Yellow Flag at π @WPalant@infosec.exchange
- Website
- https://palant.info/
- https://twitter.com/WPalant
- Social me
- https://social.tchncs.de/@WPalant
Software developer and security researcher, browser extensions expert. He/him
Other Mastodon account for non-technical topics: https://social.tchncs.de/@WPalant
Joined Aug 2018
Wow, I knew of course that #Brave was running some really aggressive marketing campaigns... But now they are apparently spamming random bloggers because of links to MDN for browser extensions information.
For reference, the article in question is https://palant.info/2015/10/15/using-webextensions-apis-in-a-classic-extension/.
It seems that I'm done with the illustration for next Monday's article. We'll have another "secure browser" to pick apart in a week.
https://www.theregister.com/2020/06/24/bitdefender_security_hole/ got thoroughly confused by Bitdefender announcement claiming that the vulnerability resides in the SAFEPAY browser. No, a malicious website doesn't need to be opened in this browser, the exploit works from any browser as my post clearly states.
https://gbhackers.com/vulnerability-in-bitdefender-anti-virus/ on the other hand appears to be based on my blog post and Bitdefender announcement only. But it somehow manages to misattribute my statements to Bitdefender while also mangling my other statements in an attempt to avoid placing them in quotation marks.
I think the crown so far goes to https://androidrookies.com/bitdefender-anti-virus-found-vulnerable-allowing-attackers-to-run-commands-remotely/ which is a confusing mix of Wikipedia info, my article and https://www.bleepingcomputer.com/news/security/bitdefender-fixes-bug-allowing-attackers-to-run-commands-remotely/ without any of the sources named. Some of my statements are marked as quotes, others are simply part of the text. And parts are just weird.
And then one only needs to enable this reporter in ~/.config/urlwatch/urlwatch.yaml.
Don't forget to set DISPLAY=:0 when running urlwatch via cron!
Luckily, adding a reporter is fairly simple. One can create a ~/.config/urlwatch/hooks.py script, e.g. with the contents below (using kdialog command line tool to display a message).
And - yes, I can totally see how this error message can make someone despair. Crazy enough, I actually remember moving TSRs into high memory. π
I did try going through their support channel as well but got the reply below. I guess that #BullGuard outsourced their support to some country far away...
Fancy phishing approach: rather than spam a suspicious phishing URL, send people a link to a Google Docs document. Make that document look like a download page and long enough that the Google footer disappears below the fold. The "here" link points to a malicious URL of course.
Came across this wonderful web-only password manager today. Sure, security-wise that's an inherently flawed combination. But their security bullshit is soooo charming... #crypto #passwords
Ok, so far it seems that the technical changes in Firefox are limited to a consent page. If you disagree the extension won't do anything and suggest that you uninstall. If you agree the same data is transmitted as before (minus page title).
Somehow my quick and dirty tool to make minified JS code readable turned into a pretty versatile pattern matching framework. At this point it can undo quite a bit of readability damage already, and adding new patterns is fairly easy.
Sometimes I almost regret not collecting IP addresses of blog commenters, this comment was likely sent from Avast headquarters. Seems to be the kind of logic a company would use to justify going behind users' back. They are fighting for data freedom!
I realize that clocks are ticking differently for embedded devices, which is why Windows XP installs are still common. However, this view on a German ICE train screen is still special. Judging by the visuals, this is Windows 3.1, released 1992. Take that, software updates!
This is either a huge "hack me please" sign in this browser extension's manifest or the extension is actually a backdoor. In case you are wondering: no, I don't think that the extension is using any of these permissions.
Me: Nice, a browser extension listing script-src: 'unsafe-eval' in its CSP. They disabled all protections, there might be fancy vulnerabilities inside.
Them: Actually, we only need it for this code:
Finally brought out an update for PfP: Pain-free Passwords. Now I get to use the new access keys feature in my production profile.
- Website
- https://palant.info/
- https://twitter.com/WPalant
- Social me
- https://social.tchncs.de/@WPalant
Software developer and security researcher, browser extensions expert. He/him
Other Mastodon account for non-technical topics: https://social.tchncs.de/@WPalant
Joined Aug 2018
