-
Content Count
764 -
Joined
-
Last visited
-
Days Won
19 -
Donations
$0.00
Sampei.Nihira last won the day on January 17
Sampei.Nihira had the most liked content!
Community Reputation
338 ExcellentAbout Sampei.Nihira

Profile Information
-
OS
XP Home
Recent Profile Visitors
-
Newest Adobe Flash and Shockwave, and Java, too!
Sampei.Nihira replied to dencorso's topic in Windows XP
In chrome-based browsers this is possible through an extension. The best extension from a privacy point of view is: https://chrome.google.com/webstore/detail/font-fingerprint-defender/fhkphphbadjkepgfljndicmgdlndmoke?hl=it -
Windows Finger command abused by phishing to download malware
Sampei.Nihira replied to Sampei.Nihira's topic in Windows XP
It's indirect protection. If they change the method of attack it will be in vain. I personally prefer to use a direct block. I put a custom rule in NVT OSArmor that blocks Finder.exe: [%PROCESS%: *\finger.exe] In OSes later than W.XP it is easy to get a firewall hardening for the most abused commands via the tool below: https://hard-configurator.com/download/ LOLBin - Add If a rule is not in the list it is easy to add it. -
Newest Adobe Flash and Shockwave, and Java, too!
Sampei.Nihira replied to dencorso's topic in Windows XP
@VistaLover [OT mode on] My friend if you want to reduce the fonts fingerprint consider that our browsers have this function: https://www.ghacks.net/2016/12/28/firefox-52-better-font-fingerprinting-protection/ Some time ago I inserted the default list of Tor fonts. [OT mode off] -
https://www.bleepingcomputer.com/news/security/windows-finger-command-abused-by-phishing-to-download-malware/ It is interesting to note that Finger.exe is also available in Windows XP. The exe is in the "System32" folder. This type of attack will probably never affect our OS. But considering the rarity of use of the Finger.exe command, it might be interesting to consider blocking it. Adding a rule to block the connection in your firewall has the same effect. P.S. For OS after W.XP, for example w.10 x64, the rules are at least 2 because you also need to lock the ex
-
Newest Adobe Flash and Shockwave, and Java, too!
Sampei.Nihira replied to dencorso's topic in Windows XP
@to All Always enable "click-to-play" mode. When you don't need to use Flash you can hide the plugin with the rule: about:config plugin.scan.plid.all If your browser doesn't detect the Flash plugin probably (but you need a test to know this for sure) you don't have to worry about unwanted connections. -
Newest Adobe Flash and Shockwave, and Java, too!
Sampei.Nihira replied to dencorso's topic in Windows XP
More Flash Player test: https://browserleaks.com/flash -
@roytam1 NM28:
-
You do well. I've been sleeping well since last Friday. https://www.wilderssecurity.com/threads/0patch.386344/page-4#post-2981136 However, this warning thread + solution might be useful to some other MSFN member.
-
1) PAExec does not encrypt the data: https://github.com/poweradminllc/PAExec/issues/31 Even the officially supported version for XP (v. 2.11) encrypts data. 2) Development seems to have stopped many years ago .... too many. It would be interesting to find out which version of PsExec.exe is embedded in the latest version of PAExec 1.28. 3) It probably suffers from the same vulnerability discovered recently.
-
For more info see the article below: https://www.bleepingcomputer.com/news/security/windows-psexec-zero-day-vulnerability-gets-a-free-micropatch/ Just today PsExec.exe v.2.21 is out: https://docs.microsoft.com/en-us/sysinternals/downloads/psexec After downloading the tool I discovered that the version of PsExec.exe is v.2.30. Although in the system requirements is specified from Windows Vista onwards through CFF Explorer I discovered that in: so it can also run with Windows XP. I use PsExec in my Windows XP pc with the command: psexec -
-
uBlock Origin, Chromium 54 and Firefox 52.9 ESR
Sampei.Nihira replied to FranceBB's topic in Windows XP
EasyList does not have a malware tag in the Filterlist. Just do a simple search by Tags. The purpose of the list is to block ads: If the blocking of ads also prevents the opening of pop-ups with possible malware content as a secondary effect, this decreases in value for those who use the Kees1958 list + Noscript. As you can see in my custom lists there are antiphishing and antimalwares lists as well. And in "my filters" I use my very personal Spamhaus list of 17 rules compared to the default of 10. Not to mention the rule: ||HTTP://*^$third-party,~stylesheet,~med -
uBlock Origin, Chromium 54 and Firefox 52.9 ESR
Sampei.Nihira replied to FranceBB's topic in Windows XP
I have two custom lists that are more efficient than the predefined ones: 1) Extremely Condensed Adblocking List 2) EU US most prevalent ads & trackers ABP format And as you can see I have also entered the specific language list: 2A) EasyList Italy (minified) These lists are more than enough to stop ADS. Note that I also use Noscript. Those who don't use Noscript can set uBlock Origin in medium mode. To get an ADS block with identical effect. -
uBlock Origin, Chromium 54 and Firefox 52.9 ESR
Sampei.Nihira replied to FranceBB's topic in Windows XP
Please read Tomaso's final comment which might be useful for MSFN members using Github: https://forum.palemoon.org/viewtopic.php?f=70&p=206033&sid=d31d63cf2d7940d63dbdc9e6d97abd7d#p206033 -
uBlock Origin, Chromium 54 and Firefox 52.9 ESR
Sampei.Nihira replied to FranceBB's topic in Windows XP
Probably my final configuration: -
Newest Adobe Flash and Shockwave, and Java, too!
Sampei.Nihira replied to dencorso's topic in Windows XP
Thank you for your test. So that's it for the chinese Flash.