ignoring it now because you have no answer. A host file is a blacklist. Blacklists are reactive. Blacklisting, alone, whether via host file or ad-blocker is insufficient.

Addons eat more resources & do LESS by FAR vs. hosts running in faster more cpu serviced kernelmode vs. slower usermode (that addons bloat even more w/ RAM + CPU use & messagepassing overheads in process in browsers)

You keep repeating this, but I've already addressed it. It simply isn't relevant. For most cases, the resource difference as a percentage of available resources is single digit percentage. For most cases, these resources are not constrained. For most cases it will be unnoticeable. For most cases, saving a few hundred MB of RAM, or some CPU cycles is far less useful than the savings in _my_time_ that using an adblocker allows. I trade RAM and CPU for ease of use. You know, the entire purpose of automation?

Please try to read the post you are replying to. It makes you look like less of a crank, and it means I don't end up wasting reply after reply having to repeat myself because you either have some kind of reading/learning disability, or you're so keen on making this some kind of competition with a winner and a loser that you ignore anything that might be too difficult to answer.

YT

How hard can it be? by WaffleMonster · 2016-12-14 16:30 · Score: 3, Interesting

There is some kind of grand conspiracy of unimaginable stupidity going on with router vendors. I cannot for the life of me fathom how it is even possible to implement a consumer router so full of holes. You have to either not give a shit at all or be involved with intentional sabotage to explain the outcomes we are seeing.

Even if routers offered no local authentication whatsoever and just simply checked HTTP_REFERER first this crap would fail outright. What is it... 2...3..4..5.. lines of code max and whole categories of remote exploitation possibilities disappear overnight.

Unbelievable how f*****lame these exploits continue to be and how vendors are not in any way held accountable for not even trying.

Re:How hard can it be? by Anonymous Coward · 2016-12-14 19:17 · Score: 0

Even if routers offered no local authentication whatsoever and just simply checked HTTP_REFERER first this crap would fail outright.
Yes, another obstacle to cross, but HTTP_REFERER also can be spoofed. You would effectively have to implement an authentication scheme with HTTP_REFERER to achieve anything but a temporary effect.
Re:How hard can it be? by Anonymous Coward · 2016-12-14 21:55 · Score: 0

It can be spoofed, yes. Your browser won't spoof it, though.
Re:How hard can it be? by Anonymous Coward · 2016-12-15 00:35 · Score: 0

Firmware engineers are required to know nothing about security or any software engineering best practices because if they did, it would mean they don't have a hardware background and won't get hired as such. It's why the IoT is going to be so much fun.
Re:How hard can it be? by Anonymous Coward · 2016-12-15 00:37 · Score: 0

You're gonna love the Internet of Things.
Re:How hard can it be? by WaffleMonster · 2016-12-15 05:26 · Score: 1

Yes, another obstacle to cross, but HTTP_REFERER also can be spoofed. You would effectively have to implement an authentication scheme with HTTP_REFERER to achieve anything but a temporary effect.
No it can't, not by your *BROWSER*. Any avenue to spoof is a security bug and has been treated as such for at least a decade.
My comments are not about absolute protection of router from local access by a malicious HTTP client it is about preventing CSRF the lowest hanging fruit out there.
Re:How hard can it be? by Anonymous Coward · 2016-12-15 06:30 · Score: 0

I cannot for the life of me fathom how it is even possible to implement a consumer router so full of holes.
They are probably required to have these vulnerabilities by NSA mandate or they won't be able to sell their product inside the US.

LMAO @ your "illogic logic" & lies by Anonymous Coward · 2016-12-14 17:05 · Score: 0

See subject: Addons doing LESS using MORE = better? I NEVER SAID HOSTS = INSUFFICIENT hosts work vs. Stegano as they do here https://it.slashdot.org/comments.pl?sid=9963399&cid=53437329/

(YES - even vs. NoScript which has to process page tag & string data (very expensive) & parse to do it - hosts just block the source & poof - no ads & NO infection! )

CALL ME 'crank' - you LOSE using illogical ad hominem attacks "showing your tell" like as you DOUBTED me being a 1st string lettering NCAA athlete where YOU ADMIT WRONGDOING https://slashdot.org/comments.pl?sid=9986237&cid=53480147/.

No 'single digit' diff: http://cdn.ghacks.net/wp-conte... = 151mb adblock (hosts ~6mb initially & even mine = less).

APK

P.S.=> I don't run scripts GLOBALLY by default (but DO make "exception sites" for e-commerce I run scripts Opera 12.18 64-bit allows)... apk

Re:LMAO @ your "illogic logic" & lies by Anonymous Coward · 2016-12-14 17:37 · Score: 0

hosts work vs. Stegano

You fail reading comprehension, again. Hosts did not protect for the _two_ years before it was identified.

Addons doing less using more = better?
Yes. The advantages of a host file are, for me, edge cases at best and a nominal 'saving' in resources I have plenty of. The advantages of a broswer add-on outweigh these.

call me 'crank' - you lose using illogical ad hominem attacks
Oh please. You make up childish versions of people's names ("Yeti", "Ass-Fox") and want to complain on being called a crank? You demand to know what someone has done before you'll answer their questions or challenges, and want to point the finger and cry 'ad hominem'. Show some basic consistency and integrity.

where you admit wrongdoing
No, I admitted I was wrong. Something you seem incapable of doing.

No 'single digit' diff:
So you fail math as well as reading comprehension?
I said that 100MB was a single digit percentage when talking about GBs of RAM. That is, if I have 4GB of RAM then 100MB is 2.5%. So the total 'cost' of running an ad-blocker is only single digit percent of my total resources.
YT
Re:LMAO @ your "illogic logic" & lies by Anonymous Coward · 2016-12-15 01:38 · Score: 0

Please stop talking to this fruitloop. It only encourages him.
Re:LMAO @ your "illogic logic" & lies by Anonymous Coward · 2016-12-15 12:01 · Score: 0

Most trolls give up, if ignored.
APK isn't a troll, 'though, he is literally a crank and will quite happily spam the same couple of posts repeatedly in the absence of any interaction. He appears to genuinely believe that he's providing a valuable service.
I have no illusion that he's capable of rational debate, but this tends to cut down on the copy pasta and keeps him occupied.
And who knows, the horse may learn to sing.
YT
Re:LMAO @ your "illogic logic" & lies by Anonymous Coward · 2016-12-16 08:05 · Score: 0

Correct. Unidentifiable anonymous YT is a fruitloop that can't prove apk's wrong here https://it.slashdot.org/comments.pl?sid=9995967&cid=53487497/

Re: Browser addons via scripted detection, yes... by Anonymous Coward · 2016-12-14 17:09 · Score: 0

But my favorite porn site tells me to turn my Adblock off and I only use a HOSTS file!

Re:"Ask & ye shall receive" by Anonymous Coward · 2016-12-14 17:22 · Score: 0

Any chance of a Linux version?
I don't use Windows.

WRONG again (had it already)... apk by Anonymous Coward · 2016-12-14 17:59 · Score: 0

See subject: Your reading comprehension's poor: Hosts work vs. this & Stegano as I proved & I had the data already https://it.slashdot.org/comments.pl?sid=9963399&cid=53440017/ as I use more than just 10 sources in my program - I use a total of 23 & one of them was evidently tracking that threat even before ESET!

* You said I made 'hollow claims' (calling me a liar) & more in the links shown below ('fat' etc.) & I proved otherwise as I have here vs. your technically challenged bs easily!

FACT: Hosts work here & vs. Steganos + they do FAR more for FAR less vs. other "so-called 'solutions'" - especially browser addons!

APK

P.S.=> You've failed twice (quit while you're behind "yeti") https://it.slashdot.org/comments.pl?sid=9995967&cid=53487781/ & https://it.slashdot.org/comments.pl?sid=9995967&cid=53487935/ so I'd quit shooting your mouth off (unless you LIKE "eating your words", a poor diet, lol)... apk

Re:WRONG again (had it already)... apk by Anonymous Coward · 2016-12-14 19:23 · Score: 0

One last time, then you can go beat off to another 'victory'.

(from 1 of my sources, not sure which,
That alone is a terrifying concept for a piece of security being updated by other people. Dear gods, man, are you serious? No logs? No copies against which you can run a diff?
Yeah, a day or so after Steganos was released, the host file you update daily turned out to have the Stegano hosts listed - but you have no idea when that happened. So most likely, they were added to one of your 10 sources in the couple of days before the more general release. Or what? Your sources have some mystical ability to _predict_ what hosts are going to be malicious?
Even if we assume one of your sources was tracking this a _year_ before anyone else, your host file was still inadequate for over a year.
Do you get it? Do you understand? Are you really this bad at comprehension? Or are you just pathologically incapable of admitting fault?

* You said I made 'hollow claims'

I did. You do. You refuse to acknowledge that blacklisting is reactive and that more than that is needed.
I see you fail to acknowledge you made a mistake with the "'single digit' diff".
Here's a challenge for you - admit and acknowledge you made an error. I promise not to follow you around pointing it out and typing "I MADE YOU EAT YOUR WORDS".
And so, once again, APK
I remain
YT

See you downmodded this to "hide" it eh? by Anonymous Coward · 2016-12-14 18:59 · Score: 0

Wrong - Hosts block scriptserving adservers: Site ads point+download script 4 ads off em to run https://news.ycombinator.com/i... BETTER than NoScript (which processes page string tag data, hosts do the job w/ less - block a source outright 1 step).

NO ADS no problem (nor infestions ala a valid source for the data to block it (1st few = adservers))

("EATING YOUR WORDS" != good nutrition "YETI" https://slashdot.org/comments.pl?sid=9986237&cid=53480147/ )

Hosts work vs. this threat & Steganos too w/ what you natively already have in the IP stack & do more for far less vs. inferior 'solutions'.

See subject & https://it.slashdot.org/comments.pl?sid=9995967&cid=53487781 - last resort of weasels!

APK

P.S.=> Addons eat more & do LESS by FAR vs. hosts in fast kernelmode vs. slow usermode (& addons bloat even more w/ RAM + CPU use & messagepassing overheads in browsers)... apk

Re:See you downmodded this to "hide" it eh? by Anonymous Coward · 2016-12-15 17:17 · Score: 0

You got down-modded because you deserve it. You deserve it because you are a notorious spammer, troll, and a single-minded dipshit. You never respond to the substance of any conversation. You're afraid to do so -- or you're one of the single dumbest human beings I have ever seen or heard of without exaggeration. However derived, your total inability to participate in a conversation and actually advance a topic is what makes you a troll, and not even a very good one. Responding to what was actually said is one of those fundamental social skills that you either cannot exercise or refuse to exercise. It's amazing that you receive the degree of sympathy that you currently enjoy. You have nothing to compliain about and much to atone for.

How would that make you safe? by Sycraft-fu · 2016-12-14 19:38 · Score: 5, Insightful

You know a large number of commercial routers run on Linux, right? The Linux kernel isn't some magic sauce that makes you immune to hacking. On the contrary, we see flaws in programs that run on Linux all the time, these being one of them. An exploit like this can work on anything, it isn't limited just to prepackaged routers.

So what you mean is get an x64 system and run a Linux distro, with some built in tools for configuring routing. Ok... So long as it doesn't have any bugs they can exploit or check for, you are fine. If it does, well then you are back to having to update... if an update is available. A lot of the router-type Linux distros aren't very well maintained. Smoothwall, the one I hear the most crowing about, had its last release in 2014.

If you were going to point to something freely available, BSD would probably be a better bet in the form of PFSense as it is actually maintained and supported pretty well. Of course the fact that it runs on BSD is incidental to its security, it is (as best we know) secure because it has competent programmers who maintain it regularly.

However the real problem is that for many people, this is just not affordable. When you try and do all your routing and filtering in software on an x64 chip, you find you need a lot of power to push traffic. The CPUs aren't designed with routing in mind so they aren't super fast at it. PFSense needs about a 2.4GHz 4 core atom to push a gigabit of traffic, and then only if the ruleset is reasonably simple. That's about $550 for an appliance from Netgate that can do that, and that is with no wireless. Well for $180 a Netgear R7000 will push a gig of traffic no issue, and comes with a 3x3 802.11ac radio that does 2.4 and 5ghz at the same time. Likewise an EdgeRouter Lite gets a gig and is wired only for $100. They pull that off by having chips with dedicated routing logic on board.

For normal users it also needs to be easy. A suggestion of "Assemble a computer from parts, load Linux, configure routing in text files and you are good," is totally unreasonable. Even something like buying an appliance and loading code on to it from a cold state is out of reach for most people. They need a ready-made solution.

Re:How would that make you safe? by skids · 2016-12-14 21:58 · Score: 2

You know a large number of commercial routers run on Linux, right?
...with a bunch of utter trash piled on top, wherein the exploitable code likely lies, given the large number of individualized signatures this campaign seems to be using.
A basic OpenWRT with only what you need to connect to the Internet has a much smaller code surface. To the extent it looks at the packets above L3 at all, it does so only to build NAT helper rules and for DNS caching. You've got LUCI, dnsmasq, and dropbear listening on the internal network. At worst, you decided you needed uPnP and installed it. There's really not much reason to install much else than that.

--
Someone had to do it.
Re:How would that make you safe? by Anonymous Coward · 2016-12-15 01:08 · Score: 1

An exploit like this can work on anything, it isn't limited just to prepackaged routers.
I suspect this is due to poorly made in-house administration interfaces that are not protected against cross-site request forgery (CSRF) attacks, use default admin credentials, and perhaps have remote code execution vulnerabilities. This combination in particular can be exploited from any javascript code fragment your browser executes, within normal security constraints (no violation of same-origin policy etc required). I have seen even worse cases than that.
Installing a widely-used open source router operating system or even building from a normal Linux distribution yourself would most likely lead to not having those vulnerabilities, simply because you would not have such an admin interface (unless you explicitly install a bad one yourself).
Re:How would that make you safe? by AmiMoJo · 2016-12-15 01:31 · Score: 1

Many Buffalo routers run a modified version of DD-WRT. They are cheap, supported and seem to be quite secure.
The most useful advice is to not use the router your ISP provided, or anything by TPLink, Netgear or Linksys. Malware targets popular devices for maximum return on investment, and those three have proven to be incompetent too many times.

--
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Re:How would that make you safe? by pnutjam · 2016-12-15 03:32 · Score: 1

Pick up a Mikrotik device running RouterOS, they have them for under $40 with wireless.

--
Cheap storage VM.
Re:How would that make you safe? by Anonymous Coward · 2016-12-15 05:35 · Score: 0

I paid $800 to build my i5 PFSense box. Unfortunately it's only using 10% CPU to move 2Gb/s (1Gb full duplex) through the NAT with HFSC traffic shaping and 14% cpu of 1Gb/s line-rate 64byte UDP packets through the NAT and HFSC. I was not able to test 1Gb/s of 64byte UDP packet full-duplex because I did not have a second machine with enough power. My desktop was already using 60% CPU just to send the 1Gb line-rate.

I say "unfortunately" because reaching only 14% cpu while doing line rate means I have complete overkill and could have saved some money.
Re:How would that make you safe? by Bob+the+Super+Hamste · 2016-12-15 06:31 · Score: 1

You should have gone with one of these little guys with 8GB ram and a 120GB SSD for about $250. It has no problem keeping up on my 120/40Mbps internet connection with Snort in IPS mode, Squid with ClamAV to MitM all web traffic (yes I have it set up to MitM SSL/TLS), and also doing some DNS level blocking of shit sites (a list of sites that offer some files to use as input can be found here). At most I have gotten it to 50% cpu usage (usually on startup) and the hottest it has run was about 29C.

--
Time to offend someone
Re:How would that make you safe? by Anonymous Coward · 2016-12-15 19:07 · Score: 0

Rubbish. I bought a used Dell Poweredge R200 with a 2.4ghz quad code Xeon, 8gb ram, a 320gb disk and dual gigabit NICS. I installed Pfsense on it.
I run a MASSIVE amount of gigabyte traffic through it and transfer an average of a terabyte a month of incoming data. The data I transfer internally is many times more than that.
The CPU sits at average of ONE PERCENT USAGE. It's 99% IDLE even with multiple terabytes flowing through it. Memory usage? 8% average. Disk usage? 4%. Overall the machine sits in a near idle state and I push a SHIT TON of data through it. I have never seen it show any signs of being even remotely close to a full load. For $120 I got a rack mount firewall that is more than enough for anything I would or could ever throw at it. Pfsense. It's FREE.
Is there anything better?
Re:How would that make you safe? by ebvwfbw · 2016-12-16 14:14 · Score: 1

You have fallen prey to the BSD security myth. They spouted this nonsense a lot about a decade ago. How superior they were. Then a bunch of people simply ported the old, patched Linux vulnerabilities to BSD and they had a bad few years.
They are no better than anyone else (well except Microsoft, everyone is better than they are).
Today to say BSD is more secure is just crazy. They are way behind Linux. SELinux.. and so on and so on. I don't even bother to boot their stuff up anymore and I used to be a real fan of BSD. Love to be a fan again, bring it into the 2000s. BSD is missing a lot now. I think it's great if you need a simple Unix type machine to learn on. After you're competent with that you can move onto a real OS like Linux.

My hosts program works 2 ways here by Anonymous Coward · 2016-12-14 19:46 · Score: 0

See subject: Blocking javascript download off adservers ads run from (1 step efficient vs. NoScript & adblocker addons by far as usual) blocking sources of infestation in the adservers itself (long before scripts can run - you never get them @ all, but just in case? Bonus - double layer protection & yes, MORE SPEED, efficiently using what you already natively have w/ a tool I make doing it all with, ez).

* QUESTION: What have YOU done better here that does so much more for so much less in added speed, security, reliability + more anonymity that's 1 moving part simple?

APK

P.S.=> I provided all necessary info. + backed it from reputable sources - what more does anyone want - what IS your problem (lol, other than your 'malnutrition diet'' of EATING YOUR WORDS-> https://slashdot.org/comments.pl?sid=9986237&cid=53480147/ WHERE ARE YOUR MANNERS? Eating w/ your mouth full eatin yer words, lol != polite!)? apk

Re:My hosts program works 2 ways here by Anonymous Coward · 2016-12-14 21:52 · Score: 0

Is this you, bud?
http://bailbondcity.com/fldoc-...

Hosts files work vs. this threat by Anonymous Coward · 2016-12-14 20:24 · Score: 1, Insightful

See subject: Blocking out both javascript downloaded from adserver domains & other parts in servers used in this malware's communication:

0.0.0.0 onclickads.net
0.0.0.0 popcash.net
0.0.0.0 cdn.taboola.com
0.0.0.0 taboola.com
0.0.0.0 widgets.outbrain.com
0.0.0.0 outbrain.com
0.0.0.0 cdn.engine.4dsply.com
0.0.0.0 engine.4dsply.com
0.0.0.0 4dsply.com
0.0.0.0 cdn.engine.phn.doublepimp.com
0.0.0.0 phn.doublepimp.com
0.0.0.0 doublepimp.com
0.0.0.0 modificationserver.com
0.0.0.0 expensiveserver.com
0.0.0.0 immediatelyserver.com
0.0.0.0 respectsserver.com
0.0.0.0 ad.reverencegserver.com
0.0.0.0 reverencegserver.com
0.0.0.0 parametersserver.com
0.0.0.0 phosphateserver.com
0.0.0.0 cigaretteinserver.com
0.0.0.0 pix1.payswithservers.com
0.0.0.0 pix2.payswithservers.com
0.0.0.0 pix3.payswithservers.com
0.0.0.0 pix4.payswithservers.com
0.0.0.0 pix5.payswithservers.com
0.0.0.0 pix6.payswithservers.com
0.0.0.0 pix7.payswithservers.com
0.0.0.0 pix8.payswithservers.com
0.0.0.0 pix9.payswithservers.com
0.0.0.0 pix10.payswithservers.com
0.0.0.0 pix11.payswithservers.com
0.0.0.0 pix12.payswithservers.com
0.0.0.0 pix13.payswithservers.com
0.0.0.0 pix14.payswithservers.com
0.0.0.0 sub1.domain254.com
0.0.0.0 sub1.domain254.com
0.0.0.0 sub2.domain254.com
0.0.0.0 sub3.domain254.com
0.0.0.0 sub4.domain254.com
0.0.0.0 sub5.domain254.com
0.0.0.0 sub6.domain254.com
0.0.0.0 sub7.domain254.com
0.0.0.0 sub8.domain254.com
0.0.0.0 sub9.domain254.com
0.0.0.0 sub10.domain254.com
0.0.0.0 sub11.domain254.com
0.0.0.0 sub12.domain254.com
0.0.0.0 sub13.domain254.com
0.0.0.0 sub14.domain254.com
0.0.0.0 sub15.domain254.com
0.0.0.0 sub16.domain254.com
0.0.0.0 sub17.domain254.com
0.0.0.0 sub18.domain254.com
0.0.0.0 domain254.com
0.0.0.0 sub16.domain.com
0.0.0.0 sub17.domain.com
0.0.0.0 domain.com
0.0.0.0 stun.services.mozilla.com
0.0.0.0 services.mozilla.com

APK

P.S.=> Data Source = https://www.proofpoint.com/us/... ... apk

For more protection vs. threats like this? by Anonymous Coward · 2016-12-14 20:34 · Score: 1

See subject & best hosts file creator APK Hosts File Engine 9.0++ SR-4 32/64-bit https://www.google.com/search?...

Ads rob speed, security (malvertising) & privacy (tracking).

Hosts add speed (hardcodes/adblocks), security (bad sites/poisoned dns), reliability (dns down), & anonymity (dns requestlogs/trackers) natively.

Works vs. caps & PUSH ads.

Avg. page = big as Doom http://www.theregister.co.uk/2... & ads = 40% of it.

Hosts != ClarityRay blockable (vs. souled-out to admen inferior wasteful redundant slow usermode addons)

Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus (slows you) + less security issues/complexity.

Compliments firewalls (blocking less used IP addys vs. hosts blocking more used domains) & DNS (lightens dns load).

Gets data via 10 security sites.

APK

P.S. - Safe https://www.virustotal.com/en/... (Verified by Malwarebytes' S. Burn "seen the code & it's safe" http://forum.hosts-file.net/vi... )

Hosts files work vs. this threat by Anonymous Coward · 2016-12-14 20:48 · Score: 0

See subject: Blocking out both javascript downloaded from adserver domains & other parts in servers used in this malware's communication:

0.0.0.0 onclickads.net
0.0.0.0 popcash.net
0.0.0.0 cdn.taboola.com
0.0.0.0 taboola.com
0.0.0.0 widgets.outbrain.com
0.0.0.0 outbrain.com
0.0.0.0 cdn.engine.4dsply.com
0.0.0.0 engine.4dsply.com
0.0.0.0 4dsply.com
0.0.0.0 cdn.engine.phn.doublepimp.com
0.0.0.0 phn.doublepimp.com
0.0.0.0 doublepimp.com
0.0.0.0 modificationserver.com
0.0.0.0 expensiveserver.com
0.0.0.0 immediatelyserver.com
0.0.0.0 respectsserver.com
0.0.0.0 ad.reverencegserver.com
0.0.0.0 reverencegserver.com
0.0.0.0 parametersserver.com
0.0.0.0 phosphateserver.com
0.0.0.0 cigaretteinserver.com
0.0.0.0 pix1.payswithservers.com
0.0.0.0 pix2.payswithservers.com
0.0.0.0 pix3.payswithservers.com
0.0.0.0 pix4.payswithservers.com
0.0.0.0 pix5.payswithservers.com
0.0.0.0 pix6.payswithservers.com
0.0.0.0 pix7.payswithservers.com
0.0.0.0 pix8.payswithservers.com
0.0.0.0 pix9.payswithservers.com
0.0.0.0 pix10.payswithservers.com
0.0.0.0 pix11.payswithservers.com
0.0.0.0 pix12.payswithservers.com
0.0.0.0 pix13.payswithservers.com
0.0.0.0 pix14.payswithservers.com
0.0.0.0 sub1.domain254.com
0.0.0.0 sub1.domain254.com
0.0.0.0 sub2.domain254.com
0.0.0.0 sub3.domain254.com
0.0.0.0 sub4.domain254.com
0.0.0.0 sub5.domain254.com
0.0.0.0 sub6.domain254.com
0.0.0.0 sub7.domain254.com
0.0.0.0 sub8.domain254.com
0.0.0.0 sub9.domain254.com
0.0.0.0 sub10.domain254.com
0.0.0.0 sub11.domain254.com
0.0.0.0 sub12.domain254.com
0.0.0.0 sub13.domain254.com
0.0.0.0 sub14.domain254.com
0.0.0.0 sub15.domain254.com
0.0.0.0 sub16.domain254.com
0.0.0.0 sub17.domain254.com
0.0.0.0 sub18.domain254.com
0.0.0.0 domain254.com
0.0.0.0 sub16.domain.com
0.0.0.0 sub17.domain.com
0.0.0.0 domain.com
0.0.0.0 stun.services.mozilla.com
0.0.0.0 services.mozilla.com

APK

P.S.=> Data Source = https://www.proofpoint.com/us/... ... apk

For more protection vs. threats like this? by Anonymous Coward · 2016-12-14 20:54 · Score: 0

See subject & best hosts file creator APK Hosts File Engine 9.0++ SR-4 32/64-bit https://www.google.com/search?...

Ads rob speed, security (malvertising) & privacy (tracking).

Hosts add speed (hardcodes/adblocks), security (bad sites/poisoned dns), reliability (dns down), & anonymity (dns requestlogs/trackers) natively.

Works vs. caps & PUSH ads.

Avg. page = big as Doom http://www.theregister.co.uk/2... & ads = 40% of it.

Hosts != ClarityRay blockable (vs. souled-out to admen inferior wasteful redundant slow usermode addons)

Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus (slows you) + less security issues/complexity.

Compliments firewalls (blocking less used IP addys vs. hosts blocking more used domains) & DNS (lightens dns load).

Gets data via 10 security sites.

APK

P.S. - Safe https://www.virustotal.com/en/... (Verified by Malwarebytes' S. Burn "seen the code & it's safe" http://forum.hosts-file.net/vi... )

Re: Browser addons via scripted detection, yes... by Anonymous Coward · 2016-12-14 21:03 · Score: 0

"But my favorite porn site tells me to turn my Adblock off and I only use a HOSTS file!"

Yeah, that's some powerful porn:
"The Lord of HOSTS hath purposed it, to stain the pride of all glory, and to bring into contempt all the honourable of the earth."

But then again, as Willy once said, “The devil can cite Scripture for his purpose." (MV)
(In Nabokov's "Ada", which was far more explicit than the very tame "Lolita", one of the main protagonists is named "Demon" Veen. An unusual, and very carefully thought out name, as Demon was almost certainly the Father of many of the agonistes who flocked in and out of bed together, in various combinations, in Demonia. (OK, now get this straight once and for all: A Protagonist is _not_ the opposite of an Antagonist. Different roots entirely.) There are those that think that "Ada" was the last "Great" Russian novel, that takes almost as long to read as it took to write. It's a lot of fun, but not easy going, by several concepts of easy and going. By the way- Fuck you APK)

The crazy part about shellshock: by Anonymous Coward · 2016-12-14 21:40 · Score: 0

Someone I knew in *MIDDLE SCHOOL* in the 90s demo'd the exact issue in bash (2.0?) that shellshock exploited ~20 years later. His reason was to point out that bash was about the most terrible scripting environment to have on your system because of the exploit surface it made available. He was either a ksh or zsh user I believe.

Anyway fast forward to today and he was right. I on the other hand kept using it for the simple reason that autotools and company required it and there was no getting away from bash on a modern unix, and especially linux system. There are days where I still do wish for an alternative. Sadly it looks like its replacement is going to be PowerShell with new objects tying it into systemd. :)

Re: For more protection vs. threats like this? by Anonymous Coward · 2016-12-14 21:59 · Score: 1, Funny

You're like an ad. What's the hosts entry to block you?

Nonsense by evanh · 2016-12-14 22:08 · Score: 1

I'm no guru but you're not making any sense talking about ads. If ads happen to end up blocked then that's just a side effect of poorly constructed website.

Patched it 4 years ago on my DD-WRT router by henk717 · 2016-12-14 22:23 · Score: 1

Luckily i already heard of this theoretical method years ago and have patched my router accordingly. I run a DD-WRT router so the flexibility is endless, on bootup a script runs that kills the webservice and then restarts it on a non standard port. So next time i get "infected" with this exploit kit, all they can do is endlessly scan my network for routers and once they find it they have no preprogrammed way of connecting.

Re:It's not done quite like that... apk by Anonymous Coward · 2016-12-14 22:24 · Score: 0

Enjoy apk...

http://bailbondcity.com/fldoc-...

Nice tats bro

Routers have massive security issues #1/20 by Anonymous Coward · 2016-12-14 22:45 · Score: 0

See subject & these links proof of sad truth on routers (hosts = better. See 'p.s.' below & links there too for proof):

LMAO - Hell no (he's TOO ugly)... apk by Anonymous Coward · 2016-12-14 23:03 · Score: 0

See subject: It's not me. Never lived in Fla. much less arrested there. My namesake isn't too smart to be in a cage either. I'm not that dumb either.

APK

P.S.=> If you're trolling? Not even a 'nice try'... apk

Servers blocked for both ads+network parts by Anonymous Coward · 2016-12-14 23:31 · Score: 0

See subject: Stops malvertising @ adscript level by blocking its download & communications w/ payload parts (& if you had it already it communicate back to C&C parts of its malware network either - it stalls it then too).

* It's NO non-sense! Hosts do it more efficiently blocking those servers in 1 step than the tag parsing gyrations NoScript or Adblocker addons do for FAR less (& doing more vs. threats than they do by FAR too) in faster kernelmode vs. slower usermode they use too!

It works due to this technique backed by a valid source vs. this malware https://it.slashdot.org/commen... & why due to HOW ADS WORK (did you actually READ this, evanh? If not, do) https://news.ycombinator.com/i...

APK

P.S.=> I block BOTH its ad servers ads download script from browser tag in adspaces on a website's page running ads (& they get it from those servers - when blocked via hosts? No dice)

+

I block the rest of its network parts too (not just ads but the exploit loaders etc. too - so yes, even IF you had it from ads? That 2nd parts "chokes it off" so it can't talk back to C&C "mama's")... apk

Re:Servers blocked for both ads+network parts by Anonymous Coward · 2016-12-15 08:30 · Score: 0

Welcome Back!! We were missing you!

"Ask & ye shall receive" by Anonymous Coward · 2016-12-14 23:41 · Score: 0

See subject: Hosts files do that blocking script sources in ads https://news.ycombinator.com/i... as that link shows HOW they work (sites point to javascript on adnetwork servers is how hosts block it) & for the BEST hosts file generator? Again - "ask & ye SHALL receive"-> https://it.slashdot.org/commen... by "yours truly"!

* Does more than ANY other "so-called 'solution'" does that are riddled w/ security issues (locally installed DNS/antivirus) or 'souled-out' to advertisers to NOT work fully (addons) http://www.businessinsider.com... & hosts operate in FAR more cpu serviced faster kernelmode vs. slower usermode too & are FAR more efficient vs. any of those faulty "solutions" I just noted.

APK

P.S.=> Enjoy... apk

It's not done quite like that... apk by Anonymous Coward · 2016-12-14 23:52 · Score: 0

See subject: Sites download script off servers hosting javascript to run ads that get executed clientside https://news.ycombinator.com/i...

Stealing not only your bandwidth but also your cpu time increasing power use & tracking you + INFECTING you!

(They're not only getting a "free-ride" on your bandwidth but also your speed online & power bill too)

Malware makers got onto the ad train via OpenBid adnetworks http://www.theregister.co.uk/2... since it's tougher to exploit browsers + OS now, & ads get in to MOST users' systems + most users run scripts (I don't generally)!

APK

P.S.=> That is, UNLESS YOU DO THIS VS. THEM-> https://it.slashdot.org/commen... [slashdot.org] using THIS to do so even moreso vs. threats & more https://it.slashdot.org/commen... by "yours truly" (it protects you vs. many threats + speeds you up 2 ways too doing more for far less vs. browser addons that don't work souled out to advertisers http://www.businessinsider.com... ... apk

Change your routers pw by AHuxley · 2016-12-15 00:17 · Score: 1

from username, password and the code moves on.

--
Domestic spying is now "Benign Information Gathering"

I do & give you a free safe tool to do it too by Anonymous Coward · 2016-12-15 00:35 · Score: 0

See subject: Ads (+ other threats) = nullified via hosts file usage thus https://it.slashdot.org/commen... & best tool to do it https://it.slashdot.org/commen... by "yours truly" (100% freebie & 100% safe, proofs of that are in that post).

* That includes scripts that sites point to in order to run ads as well (thus better than NoScript by not using your CPU & RAM to process page string data to detect scripts, less resources & messagepassing + more efficient kernelmode faster more cpu serviced operations via tcpip.sys (ip stack & resolver) vs. slower usermode bloated addons).

APK

P.S.=> It's merely using what you already HAVE natively in your IP stack & Operating System to do FAR more for FAR less vs. any other "so-called 'solution'" out there that are security bug issue riddled (locally installed DNS/Antivirus) or 'souled-out' to NOT work right addons (like "AlmostALLAdsBlocked" http://www.businessinsider.com... or even NoScript for the reasons noted above - as I block ad javascript housing servers that sites running ads actually point to, download to YOU (sucking up your speed, electric power & infect you with too) & screw you up with (you never get that script that runs ads in the 1st place OR their infestations))... apk

Hell no (he's TOO ugly)... apk by Anonymous Coward · 2016-12-15 00:44 · Score: 0

See subject: ... that != me. Never lived in Fla. much less arrested there. My namesake != smart to be caged & I'm not that dumb either.

APK

P.S.=> If you're trolling? Not even a 'nice try'... apk

Re:That's why I encrypted the firmware in my route by silentcoder · 2016-12-15 00:47 · Score: 1

I pulled all the cables out of mine, more secure than your solution and less labour required.

--
Unicode killed the ASCII-art *

so much lel by Anonymous Coward · 2016-12-15 01:04 · Score: 0

javascript? What's that?

^ solution: **** JS. Rip that **** out.

UBlock = inferior + inefficient vs. hosts by Anonymous Coward · 2016-12-15 01:43 · Score: 0

UBlock can't do these as well as (or @ all) hosts do 4 speed, security, & reliability:

1.) Protect vs. bad sites (past ads)
2.) Protect vs. fastflux botnet C&C's
3.) Protect vs. dyndns botnet C&C's
4.) Protect vs. DGA botnet C&C's
5.) Protect vs. downed DNS (reliability)
6.) Protect vs. DNS poisoned dns
7.) Protect vs. trackers
8.) Protect vs. spam payloads
9.) Protect vs. phish payloads
10.) Protect vs. caps
11.) Get past dns blocks
12.) Keep off dns request logs
13.) Speed up 2 ways (adblocks/hardcodes)
14.) Work on anything webbound multiplatform.
15.) Ez data edit
16.) Block ads more efficiently in cpu/ram/I-O use
17.) UBlock now uses hosts (no DNS benefits vs. dns issues) - poor imitation = "sincerest form of flattery"

Hosts = native vs. illogically "Bolting on 'MoAr'" & not ClarityRay blockable like addons.

APK

P.S.=> Hosts (1st resolver) do MORE w/ less in fast kernelmode & before slow usermode addons

Hosts ~3mb vs. UBlock = 64MB -> http://cdn.ghacks.net/wp-conte...

For the best hosts file creator by Anonymous Coward · 2016-12-15 02:03 · Score: 0

APK Hosts File Engine 9.0++ SR-4 32/64-bit https://www.google.com/search?...

Ads rob speed, security (malvertising) & privacy (tracking).

Hosts add speed (hardcodes/adblocks), security (bad sites/poisoned dns), reliability (dns down), & anonymity (dns requestlogs/trackers) natively.

Works vs. caps & PUSH ads.

Avg. page = big as Doom http://www.theregister.co.uk/2... & ads = 40% of it.

Hosts != ClarityRay blockable (vs. souled-out to admen inferior wasteful redundant slow usermode addons)

Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus (slows you) + less security issues/complexity.

Compliments firewalls (blocking less used IP addys vs. hosts blocking more used domains) & DNS (lightens dns load).

Gets data via 10 security sites.

APK

P.S. - Safe https://www.virustotal.com/en/... (Verified by Malwarebytes' S. Burn "seen the code & it's safe" http://forum.hosts-file.net/vi... )

Re: Browser addons via scripted detection, yes... by Anonymous Coward · 2016-12-15 02:49 · Score: 0

Microsoft's new Zo chatbot is already off the rails, apparently.

Re:For more protection vs. threats like this? by Anonymous Coward · 2016-12-15 05:21 · Score: 0

Whoever is posting this needs to be summarily executed.

Re:"Ask & ye shall receive" by Anonymous Coward · 2016-12-15 07:31 · Score: 0

Or chance of publishing the hosts file so we could use it in linux or on our routers to protect all of our devices?

Inception ending: "Welcome home Mr. Cobb" by Anonymous Coward · 2016-12-15 10:09 · Score: 0

See subject: I never left but if it makes you feel better/ Well, then Thank-You & "imagine that"...

* :)

APK

P.S.=> Hans Zimmer "Time" accompaniment & all - Right from where the airport secuirty guard tells him what's in my subject above... apk

"YETI", where are your manners? by Anonymous Coward · 2016-12-16 07:00 · Score: 0

See subject: It's impolite to talk w/ YOUR mouth full as you "EAT YOUR WORDS" https://slashdot.org/comments.pl?sid=9986237&cid=53480147/ & calling me names trying to "label me"? Waste of your time. You FAILED repeatedly & you're only projecting what YOU are!

APK

P.S.=> Tell us - how did they taste? The BITTER TASTE of SELF-defeat?? Change your diet (lol): EATING YOUR WORDS != GOOD NUTRITION... apk

When you manage to prove me wrong? by Anonymous Coward · 2016-12-16 07:16 · Score: 0

See subject: Then talk https://it.slashdot.org/comments.pl?sid=9995967&cid=53487497/ but you can't manage to validly technically prove that wrong so STFU unidentifiable anonymous trolling worm.

APK

P.S.=> Go away, 'shoo' (lol)... apk

Re:When you manage to prove me wrong? by Anonymous Coward · 2016-12-16 10:14 · Score: 0

You've been proven wrong to the satisfaction of myself, apparently to YT, and many others. Your failure to acknowledge this does not make it stop being true. Meanwhile security experts all agree on one thing: good security is done in overlapping layers. Hosts file filtering can be one layer, but to depend on one single method to provide for all of your security needs is just plain bad practice no matter how good (or bad) that single method is.
You keep mentioning resource usage of browser add-ons. Do they use more resources than hosts files? Yes. Does that matter to a given user? That's not for you to decide. That's for the user/owner of a given system to decide. If I find in my own experience that the resource usage is negligible then for me, it is negligible. Nothing you say can change what I can observe and verify on my own hardware and that's something you just don't want to understand (you are more than smart enough to grasp this, it just doesn't fit your ideology). This is why you are perceived to be a "crank" - you seem to be trying to tell people what they should or shouldn't run on their own equipment and how they should feel about that, and you can't understand why this doesn't work. You clearly have no respect for the values of others and the trade-offs they consider worthwhile, and in that sense you resemble a religious fundamentalist.
See here's how a reasonable person does things: if you find the resource usage of i.e. uBlock Origin and NoScript to be absolutely unacceptable, then for you they are not a good solution. If I find the resource usage to be negligible because my hardware has lots of spare CPU cycles and several gigs of free RAM and I cannot notice even the slightest drop in performance because it's much less than the threshold of human perception, then for me an extra layer of security in exchange for resources I will never miss is an acceptable trade-off. Which of us is correct? Both of us. We would both be making an informed choice designed to suit our own needs and preferences.
But not you. You can't do that. You've got your ego all tangled up in your hosts file program. It's not some software you maintain. It's become an extension of your being. So rejecting it, or questioning it, or even using it, but also using other layers is like rejecting you personally and everything you stand for. That last one is great, I guess you want everyone to be a total purist, instead of welcoming all users of your software? Anyway, guess what? That's not my problem. That's your problem. Evading this site's posting restrictions so you can spam, disrupt conversations, troll, and generally make a nuisance of yourself doesn't change anything.
Anyway I'm writing this for fun. You're not the first "true believer" obsessive type I've encountered. I know that nothing anyone says will make you see reason. Funny thing is - the longer you go on like this, the more guilty you will feel if/when you ever do admit that the way you deal with other people is wrong. So all you can do is double-down on the stupid, stick your fingers in your ears and pretend not to understand, and repeat your same old bullshit while declaring "victory". Enjoy your "victory", if you can. I get the idea you can't really enjoy much of anything, but that's just a "gut feeling" of mine.

Give your hand a break! by Anonymous Coward · 2016-12-16 07:47 · Score: 0

See subject: Have you considered being with a real woman instead?

APK

P.S.=> Consider it & problem solved... apk

Re:"Ask & ye shall receive" by Anonymous Coward · 2016-12-16 10:24 · Score: 0

Or chance of publishing the hosts file so we could use it in linux or on our routers to protect all of our devices?

If he did that, then his potential users would become less dependent on him. His ego depends on people using HIS software and implementing hosts blocking HIS way.

If he really truly cared about the welfare of users, and truly believed that he had a great solution, then he would make it available to as many people as possible by publishing just like you suggest. However, if he cared about having his ego stroked, then he would do exactly what he is doing now. Actions speak very much louder than words.

YT's busy "eating his words" & can't talk by Anonymous Coward · 2016-12-16 10:44 · Score: 0

See subject: His mouth's full eating his words https://it.slashdot.org/comments.pl?sid=9995967&cid=53487497/ & he can't prove me wrong https://it.slashdot.org/comments.pl?sid=9995967&cid=53488493-question:*IS YOUR FAVORITE COLOR "transparent"? Must be - I see RIGHT thru you, lol!

I back what I say w/ reputable source analysis & information!

FACT: Hosts do FAR more for FAR less vs. other bug riddled inefficient "so-called 'solutions'" (locally installed DNS/antivirus) & illogically "Bolting on 'MoAr'" that doesn't do as much & uses orders of magnitude more which != 'better' - it's inferior!

APK

P.S.=> I merely state facts w/ a tool as I do in my APK Hosts File Engine 9.0++ SR-4 32/64-bit > & it KILLS you that you can't prove that wrong, lol - only unjustifiable downmods to try "hide it"... apkhttps://it.slashdot.org/comments.pl?sid=9995967&cid=53488511

FACTS vs. your bs... apk by Anonymous Coward · 2016-12-16 12:40 · Score: 0

I was PAID for "layered-security" guides I wrote https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&btnG=Google+Search&gbv=1/

Hosts do ALL I say (backed by reputable sources' info, data + research) & you can't prove it wrong https://it.slashdot.org/comments.pl?sid=9995967&cid=53488493/ w/ them working vs. this threat!

* I don't tell ANYONE what to do:

I show a more efficient, ubiquitous + logical way w/ what you have natively already letting them decide!

APK

P.S.=> Plenty of /.'ers LIKE + USE APK Hosts File Engine 9.0++ SR-4 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ & malwarebytes' folks HOST & RECOMMEND it... apk

Slashdot Mirror

Malvertising Campaign Infects Your Router Instead of Your Browser (bleepingcomputer.com)

137 comments