Sign in to follow this  
  • entries
    8
  • comments
    8
  • views
    16,676

False Sense of Security part 1

Kate The Bionic Uterus

2,767 views

:nuke: When it comes to internet security everybody has an opinion. However few really know what is actually happening. That is because there is so much misinformation being put out there on purpose that people just don't know how to filter it. The question here in this blog entry is, "Where do I start?" :question:

 

The primary way the NSA eavesdrops on Internet communications is in the network. That's where their capabilities best scale. They have invested in enormous programs to automatically collect and analyse network traffic. Anything that requires them to attack individual endpoint computers is significantly more costly and risky for them, and they will do those things carefully and sparingly.

 

The NSA gets access to the communications trunks (telecommunications companies that they have agreements with) that move Internet traffic. In cases where it doesn't have that sort of friendly access, it does its best to surreptitiously monitor communications channels: tapping undersea cables, intercepting satellite communications, and so on.

 

:pc: "Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it." ~Edward Snowden

 

Endpoint means the software you're using, the computer you're using it on, and the local network you're using it in. If the nsa/fbi can modify the encryption algorithm or drop a trojan on your computer, all the cryptography and protection in the world doesn't matter at all.

 

:police: Google recently announced that it would start including individual users' names and photos in some ads. This means that if you rate some product positively, your friends may see ads for that product with your name and photo attached—without your knowledge or consent. Meanwhile, Facebook is eliminating a feature that allowed people to retain some portions of their anonymity on its website.

 

These changes come on the heels of Google's move to explore replacing tracking cookies with something that users have even less control over. Microsoft is doing something similar by developing its own tracking technology.

 

Lots of companies are evading the "Do Not Track" rules, meant to give users a say in whether companies track them. Turns out the whole "Do Not Track" legislation has been a sham. It shouldn't come as a surprise that big technology companies are tracking us on the Internet even more aggressively than before.

 

If these features don't sound particularly beneficial to you, it's because you're not the customer of any of these companies. You're the product, and you're being improved for their actual customers: their advertisers :excl:

 

Lenovo installs an HTTPS "man in the middle" attack on their laptops: Before you click on that link you may want to know what the "Man in the middle" (MITM) attack is. Now that you know what is happening I hope you are disturbed about what is happening as I am. https://filippo.io/Badfish/ links to a Superfish "detector" page, with instructions on how to remove it. However the only way we all can be sure these TROJANS and spyware programs are not hidden on out computers is to NUKE, WIPE our hard drives and reinstall our Operating Systems directly from the disk. You want to use a Microsoft branded OEM Windows disc and use the product key off of the machine. Not a recovery disc.

 

:spam: Pre built white box style computers (DELL) which I'll include HP at this point have always been full of bloatware. There have been reports of PUPs being in certain linux installs. Sometimes they hack into downloads and replace what people think they are getting. So when someone downloads a Ubuntu OS that can be run off of an USB key, you still need to run that through some security scans.

 

I'm sure many people here use an anti virus, Firewall and other ad-ware/spy-ware detection programs. A popular program these days is http://www.malwarebytes.org/. It's results are excellent however some of you fine people here would be surprised that even after running a full scan using Malwarbytes and then a secondary malware/spyware program like HitmanPro http://www.surfright.nl/en/downloads and then a boot scan of your anti virus, that some malware/spyware still exists on your hard drive.

 

:detective: It's called a PUP aka Potentially Unwanted Program. You may see it after a scan called something like this; PUP.Optional.Conduit.A, PUP.Optional.Default and other PUP.designations. Even if your scans have removed some PUPs they are very sneaky and are able to hide in the registry, windows folder and other Nook N' Crannies. PUPs are not a virus, but it does exhibit plenty of malicious traits, such as rootkit capabilities to hook deep into the operating system, browser hijacking, and in general just interfering with the user experience. This type of infection is used to boost advertising revenue, as in the use of blackhat SEO, to inflate a site’s page ranking in search results. So where do they come from? :rant:

 

:alien: The general rule of thumb (and why I don't use anything by Google) is that nothing in life is free. The same goes on the internet. PUPs get on your computer after you have installed a freeware software (video recording/streaming, download-managers or PDF creators) that had bundled into their installation this browser hijacker. This Potentially Unwanted Propgram is also bundled within the custom installer on many download sites ( CNET, Brothersoft or Softonic), so if you have downloaded a software from these websites, chances are that PUP.Optional.Conduit.A was installed during the software setup process. Also in the last few months it seems even OPEN SOURCE distributor http://sourceforge.net has been found guilty of adding Potentially Unwanted Programs so be careful. Waterfox and other large profile projects such as GIMP have also moved away from SourceForge recently. The reason being to shady adverts and that SF force their own installer onto users, prompting them to install other software and then finally the software the user actually wants. Waterfox will now use CodePlex for file hosting.The new location for Waterfox files will be at; https://waterfox.codeplex.com/ So please be careful even if you have trusted a download site in the past. :zorro:

 

You should always pay attention when installing software because often, a software installer includes optional installs, such as this PUP.Optional.Conduit.A browser hijacker. Be very careful what you agree to install. Always opt for the custom installation and deselect anything that is not familiar, especially optional software that you never wanted to download and install in the first place. It goes without saying that you should not install software that you don’t trust.

 

:help: So here's how to get rid of the PUP browser hijack.

 

Make a restore point and back up your files and do the following in order.

 

1) AdwCleaner; The AdwCleaner utility will scan your computer for PUP.Optional.Conduit.A malicious files and registry keys, that may have been installed on your computer without your knowledge. http://www.bleepingc...oad/adwcleaner/

 

2) Junkware Removal Tool; this utility can take a while to complete (like 10-30 minutes) depending on your system’s specifications and will display a log with the malicious files and registry keys that were removed from your computer. So grab a coffee http://www.bleepingc...e-removal-tool/

 

3) Malwarebytes Anti-Malware; It will remove worms, trojans, rootkits, rogues, dialers, spyware. A quick scan will do or if your having problems with your computer like choppy video or laggyness then do a full scan. Linked above.

 

4) Run a secondary spyware/malware removal tool like spybot http://www.safer-networking.org/ or HitmanPro

 

5) Malwarebytes Anti-Rootkit BETA; Go here and run this http://www.malwareby.../products/mbar/

 

6) Lastly update your anti virus and run a "BOOT TIME SCAN" :animier:

 

:construction: I have been a beta tester for the Firefox browser since before it was called Firebird and Pheonix. I still run the beta Nightly 64bit browser for kicks and I have been a http://www.waterfoxproject.org/ user since that project first kicked off. I use Palemoon on my laptop and I also use the Tor browser https://www.torproject.org/. However recently I switched from Waterfox as my main browser to Cyberfox [EDIT: but this whole browser turned out to be a privacy sham filled with exploits so stay away. I am back to Waterfox full time.] I use Chrome too when I search the Asian gaming forums because they have the best translation feature built right in the browser making it super easy to search for mods and ENB presets. Version 16.0.1 of Waterfox is the last confirmed release to work with Windows XP 64bit; get it here; http://www.neowin.net/news/download-waterfox-1601-without-avg-toolbar

 

EDIT: As of Sept. 2015, I only recommend Waterfox and Firefox browsers

 

Obviously I use different browsers for different activities. I suggest you do the same. I have one browser I use for Music and Video, another for Gmail, Facebook, Twitter and other Social Media, blogs and media in general.

 

I use over 15 security add-ons installed on my Cyberfox browser. Most of them you will have not heard of and are for more advanced browser comprehension;

 

ad block plus
ad blocker for gmail
all in one side bar
avast web rep
better privacy
certificate patrol
cipher fox
cookie controller
dnssec validator
download statusbar
dr web anti virus link checker
ghostery
https finder
https everywhere
java console
java quick starter
microsoft net framework assistant
no script
nosquint
perspectives
requestpolicy
wot
x-notifier
foxtab
lastpass

 

This list is incomplete and I'll update it shortly and add links. I will also gather my list of add-ons for my other browser set ups. :construction:
EDIT: If you want to see my updated Mozzilla add-on security collection then just click on the link.

 

The Nexusmods website and forum:
I dislike the owner and administration of Nexusmods. I find the moderators, especially TheVampireDante, to be bullies, rude and childish. I don't like them or their tactics. I am praying that another website could replace them however nothing I have seen has been able to duplicate their service. Their forums suck ass. There is no real community any more like there used to be 5 years ago. That is because of the bullying that they practice. Many top notch modders left the Nexus before it they changed names to Nexusmods. The Chat use to have 2-50 people in it at all times and now you may find 4. it is sad because at one time they used to be leaders and now they are solely responsible for the outbreak of hundreds of private smaller forums that have fragmented the modding community. As far as I am concerned the Nexusmods is a cancer that needs to be eradicated.

 

So have you guys noticed the recent change in policy over at the Nexus and other websites regarding Add blocking software like AddBlock and AddBlock Plus? If you use that add on then you will have noticed that the Nexus now recognizes that you are blocking their advertisements. They actually place an advertisement of their own that asks you to turn the add blocker off with some sappy story that they need the money. Regardless they are interfering with the space on your screen and in truth it is an advertisement to buy a membership. For this reason I will tell you how to get rid of it and enjoy a full screen without annoying advertisements.

 

You need to have add block plus
http://addons.mozilla.org/en-US/firefox/addon/adblock-plus/

 

install Greasemonkey (for firefox) or tampermonkey (chrome)

 

http://addons.mozilla.org/en-Us/firefox/addon/greasemonkey/

 

Then go to
http://github.com/reek/anti-adblock-killer

 

Go to step 3...
and install the the 5 scripts in greasemonkey / tampermonkey
They should auto install but if they don't you can even copy and paste them in. it is pretty simple to get it to work.

 

That's it! No more annoying adds by the nexus to buy their memberships. And it also blocks other websites from doing the same. Consider this a present for allowing me to join the community but remember that this is not 100%. The five scripts that Greasemonkey is running use the most common methods that websites use to see who is using an add blocker. Most of these administrators really don't know how to do this correctly so they never change their operations. This is the reason why Greasemonkey works. There are some webmasters who change their scripts often (monthly/weekly) so to as avoid what Greasemonkey is doing. The Nexusmods is not one of those websites. Besides, new scripts can and are always being written.

 

I don't suggest you use this on every website and forum. For example this one I turn these options off. However Java Script remains the biggest security risk on the internet (FBI report) and malicious code can easily be hidden is video and audio advertisements.

 


:nuke: End of Part 1 :nuke:

  • Like 1


2 Comments


Recommended Comments

Oh wow. That link and tool looks to be fairly new. Interestingly  this blog post was an agmalgamtion of several other blog posts I wrote over the last couple of years. Every now and then I update it and make corrections. Thank you for you comment and participation. I will look into this new information and update the blog accordingly.

Cheers ^^

Share this comment


Link to comment
Guest
Add a comment...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.