diff --git a/content/knowledge/Badness Enumeration.md b/content/knowledge/Badness Enumeration.md index 3e8f038..97f7f96 100644 --- a/content/knowledge/Badness Enumeration.md +++ b/content/knowledge/Badness Enumeration.md @@ -17,9 +17,9 @@ On top of the [obvious problem](#the-obvious-problem) mentioned above, there are "Okay, so adblockers are unreliable, but what is the harm?" you may ask. -The problem here is that adblockers (especially with Manifest v2) are highly privileged and have access to all of your data within the browser. All it takes is for the extension developer to turn malicious for your passwords, session ids, TOTP secrets, etc to get compromised. Even if you were to assume that the extension developer is trustworthy, one vulnerability within the extension could still be catastrophic. This is made worse by the fact that adblockers typically use third-party blocklists, extending trust to the blocklist maintainers to not exploit the extension should a vulnerability be found. The ["uBlock, I exfiltrate"](https://portswigger.net/research/ublock-i-exfiltrate-exploiting-ad-blockers-with-css) blog post describes in detail how a CSS injection vulnerability in uBlockOrigin lead to data exfiltration with one sigle bad filtering rule. +The problem here is that adblockers (especially with Manifest v2) are highly privileged and have access to all of your data within the browser. All it takes is for the extension developer to turn malicious for your passwords, session ids, TOTP secrets, etc to get compromised. Even if you were to assume that the extension developer is trustworthy, one vulnerability within the extension could still be catastrophic. This is made worse by the fact that adblockers typically use third-party blocklists, extending trust to the blocklist maintainers to not exploit the extension should a vulnerability be found. The ["uBlock, I exfiltrate"](https://portswigger.net/research/ublock-i-exfiltrate-exploiting-ad-blockers-with-css) blog post describes in detail how a CSS injection vulnerability in uBlockOrigin lead to data exfiltration with one single bad filtering rule. -Overall, adblockers weaken your security for dubios privacy benefits. You are better off not using any advertisement/tracker blocking extensions at all. If you want to avoid stateful tracking, consider clearing all cookies and site data upon exit, using [FireFox containers](https://linuxbsdos.com/2021/11/27/see-multi-account-containers-extension-is-not-needed-to-use-containers-in-firefox/), or using multiple browser instances. You would also need to hide your IP address using a VPN or something like the Tor network as well. If you are worried about stateless tracking, use a browser with fingerprinting protection like Brave (which can fool naive scripts) or Tor Browser (which has the best fingerprint protection in the market, albeit [a lot less secure](https://medium.com/@thegrugq/tor-and-its-discontents-ef5164845908)). +Overall, adblockers weaken your security for dubious privacy benefits. You are better off not using any advertisement/tracker blocking extensions at all. If you want to avoid stateful tracking, consider clearing all cookies and site data upon exit, using [FireFox containers](https://linuxbsdos.com/2021/11/27/see-multi-account-containers-extension-is-not-needed-to-use-containers-in-firefox/), or using multiple browser instances. You would also need to hide your IP address using a VPN or something like the Tor network as well. If you are worried about stateless tracking, use a browser with fingerprinting protection like Brave (which can fool naive scripts) or Tor Browser (which has the best fingerprint protection in the market, albeit [a lot less secure](https://medium.com/@thegrugq/tor-and-its-discontents-ef5164845908)). ## DNS Filtering @@ -27,14 +27,14 @@ DNS filtering solutions. while not having any negative impact on security, are t It should also be noted that websites can detect which DNS servers a visitor uses. You can look at [DNSLeakTest](https://www.dnsleaktest.com/) as an example. Using non-network provided DNS servers adds to the fingerprint and make you more identifiable. -The best way to do DNS filtering is to use a VPN provider which has this feature built in like [ProtonVPN](https://protonvpn.com), [Mullvad](https://mullvad.net), and [IVPN](https://www.ivpn.net/) in order to not standout from other users of the same VPN provider. Even then, DNS filtering is purely a convenince feature and cannot be relied on for privacy and security. +The best way to do DNS filtering is to use a VPN provider which has this feature built in like [ProtonVPN](https://protonvpn.com), [Mullvad](https://mullvad.net), and [IVPN](https://www.ivpn.net/) in order to not standout from other users of the same VPN provider. Even then, DNS filtering is purely a convenience feature and cannot be relied on for privacy and security. ## Antiviruses Antiviruses are highly privileged processes with access to virtually all of your files and data, parsing through them trying to find something that matches a known bad signature. Beyond the fact that you need to trust the Antivirus company to not exfiltrate your sensitive data and that the signature list will never have all of the malware in existence, a vulnerable parser could lead to a system compromise. The [Abusing File Processing in Malware Detectors for Fun and Profit](/researches/Abusing-File-Processing-in-Malware-Detectors-for-Fun-and-Profit.pdf) research paper by Suman Jana and Vitaly Shmatikov discusses this in detail. Here are some other examples of Anviruses being attack surfaces on their own: -- [Arbitary Code Execution with Avast's Javascript Interpreter](https://github.com/taviso/avscript) +- [Arbitrary Code Execution with Avast's Javascript Interpreter](https://github.com/taviso/avscript) - [Memory Corruption with Bitdefender](https://landave.io/2020/11/bitdefender-upx-unpacking-featuring-ten-memory-corruptions/) - [Kaspersky in the Middle](https://web.archive.org/web/20210729054039/https://palant.info/2019/08/19/kaspersky-in-the-middle-what-could-possibly-go-wrong/)