> Should we be insulted that they don't check for SSH?
>
> Ah, "According to Nullsweep, who first reported on the port scans, they do
> not occur when browsing the site with Linux."
Probably more flattered about ssh - they know they're not getting anything
out of a linux system anyways.
Interesting on the second comment - didn't catch that. Wonder why/how
windoze allows this, but linux does not? And what about the mac users?
Now I'm even more curious.
I feel a bit better knowing I'm protected since I don't use windoze for
anything but visio, but the other billion suckers still using windoze as a
main rig are screwed as usual.
> I use uMatrix to limit JavaScript. Most sites aren't allowed to run any.
I too use uBlock Origin, mostly for adware lists, but I use NoScript that
flat disallows sites unless whitelisted. It breaks all sorts of stuff
until whitelisted, but usually the ones that require me to whitelist more
than a few domains, I quickly close and forget about. It's pretty scary
going to big sites like various news outlets just how many domains their
javascripts are banging your browser with. I've seen upwards of 20-30
foreign domains all attempting to track/probe you at times - those I close
quick, blacklist them all, and thank the fact I have script blocking
enabled.
Trying to get others to use noscript or any sort of whitelist model is
tough, 99% of the time they don't want the inconvenience and end up turning
it off. I usually stop taking tech support calls or listening to whining
after that when they're infected yet again.
-mb
On Mon, May 25, 2020 at 6:17 PM der.hans <
PLUGd@lufthans.com> wrote:
> Am 24. May, 2020 schwätzte Michael Butash via PLUG-discuss so:
>
> moin moin,
>
> >
> https://www.bleepingcomputer.com/news/security/ebay-port-scans-visitors-computers-for-remote-access-programs/
> >
> > This was a bit disturbing to read today. Ebay injects a few javascript
> > connections back to your requesting system, measures a basic socket
> > connection, telling them if the port is open or not, amounting to
> > effectively a local host port scan for specified ports, behind a
> firewall,
> > from a web page you visited. They are doing this looking for remote
> admin
> > applications in fact, rdp, vnc, teamviewer, many others. Hmm.
>
> Should we be insulted that they don't check for SSH?
>
> Ah, "According to Nullsweep, who first reported on the port scans, they do
> not occur when browsing the site with Linux."
>
> :)
>
> > So any public website can query any port from visiting a web page, and
> > possibly interact with any sort of local or other api on my system?
> >
> > I wouldn't think Javascript would be allowed to chain off a host like
> that,
>
> JavaScript can run bitcoin miners on your system. It can also attack and
> steal the credentials for your bitcoin account and thereby take all your
> coins. Plus there are the exploits of password browser plugins such as
> LastPass.
>
> I use uMatrix to limit JavaScript. Most sites aren't allowed to run any. I
> even remove the 1st party allowances for most of my browser instances.
>
> That does render some site totally unreadable. I ignore most of those.
>
> For some sites, I allow certain JavaScript. For instance, for
> HumbleBundle I allow JS from HB, but also from Stripe. Sometimes I have to
> allow google and recaptcha in order to checkout. Sometimes I just don't
> bother with the bundle as it's not worth the annoyance.
>
> For ebay, I have a separate browser instance as the site has lots of
> JavaScript. I generally just don't use ebay very much. I need to get
> better at running browsers out of containers and restricting their
> access. In fact, I might finally be in a position to try out qubes.
>
> ciao,
>
> der.hans
>
> > or at least have protections from certain abuse. I suppose it's valid if
> > linking to another site, but JS/Browsers allowing local random port use
> > like this, seems ebay is probably not the only ones to abuse this in
> > certain ways. I know you can do some interesting things with websockets,
> > seems chaining via same methods to remote interact would be trivial.
> >
> > This is pretty devious actually, I'm both a bit scared for ebay, not to
> > mention all the other sites I "trust", let alone the ones I don't.
> > Everyone else that just allows pervasively javascript is just hozed.
> Which
> > is standard for everyone since javascript existed.
> >
> > I use noscript pervasively, and whitelist only valid sites. Ebay is a
> > valid site, didn't think I had to protect myself, but how would you
> protect
> > against this? Curious also the take from web dev's on this, other than
> > thanks for the tip. :)
> >
> > -mb
> >
>
> --
> # https://www.LuftHans.com https://www.PhxLinux.org
> # Boredom is self-inflicted...der.hans
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
(text/plain)