Hi Everyone,
I have a question regarding these Ad Blocking programs. I see that they primarily work by adding entries in the Hosts file for IP resolution (usually the loopback address 127.0.0.1) for known Ad addresses. So my question is this... Is it possible for hackers to produce a fake (or partially legit) product that could be used for Phishing? They could inject IP addresses for banking, ecommerce, etc., websites to be directed to their fake sites.
Any thoughts?
Thanks!
Dagoof
You mean do something like redirect Wells Fargo to a copycat site to phish usernames, passwords, CC#'s etc? It's certainly possible. It'd be a pretty limited audience hack though. You'd still probably do better just sending a mass email.
I spoke with the author of Adfree and his program implements checks on the downloaded host files to ensure they only point to 127.0.0.1 unless specified in the options.
esheesle said:
I spoke with the author of Adfree and his program implements checks on the downloaded host files to ensure they only point to 127.0.0.1 unless specified in the options.
Click to expand...
Click to collapse
Yeah... I thought that the easy way to rest assured was to go through the hosts files to be sure all the entries point to the loopback address...
Thanks!!
Related
I work for an IT firm, and often when we go onsite we end up having to retrieve user passwords for various reasons. Right now our options are to:
A) Print out the site's password sheet and take it with us
B) RDP back to our company network and lookup each password as needed
The first solution is rife with security concerns, while the second is a pain in the butt.
What I would like to do is set up a background wifi sync at the office with my android tablet, so every time I leave the building I automagically have up-to-date files with me. But also store them in an encrypted folder or format, so if the tablet gets lost we don't have to reset many hundreds of client passwords. I am not at all opposed to buying an app, or more than one if this can be accomplished in a convenient and secure way. Any ideas?
Dropbox? Preferably combined with storing the passwords in an encrytped database such as keepass?
Really, you want confirmed sign off from your management here. ****ing up with a customer password database (say you lost your phone) is a Career Limiting Move.
Sent from my GT-I9100 using Tapatalk
I have just found this example: SipDemo and I have noticed you need, of course, to add the username, password and domain of the used SIP server.
The example shows a walkietalkie, but I would like to have a normal phone call kind of thing.
I was wondering whether there are free and reliable servers for SIP communications.
What I would like to have is just 1 account and every user of mine should be able to call each other in that way.
I am considering both:
-Hosting my own SIP server on my side;
-Using an already existent FREE server.
Probably each user should have its own account, then I believe the easiest way is to have the server on my side. Is that correct?
Thanks in advance.
N.
I want to understand from security perspective, if it is possible to prevent an end user from finding out HTTP request parameters that are exchanged with the server ? I understand that SSL would prevent someone from sniffing the HTTP POST request parameters, but I believe the browser after decoding ssl will have access to the parameters. I presume it is possible to hack onto an APK and find out the actual http request and spoof it ? So Trying to work a way around it.
Thanks for all the suggestions you could provide!
I installed adfree in my nexus 5 but this block some webs and I can't enter in this webs, how can I change this?
That's the intended behavior. Disable Adfree and restart, or use a proxy (e.g. Opera Mini/Off-Road mode) to bypass this.
No, it is block the ads not the web
yeiyei0891 said:
No, it is block the ads not the web
Click to expand...
Click to collapse
You don't understand how it works. A very simple explanation is offered on their website:
http://adfree.bigtincan.com/about.php
Advertising hostnames are simply redirected to the local host (so no "webs" as you so eloquently put it) regardless of where the hostname is being requested from (your browser or your app containing ads.) That's the way the hosts file works (you can Google that for more information if you want.)
There are a few alternatives: you can block internet access for the apps with ads using a firewall (e.g. AFWall+) or use something like xad.
EDIT: Of course, you can just remove the website you want to visit from the hosts file yourself. Some ad blocking apps like AdAway allow you to do that from within the app itself (whitelist.)
An ad blocker that uses the hosts file. The hosts file contains a list of mappings between hostnames and IP addresses. When an app requests an ad, that request is directed to 127.0.0.1 which does nothing. There are options to run a web server to respond to blocked hostnames and to direct requests to the IP address of your choosing. You can download hosts files from the app but it is possible to use your own and to add certain sites to the white- and black-lists.
stympy said:
An ad blocker that uses the hosts file. The hosts file contains a list of mappings between hostnames and IP addresses. When an app requests an ad, that request is directed to 127.0.0.1 which does nothing. There are options to run a web server to respond to blocked hostnames and to direct requests to the IP address of your choosing. You can download hosts files from the app but it is possible to use your own and to add certain sites to the white- and black-lists.
Click to expand...
Click to collapse
Does this require root?
Dark_Horse said:
Does this require root?
Click to expand...
Click to collapse
Yes.
Sent from my Lenovo P780