Tagged: Internet Toggle Comment Threads | Keyboard Shortcuts

  • NegBox 5:59 pm on May 26, 2010 Permalink | Reply
    Tags: Awesome, , Guide, Internet, , Uber Affiliate   

    Must-Read: Uber-Affiliate’s Marketing Guide Updated for 2010 

    Uber-Affiliate’s Marketing Guide is a really fantastic collection of hand-picked information links. The three links I just followed (one on moving bids by a penny at a time, one on brute-forcing campaigns and one on PPC ads that stand out) were excellent! Plus he is linking to guides I’ve read that are really good including Nicky Cakes and JV‘s. Really good info –  Take the trip to Uber Affiliate’s article.

  • NegBox 3:47 pm on April 8, 2010 Permalink | Reply
    Tags: Browser, Internet, , Sandboxie,   

    Securing Web Browser using Sandboxie and an Unprivileged User 

    After last week’s fiasco of getting pwned by what looked like an overflow bug exploited in the latest Firefox (3.6.3), it dawned on me today the simplest way to lock this one down – Way simpler than a Virtual Machine and with zero impact on performance – and a mild hit on ease of use…  User privileges!

    Hello! McFly!! I should have been running my browser as an unprivileged user already. Doh!

    Then I remembered there is a very useful little program that does sandboxing really well called Sandboxie – How well does it stand up to getting pwned? Probably pretty well, unless the exploit is targeted at the browser and the sandbox tech – which is extremely unlikely. In that case, running in a sandbox with an unprivileged user would take care of pretty much everything – but it might be a bit of overshooting. Sandboxie loads a kernel-mode driver and provides really nice controls over what is allowed and what isn’t, it boxes up whatever changes the app wants to do but is not directly allowed, and lets you review them. Not only can you see what you’re doing, prevent malware, but actually see that something bad was about to happen. Really cool tech.

    Using just an unprivileged user is pretty rock solid safe – but it is also a royal pain in the ass. Operations fail all the time – especially in Windows where every program thinks they ought to own the box, you’ve got to mess with the event viewer to figure out what the program tried to do that failed and made it explode, then figure out what permissions to give it – and remember to take them away if it was just a temporary thing – Then to top it all off, half the settings get stored in the profile or home directory of the unprivileged user the browser was running under – so when you try to run it under an administrator ID to change that something that wasn’t working as a regular user – whatever you wanted to change is not there anymore. Enough rant… Lets see what happens.

    I’ve got no ties to Sandboxie other than its a fine piece of software for a decent price (around $30) – Anyone have any other similar tech to recommend in this area of Windows browser safety?

    PS: Anyone who suggests either Linux or a Mac will be cursed to have hair grow out of their ears until it looks like ponytails.

  • NegBox 3:00 pm on April 7, 2010 Permalink | Reply
    Tags: , Cloaking, Internet,   

    Referrer Cloaking in URL shortener 

    A couple of days ago I wrote about my little trick to spy on bit.ly links, which Johnathan Volk later picked up for an April Fool’s joke with a kernel of truth in it.

    There are alternatives to Bit.ly, but this one from a commenter caught my eye: Referrer.us does URL shortening and cloaking with sugar on top. That sugar can be as mellow as hiding the referrer or as naughty as faking it. The service looks full-featured and largely free. Nice.

    I do see a practical use for Referrer.us – Still, I have to say some of the black-hat folks and services I’ve seen go paranoid overboard in a big way. I accidentally scratched the surface of how Russian black-hatters move money around and it was freaking mad – encryption out the wazoo, multiple layers of e-gold and other virtual currencies with crazy names and crazy account and exchange schemes. I was trying to fund an account for a stupid service and finally gave up – It was nuts – It looked like I was about to launch an ICBM instead of spend $20 on a service.

    Its easy for a tech person to see all the holes and try to cover them up with technology – and it is also easy for the tech person to get lost in the details and lose sight of the goal – Unless you’ve got a swarm of determined hackers banging down your virtual doors, meet the challenge with the minimal amount of effort needed to accomplish the task and keep going… Security is relative, and never absolute – The best plan is to prepare for damage control, containment of the disaster, and quick recovery since you really can’t stop a determined hacker.

compose new post
next post/next comment
previous post/previous comment
show/hide comments
go to top
go to login
show/hide help
shift + esc