bobbonomo

Member
  • Content Count

    70
  • Joined

  • Last visited

  • Days Won

    2

bobbonomo last won the day on November 3 2018

bobbonomo had the most liked content!

Community Reputation

2 Neutral

About bobbonomo

  • Rank
    Active Member

Profile Information

  • Gender
    Male
  • Location
    Montreal Canada
  • Interests
    GOOD beer

Contact Methods

  • Yahoo
    mydumbsite#yahoo.com

Recent Profile Visitors

3304 profile views
  1. You will find that next to impossible to do. There are services you can subscribe to $$ which will filter by blacklist. Search for: web site nanny protection service Now they also know where you surf.
  2. This is dated yesterday March 10. It's a short read Googling Searching for Strangers: One professor's lesson on privacy in public spaces https://www.npr.org/2019/03/10/702028545/googling-strangers-one-professors-lesson-on-privacy-in-public-spaces
  3. Submit the file to https://www.emsisoft.com/en/support/submit or to Virustotal https://www.virustotal.com/ This will just check the file against about 60 engines. I doubt very much if JUST downloading the attachment would cause harm. Your anti-virus should kick in. Now could look at it with a hex editor and see if the magic number is correct. Just what is the URL of the attachment? As for 2.) I seem to remember an exploit where the default action for a file would kick in despite what the extension was. As in double clicking a exe disguised as a jpg. That must have been fixed.
  4. Not sure to whom this was intended for. This is one of the first things I said in my post above of Sunday at 02:29 PM. I'm almost positive your reasons are close to mine. This post by Quara.com is kinda related. You may not think so from the title. Why are Bots unable to Check "I am not a Robot" Checkboxes? https[:]//www.quora[.]com/Why-cant-bots-check-%E2%80%9CI-am-not-a-robot%E2%80%9D-checkboxes/answer/Oliver-Emberton It describes the methods and data Google uses for their CAPTCHA thingy. It's a short read. I read the supporting document presented at Black Hat ASIA 2016 called: I’m not a human: Breaking the Google reCAPTCHA It's a long dry read. 12 pages. There are 3 Challenge Types: No captcha reCaptch, Image reCaptcha, and Text reCaptcha. The different type of challenges varies from user to user. Harder challenges will be presented if a specific user has low reputation or requests multiple challenges or provides several wrong answers many times. The first one is of interest here since we talk about privacy things: "No action required" is what I presume they want to be presented to most users because CAPTCHAs are a royal pain. This means they "own" you with all they have about you. .... and this article is 2+ years old. Imagine what 2 years more has given. Amazing? Scary? Both?
  5. Let me say this about privacy on the Internet. It does not exist really. OK so you are protected from the prying eyes of your service provider and all intermediate routers between you and the server if using https. This is good but... You make a request to thiscrazydomain.com which needs to be resolved. This is done by UDP in clear text. Your ISP probably farms out DNS to a Big Boy like Google's 8.8.8.8 or other like cloudflare's 1.1.1.1 or openDNS's 208.67.222.222 just to name a few. So now it is known. The http request is encrypted but the hosting company now knows too and what page you requested. The server is probably in a cloud. These are Big boys. If using Google Chrome or Firefox then the URL is checked by safebrowsing.phishing or safebrowsing.malware by Google. Microsoft has the same thing using its Edge. Not sure how safebrowsing works or where they check. I see safebrowsing stuff in my FF profile. Whatever security software you use now knows too. Using Chrome is like being connected to HQ in Mountain View CA. Now you are on the server and it uses one or more Content delivery networks (CDN) for all kinds of libraries like Google fonts, Analytics, maps, and all kinds of other "free" stuff they "give" away. Now they all know. How much other stuff happens under the hood? Emsisoft says they check from your computer and I believe this because I see the updates occur on a regular basis and if they did not they would get busted by someone. Using a VPN is good too. Now you need to trust the VPN guy. So are we to believe all these big players respect our privacy when we know it is part of their business model to gather all this info. Use TOR or Tails which is an implementation of TOR operating from a USB stick and does not use the host computer except for the CPU and GPU and memory which is flushed upon exiting. From mozilla
  6. I probably posted this in the wrong forum so I will post here. On the blog https://blog.emsisoft.com/en/32736/phishing-vs-spear-phishing-vs-whaling-attacks/ I left this comment: On my work horse machine, where I have Emsisoft, I installed the Firefox extension and the Edge extension. In Firefox (and I presume Chrome) there is also Google safe browsing activated. Let's put aside that you don't track what URL I visit and Google's whole purpose is to know just that. I do not kid myself about the benevolence of Google and all the " free" stuff they give away. I'm fairly certain Google just checks their Virustotal results. Microsoft also has its safe browsing in Edge for "free". Same deal. So the question is how good are each and/or what is the difference. Is there some report or stats on this? I do phishing verification in a sandbox on another reading machine (with Norton and its FF extension) and some phish do not trigger either which I will call zero-day phish. So I realise nothing is 100% of course.
  7. I'm reading this article from ZDnet called: New browser attack lets hackers run bad code even after users leave a web page https[:]//www[.]zdnet[.]com/article/new-browser-attack-lets-hackers-run-bad-code-even-after-users-leave-a-web-page/ It describes a neat MarioNet attack. (neat from an attacker point of view) So am I protected using my EMSIsoft?
  8. I just use Emsisoft (blocking PUPs) on my workhorse PC with the extension and Norton with its extension on another. I use Firefox because I see Google as a data collection machine and Chrome as an extension of it. But using either you also have Google's safebrowsing.phishing and safebrowsing.malware options enabled by default. I have Privacy Badger from the Electronic Frontier Foundation And I use my instincts.
  9. On the blog https://blog.emsisoft.com/en/32736/phishing-vs-spear-phishing-vs-whaling-attacks/ I left this comment: On the work horse machine, where I have Emsisoft, I installed the Firefox extension and the Edge extension. In Firefox (and I presume Chrome) there is also Google safe browsing activated. Let's put aside that you don't track what URL I visit and Google's whole purpose is to know just that. I do not kid myself about the benevolence of Google and all the "free" stuff they give away. I'm fairly certain Google just checks their Virustotal results. Microsoft also has its safe browsing in Edge for "free". Same deal. So the question is how good are each and/or what is the difference. Is there some report or stats on this? I do phishing verification in a sandbox on another reading machine (with Norton) and some phish do not trigger either which I will call zero-day phish. So I realise nothing is 100% of course.
  10. I'm not so convinced. The name is still registered with namecheap and probably still operates (ping = OVH Poland) using different URL parameters. I never contacted the hoster OVH. There will be others.
  11. Seems to not respond any more. The registrar says so and so do my tests
  12. FYI Here is a fake tech support which comes through: a red screen and audio (both emsi and norton) https: // stfebwehgbewhew.info /90t/?c5aeb99095434e0ftfn1d5aeb99095438a=(866)%20465-8113 It started as https: // stfebwehgbewhew.info /90t/?a=10012592&campid=46 from an ad from: adjustable .global. ssl. fastly. net I have the screenshots and all
  13. The Norton one. The fingerprint must have been different The Emsisoft did miss a coin miner but I reported it in my coin miner thread and it was caught by Norton so I went to my other computer with Emsi to test just to see. I always have a CPU meter on so I would notice a spike for a new coin miner. Neither of these are dangerous so I don't worry much.
  14. Just an update. Since then it has missed a coin miner and a fake site.
  15. You targeted child port to which 99.999% of people would respond with "I don't care" [about my stuff being discoverable (my editorial)]. People always zoom in on this point. That's not the point. Change the target. You are a journalist working in Liberia and your laptop is seized by that "benevolent government". One of your colleagues got popped. Now do you care? I can think of umpteen similar situations and go on and on. Privacy is privacy... the bad comes with the good. What's the alternative? Bring back the little man, from the 30s, with the funny moustache and hair. He would love what we got. NO not Charlie Chaplin.