Networking stuff

[408Mike]

I got nosey earlier and found some file folder with spyware/adware origins that has to do with "effective measures" which, supposedly, is just for numbers tracking, trying to track where users go for advertisers. The files were in a secluded repository of shared objects in my flash player or something, Oddly enough though I did a little more digging and this crap is actually very likely spyware sent from broadband service providers for monitoring purposes kind of off the books. By making "effective measures" the bad guy big companies like comcast can get their hands on the info they want, like users web habits and general tone in public about comcast (meaning are users bitching online or are they happy, that sort of thing) and normally an ISP's official stance on this sort of thing is "no bueno without a subpoena." As if they truly value the privacy of their users rofl anyway this way it's a little bit discreet so I give them the nod for at least trying to be polite...Anyway block that shit like so:

1. go to start button
2. right click on notepad
3. select run as administrator
4. click on yes in prompt to continue
5. go to file menu in notepad
6. click on open file
7. select all files in drop down list before selecting the file
8. go to windows/system32/drivers/etc
9. select hosts file
   
10. copy contents over to notepad and then copy and paste the following at the bottom of the hosts file:

127.0.0.1 my.effectivemeasure.net
127.0.0.1 my-ssl.effectivemeasure.net
127.0.0.1 my-cdn.effectivemeasure.net
127.0.0.1 p.effectivemeasure.net
127.0.0.1 p-ssl.effectivemeasure.net
127.0.0.1 cdn.effectivemeasure.net
127.0.0.1 www1.effectivemeasure.net
127.0.0.1 www2.effectivemeasure.net
127.0.0.1 www3.effectivemeasure.net
127.0.0.1 www4.effectivemeasure.net
127.0.0.1 www5.effectivemeasure.net
127.0.0.1 www6.effectivemeasure.net
127.0.0.1 www7.effectivemeasure.net
127.0.0.1 www8.effectivemeasure.net
127.0.0.1 www9.effectivemeasure.net
127.0.0.1 ww10.effectivemeasure.net
127.0.0.1 www10.effectivemeasure.net

Consider creepy isp spyware sharing creepy modules in reclusive subfolders of programs (I don't even have installed on my computer as I use chrome!) fuckzered for the time being.

Wondering if anyone else has something good to add, tweaks to make shit load faster (am I fucking up using comcasts DNS servers? 75.75.75.75 and 75.75.76.76 honestly I used to use google's ( 8-8-8-8 and 8-8-4-4) and remember them working much better but for some reason I got the new dns from a nerdy friend who states this is the faster way to fly so I haven't reverted back yet but I'm getting close to it as page load times are creeping along here, in highly aggravating fashion)

Anybody have anything they find worthwhile to add please do (in the interest of networking strategy and good items to add to your hosts file mostly)

[408Mike]

It appears to me that what I stumbled on is actually probably a security hole in google chrome (maybe it's not I am not sure)

navigate to C:\Documents and Settings\username\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects and you will see a few file folders (for example pokerfraudalert has a folder in here with a folder entitled PMclient.SWF which contains an object I believe used to run the poker skin software) which contain whatever object is used by the shockwave flash player embedded in chrome by default.

I wasn't pleased when I discovered these objects and deleted them all and set out to block my browsers from being able to access the effectivemeasure.net spyware sites via additions to my hosts file and wouldn't you know it, the very next day all traces of the effectivemeasure.net folders and objects has all VANISHED from my computer. That is disturbing to say the very least as i did not authorize any data destruction on my computer here, I did not authorize any person or thing to access my hard drive and make changes to my file system of any kind whatsoever.

I am genuinely curious now what's stopping malicious third party's from simply depositing malware of whatever flavor (a simple dropper is a tiny dll that can be used to effectively overtake fairly hardened machines over a period of time as the malware downloads bits and pieces of itself and presuming it needs to be stealthy which everything is nowadays you probably have very little time to catch the malicious software in the act before it obfuscates itself invisible and that's it, you no longer own your own machine) via this loophole in chrome because by the looks of it unless you are smart enough to never go online with your admin account and have chrome sandboxed into a standard users account, you might be screwed and this can probably happen MUCH easier than anyone realizes.

I took a look at the default settings for this component of chrome and found it mildly interesting, the only interesting things to me were disallowP2PUplink (strange) defaultalways crossdomainAllow crossdomainAlways and of course allowthirdpartyLSOAccess (library of shared objects access)

so let me get this straight- say I go to sonatine's site.com hypothetically what is stopping the owner of the site from instantly depositing a flash based malware of some kind directly into this LSO file and from there controlling the malware remotely and piece by piece taking over the entire system? I mean yeah I trust Druff not to deposit a rootkit under the guise of it being part of the poker skin software BUT (and this is a big 'but') never did i authorize pokerfraudalert or his third party to access secure areas on my hard drive and make changes to my hard drive of any kind ever (that I remember anyway) so just to be sure I decided to check out the nofraud online poker tab and read the text there (says nothing about my agreeing to allow an undisclosed third party to access my hard drive) I click a link stating "click here to start playing online poker" and sure as shit never once was I asked to provide this third party access to my hard drive and deposit a flash object (for how long? forever? wait I never said yes in the first place yet this object has no life expectancy? it's just going to be there forever? and who is looking out for me who can I count on to make sure nothing fishy is going on? to my knowledge this has never come up, I find that unsettling...) interestingly enough now that I have deleted the object that was there before now the poker skin doesn't work. It's telling me to reinstall adobe flash player and I find this interesting because this means the first time you access the poker client the file folders I mentioned are created on the computer being used and this pmclient.swf folder is created with an object inside, maven.so I think it was and so this means at that time somehow my computer agreed to allow this third party access to my hard drive WITHOUT MY EVER AGREEING TO IT.

I have a very big problem with this and not specifically to druff but more along the lines of ALL THE FUCKING SPYWARE THAT IS BEING MYSTERIOUSLY DEPOSITED ON MY HARD DRIVE and without my ever agreeing to any of it. Specifically in C:\Documents and Settings\admin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\ShockwaveFlash\WritableRoot\#SharedObjects\BB FXK4JV\macromedia.com\support\flashplayer\sys I come to discover nearly 20 folders from seedy porntube sites I haven't visited in weeks and these sites are very easily accessing my damned hard drive and making changes to my file system without ever announcing what they were doing and why to me.

I am legit pissed off here as what's keeping everyone safe? What is stopping an attacker from, say, depositing a dropper and using privilege escalation functionality built into IE to grant the object admin/root access to the hard drive and hosta la vista baby? Are flash and java really truly that terrible and security and not worth the effort anymore since saavy hackers and coders simply know so many chinks in the armor that it is most likely impossible to cover every base so just keep sensitive material offsite then? Seems to make the most sense to use firefox then as it doesn't come preloaded with flash and it's super easy to turn javascript off (you really don't need java often if ever so don't be afraid of turning javascript off and turning back on only on a case by case basis) so anyway yeah, sonatine/druff/bootsy or whomever what do you think? Srsly you have a lot of experience with flash, am I crazy or is this legitimately something to be concerned about?

[Deal]

Mike please add the following to your host file:

127.0.0.1 pokerfraudalert.com

[408Mike]

if anyone cares to tinker with their flash security settings you can do so here

why you cannot do this on your native machine without going online I have no idea but it seems very dodgey to me for some reason...

gosh, I just love finding out an application that came preinstalled with chrome comes autoset to allow third party flash content to be stored on my computer as well as "store common flash components to reduce download times" SUPER! So when I said I wanted chrome what I REALLY meant was I desired a swift fucking of my asshole by whatever unscrupulous companies I inadvertently come in contact with while navigating the web.

the plot thickens...

the peer assisted networking tab is hilarious, "some websites may use the peer assisted networking feature of flash player and may use your local upload bandwidth" what the fuck why isn't this auto-set to disable p2p linking for all? I have to manually do this shit? fuck adobe and fuck flash, isn't there more secure software out there than this? and fuck java right in it's gaping asshole as I have never found it used for anything BUT malware.

fuck me to tears I hate being so inquisitive. now I hate my computer again and wish instead for simpler times like I remembered growing up when the world wasn't rife with danger around every corner and people were nice because they were nice and not because they want to exploit or ridicule from behind closed doors...gaysex, that would be you and I know you're not the only one but still...for shame.

[Deal]

Mike remembers the good ole days...

[408Mike]

deal you may want to try dorkdown.com it's more your style