Likely, unless you're able to get the signing keys used for firmware updates, no MFP would load or potentially recognise the firmware file.
Likely, unless you're able to get the signing keys used for firmware updates, no MFP would load or potentially recognise the firmware file.
What F@#! crock of B/S....
It's a very sad day when your two main Telcos/ISP's in your own country can use service analysis(AKA hack) into your DNS severs and cache.
For those of us in Oz. In the following article below you will read about Optus and Telstra indicated in DNS analysis.
I've reported the above practice to the federal government telecommunication ombudsmen last year.
I now find out via the below Wikipedia article that DNS analysis service has been in use by these two main Telco's for some time.
Big deal some people might say. It all relates back to the Telco allowing your DNS cache to be redirected to google-analytics service which then allows other 3rd party rouge/illicit java script to run on your, Mobile Phone, Tablet, PC or network.
https://en.wikipedia.org/wiki/DNS_hijacking
--------------------- Excerpt from wiki article update 1st-june-2016-----------
Manipulation by ISPs[edit]
A number of consumer ISPs such as Cablevision's Optimum Online,[3] Comcast,[4] Time Warner, Cox Communications, RCN,[5] Rogers,[6] Charter Communications, Plusnet,[7] Verizon,[8] Sprint,[9] T-Mobile US,[10] Virgin Media,[11][12] Frontier Communications, Bell Sympatico,[13] UPC,[14] T-Online,[15] Optus,[16] Mediacom,[17] ONO,[18] TalkTalk,[19] Bigpond (Telstra),[20][21][22][23] and TTNET use DNS hijacking for their own purposes, such as displaying advertisements[24] or collecting statistics. This practice violates the RFC standard for DNS (NXDOMAIN) responses,[25] and can potentially open users to cross-site scripting attacks.[24]
The concern with DNS hijacking involves this hijacking of the NXDOMAIN response. Internet and intranet applications rely on the NXDOMAIN response to describe the condition where the DNS has no entry for the specified host. If one were to query the invalid domain name (fakeexample.com), one should get an NXDOMAIN response - informing the application that the name is invalid and taking the appropriate action (for example, displaying an error or not attempting to connect to the server). However, if the domain name is queried on one of these non-compliant ISPs, one would always receive a fake IP address belonging to the ISP. In a web browser, this behavior can be annoying or offensive as connections to this IP address display the ISP redirect page of the provider, sometimes with advertising, instead of a proper error message. However, other applications that rely on the NXDOMAIN error will instead attempt to initiate connections to this spoofed IP address, potentially exposing sensitive information.
[read more ]
https://en.wikipedia.org/wiki/DNS_hijacking
Last edited by NeoMatrix; 07-07-2016 at 07:55 AM.
Inauguration to the "AI cancel-culture" fraternity 1997...
•••••• •••[§]• |N | € | o | M | Δ | t | π | ¡ | x | •[§]••• ••••••
Hi all
Been out of action for a while with a pneumothorax (collapsed lung basically )
Thanks for the replies. Will look into those articles when I have a chance
Inauguration to the "AI cancel-culture" fraternity 1997...
•••••• •••[§]• |N | € | o | M | Δ | t | π | ¡ | x | •[§]••• ••••••
Yes I have written some small apps. Nothing too big or impressive. A clock-in/out type program so the receptionist can see which techs are in house or on callouts etc, key loggers, various IRC bots with varying capabilities (they were specific purpose bots), a load of college and textbook examples and practicals obviously. Also played around with Unity a bit among other things. Really am an amateur :P but I do find programming enjoyable. Very interested in security and hacking etc, but never bothered to learn much about it.
I took a look at your thread. Interesting idea. Will read through the rest of the thread (10+ pages lol..) and give it some thought (I'm sure there are a bunch of ideas I could add if I rack my brain over night). What language are you primarily using for this?
This might be the most useless comment ever, but I have found that the "No Script" add on for Firefox is an adequate defense to cross-site scripting attacks. It has been part of the revenge mode for unnecessary flashy blinky crap I've had for quite a while. You are far more knowledgeable about network related issues than I am, so you will have to check that out yourself though, as this could be just so much nonsense.
Last edited by Iowatech; 07-14-2016 at 05:35 AM.
How to identify if your Web browser SSL/TSL connection is being hacked or spoofed.
The following article shows the average computer user how to monitor their own web browser SSL/TSL (credit card,banking,financial) connection for hacking.
The website author Steve Gibson explains below in common language how to test for fraudulent and false positive SSL/TLS hacking. Read the entire article to the end, and then follow the step-by-step example at the end of the web page for your own relevant web browser instructions. For the average user you must read the entire web article to be able to fully understand how to use the "insert instructions ".
SSL/TSL web article here:
"https:\\www.grc.com\fingerprints.htm?domain=www.p bs.org" [www.pbs.org]
https://www.grc.com/fingerprints.htm?domain=www.pbs.org
It's important to understand the below inserted section by reading the above web article.
You will then be able to apply that understanding to any of your own HTTPS websites:
----------8<----------------insert -----------------------------------------------
How to display this page's (or any page's) SSL certificate fingerprint:
Internet Explorer:
- Right-click somewhere on the page.
- Select “Properties” at the bottom of the pop-up menu.
- Click the “Certificates” button on the Properties page.
- Verify that the “Issued to” name exactly matches what this GRC page shows.
- Click the “Details” tab to change views.
- Set the “Show” selector to “<All>” if it isn't already.
- Scroll down to the end of the list to “Thumbprint” (which is what Windows calls it).
- Click on the “Thumbprint” item to select it and show the full thumbprint in the window.
Google Chrome:
- Click on the padlock at the far left end of the URL address bar.
- Select the “Connection” tab.
- Click on “Certificate Information”.
- Verify that the “Issued to” name exactly matches what this GRC page shows.
- Click the “Details” tab to change views.
- Set the “Show” selector to “<All>” if it isn't already.
- Scroll down to the end of the list to “Thumbprint” (which is what Windows calls it).
- Click on the “Thumbprint” item to select it and show the full thumbprint in the window.
Mozilla Firefox:
- Click on the padlock at the far left end of the URL address bar.
- Click the More “Information...” button.
- Click the “Security” icon/tab at the top of the “Page Info” dialog.
- Click “View Certificate”.
- Verify that the certificate's name under “Common Name (CN)” exactly matches what this GRC page shows.
- The SHA1 fingerprint is shown under “Fingerprints”.
Apple Safari:
- Click the [https padlock] icon at the far left end of the URL address bar.
- Click “Show Certificate”.
- Click the arrow to expand the “Details”
- Verify that the certificate's “Common Name” exactly matches the name shown on the GRC page.
- Scroll to the bottom to view the certificate's SHA1 Fingerprint.
-------------------------------------------------------end insert ---------------------------
Fingerprint test example for www.copytechnet.com:
"https:\\www.grc.com\fingerprints.htm?domain=www.c opytechnet.com"
https://www.grc.com/fingerprints.htm...opytechnet.com
Webpage returns :
Last edited by NeoMatrix; 08-21-2016 at 09:50 AM.
Inauguration to the "AI cancel-culture" fraternity 1997...
•••••• •••[§]• |N | € | o | M | Δ | t | π | ¡ | x | •[§]••• ••••••
This is why, if I am not in front of my computer, I disable the LAN connection.
I am also behind 2 routers with firewalls.
Good luck getting to my computer even if I am on line.
Why do they call it common sense?
If it were common, wouldn't everyone have it?
I've had to disable my WiFi internet connections from time to time as well...
I originally had an old Nokia mobile phone that was connected to my WiFI network (saved on billing). The turd of a device was uploading off my network with out me knowing. I couldn't understand why my phone battery kept going flat quick, even after two costly new batteries fitted. I've since found out that back in the day Nokia hid a similar practice as a default setting within it's phones.
Around the same time I even replaced the old modem/router, because the outer case would be come very hot. It got hot to the point where the beige coloured plastic case turned a shade of brown around the center. I even went as far as placing the modem on top of a large fin heat sink to dissipate the heat coming off. I was concerned about it becoming a fire hazard I when I wasn't home.
Pop group "Tears for fears" lyrics: "Every-body wants to rule the world"....
Last edited by NeoMatrix; 08-22-2016 at 12:05 AM.
Inauguration to the "AI cancel-culture" fraternity 1997...
•••••• •••[§]• |N | € | o | M | Δ | t | π | ¡ | x | •[§]••• ••••••
Bookmarks