Am 25. May, 2020 schwätzte Michael Butash so:
moin moin,
Should we be insulted that they don't check for SSH?
Ah, "According to Nullsweep, who first reported on the port scans, they do
not occur when browsing the site with Linux."
Probably more flattered about ssh - they know they're not getting anything
out of a linux system anyways.
Could they? I thought there was a problem with JavaScript hitting
localhost a couple years ago and this was blocked.
One of the links in the original article points to a break-down of the
code in question. I'm only about 1/3 of the way through the article, so I
don't yet know how it ends. Spoilers are OK :).
https://blog.nem.ec/2020/05/24/ebay-port-scanning/
As to script blocking below, yeah, other than security-curious people at
conferences, I don't get much buy in. Kidling however is learning to work
with it :).
ciao,
der.hans
Interesting on the second comment - didn't catch that. Wonder why/how
windoze allows this, but linux does not? And what about the mac users?
Now I'm even more curious.
I feel a bit better knowing I'm protected since I don't use windoze for
anything but visio, but the other billion suckers still using windoze as a
main rig are screwed as usual.
I use uMatrix to limit JavaScript. Most sites aren't allowed to run any.
I too use uBlock Origin, mostly for adware lists, but I use NoScript that
flat disallows sites unless whitelisted. It breaks all sorts of stuff
until whitelisted, but usually the ones that require me to whitelist more
than a few domains, I quickly close and forget about. It's pretty scary
going to big sites like various news outlets just how many domains their
javascripts are banging your browser with. I've seen upwards of 20-30
foreign domains all attempting to track/probe you at times - those I close
quick, blacklist them all, and thank the fact I have script blocking
enabled.
Trying to get others to use noscript or any sort of whitelist model is
tough, 99% of the time they don't want the inconvenience and end up turning
it off. I usually stop taking tech support calls or listening to whining
after that when they're infected yet again.
-mb
On Mon, May 25, 2020 at 6:17 PM der.hans <pl...@lufthans.com> wrote:
Am 24. May, 2020 schwätzte Michael Butash via PLUG-discuss so:
moin moin,
https://www.bleepingcomputer.com/news/security/ebay-port-scans-visitors-computers-for-remote-access-programs/
This was a bit disturbing to read today. Ebay injects a few javascript
connections back to your requesting system, measures a basic socket
connection, telling them if the port is open or not, amounting to
effectively a local host port scan for specified ports, behind a
firewall,
from a web page you visited. They are doing this looking for remote
admin
applications in fact, rdp, vnc, teamviewer, many others. Hmm.
Should we be insulted that they don't check for SSH?
Ah, "According to Nullsweep, who first reported on the port scans, they do
not occur when browsing the site with Linux."
:)
So any public website can query any port from visiting a web page, and
possibly interact with any sort of local or other api on my system?
I wouldn't think Javascript would be allowed to chain off a host like
that,
JavaScript can run bitcoin miners on your system. It can also attack and
steal the credentials for your bitcoin account and thereby take all your
coins. Plus there are the exploits of password browser plugins such as
LastPass.
I use uMatrix to limit JavaScript. Most sites aren't allowed to run any. I
even remove the 1st party allowances for most of my browser instances.
That does render some site totally unreadable. I ignore most of those.
For some sites, I allow certain JavaScript. For instance, for
HumbleBundle I allow JS from HB, but also from Stripe. Sometimes I have to
allow google and recaptcha in order to checkout. Sometimes I just don't
bother with the bundle as it's not worth the annoyance.
For ebay, I have a separate browser instance as the site has lots of
JavaScript. I generally just don't use ebay very much. I need to get
better at running browsers out of containers and restricting their
access. In fact, I might finally be in a position to try out qubes.
ciao,
der.hans
or at least have protections from certain abuse. I suppose it's valid if
linking to another site, but JS/Browsers allowing local random port use
like this, seems ebay is probably not the only ones to abuse this in
certain ways. I know you can do some interesting things with websockets,
seems chaining via same methods to remote interact would be trivial.
This is pretty devious actually, I'm both a bit scared for ebay, not to
mention all the other sites I "trust", let alone the ones I don't.
Everyone else that just allows pervasively javascript is just hozed.
Which
is standard for everyone since javascript existed.
I use noscript pervasively, and whitelist only valid sites. Ebay is a
valid site, didn't think I had to protect myself, but how would you
protect
against this? Curious also the take from web dev's on this, other than
thanks for the tip. :)
-mb
--
# https://www.LuftHans.com https://www.PhxLinux.org
# Boredom is self-inflicted...der.hans
--
# https://www.LuftHans.com https://www.PhxLinux.org
# ... make it clear I support "Free Software" and not "Open Source",
# and don't imply I agree that there is such a thing as a
# "Linux operating system". - rms
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
