Jump to content
MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. ×

Sampei.Nihira

Member
  • Content Count

    893
  • Joined

  • Last visited

  • Days Won

    28
  • Donations

    $0.00 

Everything posted by Sampei.Nihira

  1. uBlock Origin Legacy 1.16.4.29 (Jun 12, 2021) is out: https://github.com/gorhill/uBlock-for-firefox-legacy/releases/tag/firefox-legacy-1.16.4.29
  2. Only the "Canvas.poisondata" setting prevents Canvas fingerprinting: https://browserleaks.com/canvas and of course prevents only this type of fingerprinting. As I have already written only the extension: https://addons.palemoon.org/addon/canvasblocker-legacy/ prevents in our browsers the ClientRects Fingerprinting. For other types of fingerprinting, for example font fingerprinting, it is possible to adopt countermeasures, which unfortunately are often partial, in about:config. Some info often general and not specific to the browsers we use,i
  3. Isn't it easier to check with CCleaner? upload pictures
  4. I believe that the only real benefit of a dedicated extension like CanvasBlocker is for ClientRectsFingerprinting: https://browserleaks.com/rects If you're worried about this kind of fingerprinting you have no alternative.
  5. BurnAware v.14.4 (Released May 27, 2021) seems no longer compatible with Windows XP: https://www.burnaware.com/download.html True Burner v.7.4 still seems compatible: https://www.glorylogic.com/true-burner.html but to the download web-page they declare that it is compatible from Vista: https://www.glorylogic.com/download.html
  6. Yes, in fact the signature verification is not very important from a security point of view, in our OS. On the contrary in the most modern OS it is fundamental. Especially if combined with the modify of registry key "ValidateAdminCodeSignatures". By changing the value of this registry key (default 0) you can prevent unsigned executables (including malwares) from starting. A simple trick that disarms unsigned malware.
  7. I too, like Jaclaz, would recommend following BlackViper's list. I personally have disabled many more services than they recommend without any problems. It also eliminates any AV in real time, and any third-party FW.
  8. Certainly your version of Process Explorer. I don't remember where but I have explained in the past in the forum that versions after 16.12 malfunction in Windows XP. Try P.E.version 16.12, if then you get the same situation we will see in detail what to do next. P.S. I deleted because I'm sure you solve. P.S.1 For a more profitable use of P.E. it is better to set the software as in the image below:
  9. I disagree. Every vulnerability in my installed softwares known with remote code execution has been taken in examination, when not patched, and therefore submitted, when possible, to more mitigation and/or protection interventions. This protection then includes any undiscovered vulnerabilities. Even system vulnerabilities are no longer attackable by modern malware today. It does not have the ability to act in a Windows XP OS, because it targets more modern OS and especially x64. But unfortunately this discussion is OT in this thread, please do not continue because I will not answe
  10. Thank you for this information of yours. I am used to viewing code with Notepad.exe. Also, it will seem strange, but Notepad++ increases, at least statistically, the attack surface. Only one vulnerability with remote code execution is known: https://www.cvedetails.com/vulnerability-list/vendor_id-20673/year-2019/opec-1/Notepad-plus-plus.html Although the (patched) vulnerability has an extremely limited target, and will never affect our OS, the bugs history tells us that there is the probability of other unknown and not discovered vulnerabilities always present i
  11. I tried installing the ABprime extension: https://interlink-addons.binaryoutcast.com/addon/abprime/ in MailNews. It installs but I don't display any options: Does this happen to you?
  12. Interesting news. Please consider carefully to have installed in your OS Windows XP in addition to this software also NET FW 4.0.3 (release date 2012). NET FWs also suffer, unfortunately, from vulnerabilities to be patched: https://www.cvedetails.com/product/2002/Microsoft-.net-Framework.html?vendor_id=26 I decided a few years ago to uninstall all versions of NET FW from my OS. No problem, but obviously I can't use some softwares that require them.
  13. Forgive the disturbance friends, just yesterday 0Patch has published the fix for a vulnerability that also affects I.E.9: https://blog.0patch.com/2021/05/micropatch-for-remote-code-execution.html https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26419 The patch on Microsoft Update Catalog is KB5003165.
  14. Probably within a short time there will be an update: https://github.com/gorhill/uBlock-for-firefox-legacy/issues/304 Hopefully.
  15. Next time you want to uninstall software give a try to IOBitUnistaller Portable: https://portableapps.com/apps/utilities/iobit_uninstaller_portable which also allows you to clean the registry. Obviously, before cleaning the registry, check what the software will delete.
  16. I will answer you by integrating some info that has already been written: https://www.ghacks.net/2021/05/14/custom-browser-protocol-handlers-may-be-used-for-fingerprinting/ Let's take the case of Zoom: the videoconferencing application configures and uses the URL zoommtg://. If you click on the browser side on an address starting with this prefix, Zoom will open immediately and automatically. I chose Zoom because it was recently brought to attention in this very thread. With Skype it's the same: https://github.com/fingerprintjs/external-protocol-flooding
  17. It is not possible to claim that Linux/Android are a mitigation to the bug. Instead it is correct to say that the test fails. The developer states that the test succeeds with Ubuntu 20.04: https://github.com/fingerprintjs/external-protocol-flooding The mitigations to the bug are those that I have already cited, therefore a script-blocker.
  18. No surprise. Unfortunately, the bugs are there and always will be. We must do our best to take care of privacy and security, without becoming paranoid.
  19. If for that matter, it doesn't even work in Android. But that's OT in this thread
  20. Vulnerability affects many browsers. P.S. If you like you can put the test to the attention of W members.
  21. NM28 + Noscript: Schemeflood.com script allowed temporarily: image hosting
  22. @nicolaasjan If you change browsers the identifier should remain the same. This is at least the intention of the test developer. We take every precaution possible (Noscript.....etc......) to protect our privacy.
×
×
  • Create New...