|
A question on Safari adblockers. I've been using Wipr for a while, but it kind of sucks (among other things, there is no whitelist feature, and the developer has posted that he refuses to implement one). So I installed uBlock Origin, but I'm a little put off by:Safari posted:"uBlock Origin" can read, modify, and transmit content from all webpages. This could include sensitive information like passwords, phone numbers, and credit cards. Although Wipr lacks a feature I want, Safari claims that it "does not have permission to read or transmit content from any webpages". I like this. If Apple has managed to make Safari extension APIs that permit blocking ads without the extension being permitted to see private data, I am 100% in favor of adblockers using that interface. Even if they're open source and nobody has identified a malicious use of this data. So really my question is: How truthful is Apple's claim that an extension like Wipr can't see sensitive data? If it's nonsense I might as well switch to uBlock.
|
#
¿
Feb 3, 2017 11:29
|
|
|
|
| # ¿ May 12, 2024 10:57 |
|
|
flosofl posted:Thanks, these replies all make sense to me. I haven't really looked into the extension framework for Safari. Echoing flosofl's thanks for all the replies, which have cleared things up for me. I don't have the time to look into extension frameworks myself, so it's great to hear from some people with domain knowledge.
|
|
#
¿
Feb 4, 2017 05:00
|
|
|
yoloer420 posted:People copy pasting reference code provided by chip manufacturers? I worked at one of those chip companies before and this is a completely correct opinion. Most of the companies which ship consumer internet routers have very little in house software capability so they just put their own branding on reference software.
|
|
#
¿
Jan 1, 2018 06:36
|
|
|
Orbis Tertius posted:So to summarize: I haven't looked at the rest, but I want to point out that your chain of reasoning here is extremely shaky. You don't actually know any of this! You googled up some random internet dude's post about a problem with similar symptoms, and have arrived at these conclusions by assuming your root cause must be the same as his. But it doesn't have to be, and in fact the lack of a ssh process is a clue that it isn't. Googling the error message led me to: https://stackoverflow.com/questions/45799650/git-bash-error-could-not-fork-child-process-there-are-no-available-terminals which has a whole bunch of comments raising possible causes and fixes. Some of them are the same as random internet dude's, some definitely aren't. It all sounds like the consequences of cygwin being a weird and janky compatibility shim to make Unix software run on Windows, so your first instinct when it acts up shouldn't be "omg I have been hacked!!!", it should be "ah poo poo this junk broke again". (If I were you, I'd look into running tools like git on WSL2 - I haven't used it personally but from what I've heard it probably works a lot better on average than cygwin.) I'd also add that if you are really super convinced you have a rogue SSH connection open, you should be installing and using network monitoring tools to look for it.
|
|
#
¿
Aug 7, 2021 21:55
|
|
|
Yeah nothing's immune, especially to social engineering. My mother (rest in peace, Mom) once got got on her Mac by a browser popup ad which used text-to-speech to loudly inform her that everything was wrong with her computer and she absolutely had to call a number. She called it and was walked through installing LogMeIn Rescue so the scammer could start observing and controlling her computer, which he immediately used to start fast talking her about all these things "wrong" with the Mac she was going to have to pay them to fix. Fortunately, before handing over CC info, some warning bells started going off and she began to balk. That's when the scammer turned abusive and nasty. She was really upset and scared when she phoned me right after hanging up on them. I couldn't find any evidence that they ended up with persistent remote control of the machine. I don't think that was ever the goal of that particular scam, it was just about conning elders confused by computers into paying for a service they didn't need. Still, I copied her data off and did the ol' nuke-and-pave. (I had never heard of LogMeIn before that incident. When I went searching, it seemingly was (is?) a legit remote admin tool, but I also found lots of evidence that the company behind it was deliberately turning a blind eye to all the scammers who'd bought licenses to use it in schemes like that one. So this is my anti-advertisement for LogMeIn. gently caress them, don't buy their poo poo.)
|
|
#
¿
May 26, 2023 09:39
|
|
|
|
| # ¿ May 12, 2024 10:57 |
|
|
My mother had something similar happen once. Pop-up ad, used text-to-speech to tell her to call a support number because something was very wrong with her computer. She'd never heard her computer speak to her before, so she thought it must be important. They got her to install a remote access tool and grant them some permissions, which they proceeded to use for a high pressure sales pitch, rapidly flicking through random things on her computer claiming everything they saw was wrong and she needed to pay them several hundred dollars to fix it NOW and really, they were doing her a favor fixing it so cheap. She eventually realized she should talk to her son first, said something along those lines, and the high pressure salesman literally turned abusive trying to keep her on the line, so she hung up and called me, very distraught. When I did some forensics, I found no evidence they'd installed anything. As far as I can tell they only had her install LogMeIn Rescue (a tool that is sometimes used for legitimate remote tech support) only so they could use it to sell her on the idea that there was something wrong, and they could do something about it. Rather than installing scanners or whatever to steal banking info, they wanted her to verbally give them a CC number. It seemed designed to plausibly not involve any crimes - they weren't hacking or stealing anything, just trying to get her to voluntarily pay them. I still nuked and paved, no sense in taking chances. Changing router passwords can't hurt either - I forget if I did that, I might have. But overall, you probably don't have to worry about crazy things like advanced persistent threats. It was a social engineering attack, and if it was like the one directed against my Mom, the goal was just to sell worthless tech support and there wasn't anything deeper to it than that. E: meant to lead this with "what did their end goal seem to be". Maybe these guys are running a different scam. Still, anything which starts with social engineering to get access to the computer isn't likely to be highly sophisticated. BobHoward fucked around with this message at 07:04 on Feb 10, 2024 |
|
#
¿
Feb 10, 2024 07:00
|
|