|
Adblock is a the answer.
|
# ? Sep 5, 2019 06:28 |
|
|
# ? May 18, 2024 14:49 |
|
Every time I try to support a website by turning off uBO, I get those exact same webpage redirecting ads. Every time.
|
# ? Sep 5, 2019 06:50 |
|
PBS posted:Usually bad ads or something she clicked on. Here's a deep dive for the curious: https://www.youtube.com/watch?v=ApQls-Xggsc
|
# ? Sep 5, 2019 09:33 |
|
Nalin posted:Every time I try to support a website by turning off uBO, I get those exact same webpage redirecting ads. Every time. You know what they say: "fool me once, shame on you; fool me twice, shame on me".
|
# ? Sep 5, 2019 12:12 |
|
rafikki posted:What is the entry point for these scam popups? Is it a bad ad or actual malware on a machine? Windows Defender isn't showing any problems and windows updates are actually up to date. According to my mom, she had just done a yahoo search for weather and clicked on some of the results. Looking around in the browser history doesn't show anything objectionable. There's your problem. I have a doctor (who of course has local admin on all his PCs because *reasons*) that I constantly have to clean up after because he decides he wants to install Firefox, goes to Yahoo, types in Firefox, and clicks on the first result that comes up. Inevitably the real link is the fifth or sixth one because Yahoo is horrible. Yahoo is pretty much only used by the exact kind of computer-illiterate people these scams target.
|
# ? Sep 5, 2019 15:10 |
wolrah posted:There's your problem. I have a doctor (who of course has local admin on all his PCs because *reasons*) that I constantly have to clean up after because he decides he wants to install Firefox, goes to Yahoo, types in Firefox, and clicks on the first result that comes up. Inevitably the real link is the fifth or sixth one because Yahoo is horrible. Oh I know. I thought I had adblocker installed on her computer but who knows. At least she called me instead of the number on the screen.
|
|
# ? Sep 5, 2019 15:12 |
|
wolrah posted:There's your problem. I have a doctor (who of course has local admin on all his PCs because *reasons*) that I constantly have to clean up after because he decides he wants to install Firefox, goes to Yahoo, types in Firefox, and clicks on the first result that comes up. Inevitably the real link is the fifth or sixth one because Yahoo is horrible. Why don't you yourself install the real Firefox with an adblocker instead of resetting to the same situation you have to clean up after?
|
# ? Sep 5, 2019 15:17 |
|
That's probably a modal pop-up on the scam page itself. Nothing wrong with her computer, just the page trying to trick her. If she is redirected to it from other, innocent pages, she has malware.
|
# ? Sep 5, 2019 16:26 |
|
wolrah posted:There's your problem. I have a doctor (who of course has local admin on all his PCs because *reasons*) that I constantly have to clean up after because he decides he wants to install Firefox, goes to Yahoo, types in Firefox, and clicks on the first result that comes up. Inevitably the real link is the fifth or sixth one because Yahoo is horrible. Just put a ninite installer on his desktop (or network share, whatever). It will install an up-to-date Firefox (or update the existing install) when he clicks it.
|
# ? Sep 5, 2019 16:35 |
|
I love getting those on my phone "Oh no, I have a virus" *clicks back once* "Gone."
|
# ? Sep 5, 2019 16:37 |
|
Schadenboner posted:Just put a ninite installer on his desktop (or network share, whatever). It will install an up-to-date Firefox (or update the existing install) when he clicks it. Well pay for it first and then do it.
|
# ? Sep 5, 2019 18:09 |
|
Sickening posted:Well pay for it first and then do it. I have never looked at Ninite Pro before now and goddamn does their interface look like a disaster.
|
# ? Sep 5, 2019 18:13 |
|
Schadenboner posted:I have never looked at Ninite Pro before now and goddamn does their interface look like a disaster. Yeah, but my point is that I am pretty sure that you can't legally use ninite installers for business purposes without paying for the licenses. I might be wrong.
|
# ? Sep 5, 2019 18:15 |
|
Sickening posted:Yeah, but my point is that I am pretty sure that you can't legally use ninite installers for business purposes without paying for the licenses. I might be wrong. The idea someone would use software without full and complete licensing in place prior to use fills me with a combination of fury and nausea. I'm rage puking at the very thought!
|
# ? Sep 5, 2019 18:32 |
|
Schadenboner posted:The idea someone would use software without full and complete licensing in place prior to use fills me with a combination of fury and nausea. Ethics is information security? Nah...
|
# ? Sep 5, 2019 18:34 |
|
Schadenboner posted:The idea someone would use software without full and complete licensing in place prior to use fills me with a combination of fury and nausea. I noticed tonight that our VDI jumphost isn't a legal copy of windows >.<
|
# ? Sep 5, 2019 19:34 |
|
Absurd Alhazred posted:Why don't you yourself install the real Firefox with an adblocker instead of resetting to the same situation you have to clean up after? We don't install Firefox by default for them because one of their vendor web sites doesn't work properly with it. It works in Chrome and they use G-Suite anyways so we install that instead. It's not like we're leaving them with IE/Edge, in fact we remove the icons for both of those from the desktop and taskbar entirely. That said, for this user we had already installed Firefox ESR after the first time he did this. The problem is he keeps deleting the icon from his desktop (itself an amazing feat because every time I use his machine there are 2-4 copies of it), then deciding he'll "fix it" himself.
|
# ? Sep 5, 2019 21:23 |
|
Speaking of Edge, not infosec related, but the new Edge in the dev channel is real real good.
|
# ? Sep 5, 2019 21:29 |
|
Isn't it just Chromium with "M$ EDGE" slapped over it?
|
# ? Sep 5, 2019 21:32 |
|
Mustache Ride posted:Isn't it just Chromium with "M$ EDGE" slapped over it? Basically, yes. Just like about every modern browser. Firefox stands alone.
|
# ? Sep 5, 2019 21:37 |
|
Mustache Ride posted:Isn't it just Chromium with "M$ EDGE" slapped over it? Yup. It's fast as hell and runs chrome extensions.
|
# ? Sep 5, 2019 22:04 |
|
Mustache Ride posted:Isn't it just Chromium with "M$ EDGE" slapped over it? You say that like it's a bad thing
|
# ? Sep 5, 2019 22:17 |
|
Factor Mystic posted:You say that like it's a bad thing It's giving Google too much control over web standards. Diversity is a good thing.
|
# ? Sep 5, 2019 22:18 |
|
Factor Mystic posted:You say that like it's a bad thing It is. It's just like IE was back in '99. Same monopolistic behaviour, same everything. Just the company name is different.
|
# ? Sep 5, 2019 22:36 |
|
Volguus posted:It is. It's just like IE was back in '99. Same monopolistic behaviour, same everything. Just the company name is different. Chromium. Not Chrome.
|
# ? Sep 5, 2019 22:39 |
|
CLAM DOWN posted:Chromium. Not Chrome. Yes, what's your point? Sure is the open source version, but is still the same thing. The reason why everyone (Firefox still holding) is moving to that engine is because of Google's "oopsies" on the websites they control which break the other browsers in fun and exciting ways. Microsoft back then had an OS monopoly which it used to push its browser monopoly. Google has a services monopoly which it's using to push its own browser. Sure, I could put a different skin on Windows 98 too, not that it mattered much. It was the same poo poo underneath.
|
# ? Sep 5, 2019 22:44 |
|
Chromium development is still driven by Google, and having every major browser except Firefox using some version of webkit isn't a good thing.
|
# ? Sep 5, 2019 22:45 |
|
Volguus posted:Yes, what's your point? Sure is the open source version, but is still the same thing. The reason why everyone (Firefox still holding) is moving to that engine is because of Google's "oopsies" on the websites they control which break the other browsers in fun and exciting ways. I mean, it's a good engine and open source. Someone can make a new one? I just don't care much about this, sorry. I'll withdraw myself.
|
# ? Sep 5, 2019 22:46 |
|
I'm more irritated by Google using their services to constantly remind you that you're not using Chrome and hey maybe you should try that. gently caress off.
|
# ? Sep 5, 2019 23:19 |
|
wolrah posted:We don't install Firefox by default for them because one of their vendor web sites doesn't work properly with it. It works in Chrome and they use G-Suite anyways so we install that instead. It's not like we're leaving them with IE/Edge, in fact we remove the icons for both of those from the desktop and taskbar entirely. I mean, at this point I'd just set up his firewall to only whitelist stuff he actually needs for work in a way that'll be hard for a non-expert to fix even with admin privileges.
|
# ? Sep 6, 2019 00:26 |
|
Absurd Alhazred posted:
So far this has proven sufficiently foolproof, but you know what they say about the ingenuity of fools.
|
# ? Sep 6, 2019 16:02 |
|
The Fool posted:It's giving Google too much control over web standards. Diversity is a good thing. Great, then go back in time and tell web developers to actually test in other browsers. That didn't happen; if it's not mobile Safari or Chrome, nobody cares. Everyone wants diversity as a concept, nobody wants to put in the work, and here we are. Small credit to Microsoft for living in the real world, and making a good app instead of throwing good money after bad. Plus, for awhile now there's been a vague "could we have Google tech without Alphabet Co slurping up all our data"? And here it is, a de-Googled Chrome that's actually good.
|
# ? Sep 6, 2019 17:19 |
|
Since this is the infosec thread, let me pose an infosec related hypothetical. Let's say that @taviso has announced a sandbox escape vuln in webkit's font rendering engine. Say that it's in an old enough part of the engine that it also affects all forked versions of webkit as well. Not only would this hypothetical affect every major browser except Firefox it would affect every minor browser on this list. Now say that webkit fixes this vuln in their latest release. How many of those projects are actually going to update? Which ones are actually operating off of a fork like Blink and would need to implement their own fix? How quickly will MS patch Edge? Google patch Chrome? Apple patch Safari? How many people will actually apply those updates?
|
# ? Sep 6, 2019 17:32 |
|
a webkit vuln affecting every branch isn't hypothetical tbh
|
# ? Sep 6, 2019 17:35 |
|
The Fool posted:Since this is the infosec thread, let me pose an infosec related hypothetical. I think this is a misleading hypothetical if you aren't also considering whether having the 3 biggest companies in the industry concentrating on the same code has security benefits. For example, @taviso works for google, he's not gonna drop a webkit/chromium zero-day. He's gonna notify apple to fix it in webkit and google will fix chromium and all the chromium-derivatives will get told privately it's an important patch they should merge ASAP. Now multiply that by all Microsoft's security people as well, who will be concentrating on chromium rather than the IE engine. Browsers are so important as targets these days that I wouldn't be surprised if security wasn't among MS's reasons to abandon their own browser.
|
# ? Sep 6, 2019 17:47 |
|
Klyith posted:I think this is a misleading hypothetical if you aren't also considering whether having the 3 biggest companies in the industry concentrating on the same code has security benefits. Yes, I'm aware that in reality taviso is going to give every stakeholder a 90-day notification window and that all of the major players will have patches released on or before that deadline. I'm also aware that in reality not every product has a 100% patch rate, and a vulnerability doesn't magically appear when it is announced. A vulnerability of this magnitude would have been around for a significant amount of time and potentially exploitable before being discovered.
|
# ? Sep 6, 2019 17:54 |
|
The Fool posted:Yes, I'm aware that in reality taviso is going to give every stakeholder a 90-day notification window and that all of the major players will have patches released on or before that deadline. Yes but you're dodging the actual point. My response about what taviso would do in reality wasn't a counter to your hypothetical, it was an illustration that these companies employ a lot of the most talented people in the biz. 3 browser engines with n/3 security researchers looking at each one, or 1 browser engine with n researchers? Which is more secure?
|
# ? Sep 6, 2019 18:08 |
|
Klyith posted:Yes but you're dodging the actual point. My response about what taviso would do in reality wasn't a counter to your hypothetical, it was an illustration that these companies employ a lot of the most talented people in the biz. back in the capitalist hellscape of 2019, it’s just as likely that the companies will downsize their security teams because they’re expensive and surely google has that covered
|
# ? Sep 6, 2019 18:22 |
|
Klyith posted:Yes but you're dodging the actual point. My response about what taviso would do in reality wasn't a counter to your hypothetical, it was an illustration that these companies employ a lot of the most talented people in the biz. Obviously the project that has the most eyeballs is going to be the most likely to be secure, but that's not the point I'm trying to make. My point is that because of an over-reliance on a single (admittedly good) project, a single vulnerability has potential to cascade down and have wide reaching effects. This is the kind of scenario that system diversity would mitigate.
|
# ? Sep 6, 2019 18:27 |
|
|
# ? May 18, 2024 14:49 |
Factor Mystic posted:Great, then go back in time and tell web developers to actually test in other browsers. That didn't happen; if it's not mobile Safari or Chrome, nobody cares. Everyone wants diversity as a concept, nobody wants to put in the work, and here we are.
|
|
# ? Sep 6, 2019 18:36 |