Threaded Mode | Linear Mode

Siamesecat · Mar. 08, 2005, 07:31 AM

Kye-U,

That "IDN "xn--" URL Remover" filter in the security collection V 4.31 has been bugging me. The conversion of the URL to the "xn--" format is done by the browser, not by the web server. Unless a URL is deliberately given that kind of a host name, the filter will never be used. By the time the conversion is done, it is too late to use a web page filter to catch it. A header filter might work; I'm not sure about that.

Siamesecat · Mar. 28, 2005, 09:16 PM

There is a Firefox spoofing vulnerability according to this page:
http://secunia.com/product/4227/#advisories
The sample code given is:
"Save link as" spoofing weakness (Mozilla Firefox)

Code:

<a href="[TRUSTED_URL]">

<table><tr><td>

<a href="[MALICIOUS_URL]">download

</a>

</td></tr></table>

</a>

I was wondering if this sort of match would catch it:

Code:

Match = "<a*href=$AVQ(\1)*<a*href=$AVQ(\2)*</a>*</a>"

"$SET(url=\1)(^$TST(url=\2)"

Replace = "Different address!!"

I am not sure if one can test variables like that. If that is not workable, what would be better?

Ishamael · Apr. 06, 2005, 01:29 PM

Another Firefox vulnerability:
http://secunia.com/advisories/14820/

***ProxRocks*** · Apr. 06, 2005, 05:54 PM

lol... read your name there and thought "Moby Dick"...
but then noticed the extra 'a'...

sorry, only the "literary types" followed that, I suppose...
but anyway...

Oddysey · Apr. 07, 2005, 02:36 AM

ProxRocks;

Quote:sorry, only the "literary types" followed that, I suppose...

Hey, I resemble that remark! :o [lol]

Cheers

Oddysey

Siamesecat · Apr. 07, 2005, 06:35 AM

That vulnerability has been fixed in Firefox v. 1.0.3. I just tested it.

skay_baltimore · Apr. 10, 2005, 10:38 PM

Wow. I pretty much spent the afternoon reading through this thread, trying to absorb as much as I could. My input now seems so tiny compared to everything that I read, but for whatever it's worth, I found that one filter in the cfg pack was causing my home page, myway.com, to not load. I went through each item and eventually boiled it down to: "Stop Browser Window Tricks", by Siamesecat. I looked at the filter to see if I could figure out what it was about it that was making myway.com not load properly, but I couldn't figure it out. (Even though I've been using Proxo for years, I'm still a newbie when it comes to the writing and working of the filters. Sad

After unclicking that filter, everything is working fine, for now.

Hats off to Kye-U, Siamesecat, ProxRocks, Jaded Goth, Oddysey, Ishamael, Sidki, and all the other contributors to this thread, forum, and Proxo.

sk

Shea · Apr. 10, 2005, 10:43 PM

Isn't MyWay a spyware vendor? Don't they try to install toolbars on peoples computers? It's in hpguru's hosts file so you might want to consider changing your homepage.

skay_baltimore · Apr. 10, 2005, 10:54 PM

Shea Wrote:Isn't MyWay a spyware vendor? Don't they try to install toolbars on peoples computers? It's in hpguru's hosts file so you might want to consider changing your homepage.

Not exactly Shea. The myway TOOLBAR is a bad thing, but I chose to not install it. It's my understanding that once the toolbar is nixed, everything is clean as far as myway.com goes. I've done tons of spyware checks and have never had a problem related to it. But that was a major consideration before deciding to make it my homepage. I like it because it allows a high degree of customization, especially the option to place my fav links on the homepage. That way, if/when I'm away from my own computer, I can log on from any remote puter and still have access to my most used favs. Plus, it's got a pretty clean look to it, (reminds me a bit of my old Verizon homepage which I really missed after switching to Comcast) gives me the google search capacity, etc. I had done an inquiry at DSL Reports a while back looking for a new homepage, and someone there suggested myway. As I said, I was concerned about what I then began to hear about the spyware issue, but eventually was convinced that by not installing the toolbar, my system would be free of any spyware.

Siamesecat · Apr. 11, 2005, 06:35 AM

skay_baltimore,

I just tried to load myway.com, and succeeded, with the Window Tricks filter enabled. Just exactly what happened when the page tried to load on your system?

skay_baltimore · Apr. 11, 2005, 07:17 AM

Siamesecat Wrote:skay_baltimore,

I just tried to load myway.com, and succeeded, with the Window Tricks filter enabled. Just exactly what happened when the page tried to load on your system?

What I will do is post two different screenshots - the first without the tricks filter (Normal) and the second with the tricks filter (Totally hosed). This is the first time I've posted here, and it looks like I can only post one screenshot per reply. So after this response, I'll post the second screenshot below.

sk

skay_baltimore · Apr. 11, 2005, 07:20 AM

Here is the screenshot WITH the filter applied. (Notice that the google search bar has totally disappeared, and several "IMPORTANT!" messages appear where formerly various info sections were.) Believe me - I experimented all day, back and forth, until I finally boiled it down to that particular filter.

Oddysey · Apr. 11, 2005, 08:42 PM

SB;

First, Welcome

to UOPF! (That's the UnOfficial Proxomitron Forum.)

Second, you do have one quick solution available to you. Simply use the URL scope limiter of your filter, and exclude MyWay from being filtered. That would be something like:

^[^/]++myway.com/

Modify as needed, of course.

Just bear in mind that we strongly advise you to re-think your position vis-a-vis what's an acceptable website or page, and what isn't. What you may not know is that hpguru has a large crew of dedicated testers that continually canvas the Internet, and confirm the entries within his HOSTS file. They do this so that you and I don't have to. When hpguru places an entrant in his HOSTS file, even Jimmy The Greek won't bet against it. No matter how well a site is disguised to look benign, if it's on hp's list, it's a known contaminant of the Internet! 'Nuff said.

Third, I see your hosed page is full of <span style='color:red'>Important</span> messages. The very text appears to be written by the MyWay authors themselves, so I have to conclude that some method they use to personalize the page for you (or anybody) has been disabled. In turn, the page is then prevented from providing you with customized ~~spam~~ information, and you then get the default message that says "You're a schmuck for blocking us". So the question becomes, "did Siamesecat write a filter that somehow disables javascript, d-html, active scripting, java, or some other invasive or otherwise potentially harmful technology?" Not that many, many other people haven't already written such filters, in varying degrees of complexity and success!

Well, how about it, Siamesecat? Inquiring minds want to know - did you purposefully write a such a filter as I just described? [rolleyes]

Oddysey

skay_baltimore · Apr. 12, 2005, 01:09 AM

First, thanks for the warm cheery welcome, Oddysey.

Second, when you referred to using the scope limiter function of the filter, does that mean that I type ^[^/]++myway.com/ (using that exact syntax) in the "URL match" part of the filter, directly after the (^((*.|)*.hotmail(.*|).com|gmail.google.com)/) line that's already there, or with a space or semi colon between the two, or somehow include it within the parentheses of what's already there? (I am very poor when it comes to filter syntax and customizing the Proxo filters.)

Third, what you say certainly has merit. Surfing the Internet always comes down to some sort of balance between convenience and security. Unfortunately, since virtually ALL of the net runs on/through/because of advertising, including the Holy Grail Google search engine, sometimes it's more a matter of finding a liveable balance between those two poles than it is finding something that exists in any absolute terms.

For example, I still cringe every time I fire up Paltalk, (even using a "cleaned-up" version) but it's a balance between the known evils of using it and spending some quality time with some friends online sharing awesome blues tunes and chatting.

As far as the myway.com homepage is concerned, if I could find another one that gives me what I get from it I would. However, the last time I looked into it I was not able to find a satisfactory replacement. So, after having monitored my firewall logs carefully, along with daily spyware/adware checks, I am satisfied for the moment with the current setup. But that's not to say that what you're saying isn't actually, in fact, more prudent than what I'm doing; it's saying I'm a stubborn cuss, but who at least knows better than to come here crying should my system get totally wrecked vis a vis myway. Wink

For right now, I'm just trying to point out what one filter's effect had on one person's computer on one particular homepage. The fact that that filter totally wiped out the Google search bar was something I thought was significant enough to make its author aware of. The philosophical/moral discussion of whether or not I should have chosen that particular homepage in the first place is, respectfully, a matter for another discussion in another thread. But that's not to say, as I pointed out above, that it's not a valid point. Smile!

Siamesecat · Apr. 12, 2005, 06:12 AM

Oddysey,

Quote:did Siamesecat write a filter that somehow disables javascript, d-html, active scripting, java, or some other invasive or otherwise potentially harmful technology?"

I initially wrote that filter as a replacement for Scott's filter to stop browser window resizing (and moving). Scott's filter caused problems with page loading. I added a few other commands to it to stop other annoyances. Basically, I was stopping things which really bug me!