Content Type
Profiles
Forums
Events
Everything posted by Sampei.Nihira
-
My Browser Builds (Part 2)
Sampei.Nihira replied to roytam1's topic in Browsers working on Older NT-Family OSes
@VistaLover By subscribing to Kees1958's list (which I recommended in the UBO lists) you would have had no problem: https://github.com/Kees1958/W3C_annual_most_used_survey_blocklist/blob/master/TOP_EU_US_Ads_Trackers_ABP It's the premier list for third-party ad blocking. See line 319. -
Latest Version of Software Running on XP
Sampei.Nihira replied to pointertovoid's topic in Windows XP
PotPlayer v.210201 - 1.7.21419 (February 1, 2021) is out: http://potplayer.daum.net/?lang=en -
I wrote it for the benefit of others, not for you. If you don't care you were wrong to read my post. Ignore it, as I should have ignored your useless comments. P.S. The test you entered for the verification of the insecure chiper suites is not the only one. And since I wrote that I do not use this browser it is obvious that the example cited is not specifically referred to 360 but it can be very well adapted to your browser. Never resent it again.
-
I don't use this browser. To use the browser with greater privacy and security, it is necessary to make wise use of Command Line Switches + Experimental Flags. The below command line switches: --cipher-suite-blacklist=0x002F,0x0035,0x000A,0x009C,0xC014,0x009D,0xC013 for example, they eliminate the insecure cipher suites. A discussion of some interesting Experimental Flags, if present in your browser version, can be found: https://malwaretips.com/threads/list-of-interesting-experimental-flags-for-google-chrome.41686/ Using some extensions might also be interesting: Classic Cache Killer 2.2 Canvas Blocker - Fingerprint Protect 0.1.5 Font Fingerprint Defender 0.1.3 WebRTC Protect - Protect IP Leak 0.1.7 The complete List of Chromium Command Line Switches is: https://peter.sh/experiments/chromium-command-line-switches/
-
Latest Version of Software Running on XP
Sampei.Nihira replied to pointertovoid's topic in Windows XP
I have replaced the files of the 7z folder in Bandizip 5.23 with the same files of 7-zip 21.00 apha: https://sourceforge.net/p/sevenzip/discussion/45797/thread/dd4edab390/ No problems. -
Adobe Flash, Shockwave, and Oracle Java on XP (Part 2)
Sampei.Nihira replied to Dave-H's topic in Windows XP
https://www.ghacks.net/2021/01/29/first-potplayer-2021-release-removes-flash-playback-support/ -
Latest Version of Software Running on XP
Sampei.Nihira replied to pointertovoid's topic in Windows XP
PotPlayer v.210127 (1.7.21419) - [January 27, 2021] is out: http://potplayer.daum.net/?lang=en -
Adobe Flash, Shockwave, and Oracle Java on XP (Part 2)
Sampei.Nihira replied to Dave-H's topic in Windows XP
In chrome-based browsers this is possible through an extension. The best extension from a privacy point of view is: https://chrome.google.com/webstore/detail/font-fingerprint-defender/fhkphphbadjkepgfljndicmgdlndmoke?hl=it -
Windows Finger command abused by phishing to download malware
Sampei.Nihira replied to Sampei.Nihira's topic in Windows XP
It's indirect protection. If they change the method of attack it will be in vain. I personally prefer to use a direct block. I put a custom rule in NVT OSArmor that blocks Finder.exe: [%PROCESS%: *\finger.exe] In OSes later than W.XP it is easy to get a firewall hardening for the most abused commands via the tool below: https://hard-configurator.com/download/ LOLBin - Add If a rule is not in the list it is easy to add it. -
Adobe Flash, Shockwave, and Oracle Java on XP (Part 2)
Sampei.Nihira replied to Dave-H's topic in Windows XP
@VistaLover [OT mode on] My friend if you want to reduce the fonts fingerprint consider that our browsers have this function: https://www.ghacks.net/2016/12/28/firefox-52-better-font-fingerprinting-protection/ Some time ago I inserted the default list of Tor fonts. [OT mode off] -
https://www.bleepingcomputer.com/news/security/windows-finger-command-abused-by-phishing-to-download-malware/ It is interesting to note that Finger.exe is also available in Windows XP. The exe is in the "System32" folder. This type of attack will probably never affect our OS. But considering the rarity of use of the Finger.exe command, it might be interesting to consider blocking it. Adding a rule to block the connection in your firewall has the same effect. P.S. For OS after W.XP, for example w.10 x64, the rules are at least 2 because you also need to lock the exe in "syswow64".
-
Adobe Flash, Shockwave, and Oracle Java on XP (Part 2)
Sampei.Nihira replied to Dave-H's topic in Windows XP
@to All Always enable "click-to-play" mode. When you don't need to use Flash you can hide the plugin with the rule: about:config plugin.scan.plid.all If your browser doesn't detect the Flash plugin probably (but you need a test to know this for sure) you don't have to worry about unwanted connections. -
Adobe Flash, Shockwave, and Oracle Java on XP (Part 2)
Sampei.Nihira replied to Dave-H's topic in Windows XP
More Flash Player test: https://browserleaks.com/flash -
My Browser Builds (Part 2)
Sampei.Nihira replied to roytam1's topic in Browsers working on Older NT-Family OSes
@roytam1 NM28: -
You do well. I've been sleeping well since last Friday. https://www.wilderssecurity.com/threads/0patch.386344/page-4#post-2981136 However, this warning thread + solution might be useful to some other MSFN member.
-
1) PAExec does not encrypt the data: https://github.com/poweradminllc/PAExec/issues/31 Even the officially supported version for XP (v. 2.11) encrypts data. 2) Development seems to have stopped many years ago .... too many. It would be interesting to find out which version of PsExec.exe is embedded in the latest version of PAExec 1.28. 3) It probably suffers from the same vulnerability discovered recently.
-
For more info see the article below: https://www.bleepingcomputer.com/news/security/windows-psexec-zero-day-vulnerability-gets-a-free-micropatch/ Just today PsExec.exe v.2.21 is out: https://docs.microsoft.com/en-us/sysinternals/downloads/psexec After downloading the tool I discovered that the version of PsExec.exe is v.2.30. Although in the system requirements is specified from Windows Vista onwards through CFF Explorer I discovered that in: so it can also run with Windows XP. I use PsExec in my Windows XP pc with the command: psexec -l -d To run New Moon 28 and MailNews as with limited-user privileges. I have installed in my browser New Moon 28 the extension IsAdmin and I have verified that the tool works. Probably,considering that the new version of PsExec.exe was released very quickly after the vulnerability was made public,this new version fixes the above specified vulnerability:
-
EasyList does not have a malware tag in the Filterlist. Just do a simple search by Tags. The purpose of the list is to block ads: If the blocking of ads also prevents the opening of pop-ups with possible malware content as a secondary effect, this decreases in value for those who use the Kees1958 list + Noscript. As you can see in my custom lists there are antiphishing and antimalwares lists as well. And in "my filters" I use my very personal Spamhaus list of 17 rules compared to the default of 10. Not to mention the rule: ||HTTP://*^$third-party,~stylesheet,~media,~image This simple single rule blocks all third-party requests (including XMLHTTPrequest, WebSocket, WebRTC, Ping, Object and ObjectSubrequests and Other e.g. beacons), so it provides more protection than uB0 medium mode protection which ‘only’ blocks third-party scripts and (i)frames (subdocuments in AdBlockPlus syntax). It is possible to calculate today that the simple rule above alone blocks at least 30-40% of malicious websites. I believe I am sufficiently protected even in a W.XP OS if we consider that uBlock Origin is only a small part of my security configuration.
-
I have two custom lists that are more efficient than the predefined ones: 1) Extremely Condensed Adblocking List 2) EU US most prevalent ads & trackers ABP format And as you can see I have also entered the specific language list: 2A) EasyList Italy (minified) These lists are more than enough to stop ADS. Note that I also use Noscript. Those who don't use Noscript can set uBlock Origin in medium mode. To get an ADS block with identical effect.
-
Adobe Flash, Shockwave, and Oracle Java on XP (Part 2)
Sampei.Nihira replied to Dave-H's topic in Windows XP
Thank you for your test. So that's it for the chinese Flash.