• AnyStream is having some DRM issues currently, Netflix is not available in HD for the time being.
    Situations like this will always happen with AnyStream: streaming providers are continuously improving their countermeasures while we try to catch up, it's an ongoing cat-and-mouse game. Please be patient and don't flood our support or forum with requests, we are working on it 24/7 to get it resolved. Thank you.

Ad blocker firms rush to fix security bug

DrinkLyeAndDie

Retired Moderator
Thread Starter
Joined
Jan 28, 2007
Messages
11,822
Likes
468
Just an FYI.

Source
: Naked Security by Sophos

Ad blocker firms rush to fix security bug
by Danny Bradbury

If you’re using an ad blocker to filter out online commercials, then beware: You might be vulnerable to a new attack revealed on Monday that enables hackers to compromise your browser.

The vulnerability, discovered by security researcher Armin Sebastian, affects Adblock, Adblock Plus, and uBlock (but not uBlock Origin). It stems from a filtering option introduced into the ad blockers in July 2018. The option allowed the programs to rewrite web requests, cleaning them of tracking data.

[...]

For the attack to work, the browser must visit another server after hitting a legitimate web page. Hackers can force that if the server allows open redirects. This is when the server takes a URL as input from the client and redirects to it, no matter what it is.

An attacker can also get their executable code into the browser via the $rewrite function if they can get it onto the legitimate web page. That’s possible if the server lets the user post their own content (such as in a comments section or social media timeline) and doesn’t use proper input validation to check the post for malicious commands.

Finally, for the attack to work, the server must not restrict where it can fetch content from. It must not validate the final request URL either, because the attacker will have tampered with it.

These conditions aren’t as rare as you’d think; Sebastian created an example of a malicious filter that would redirect requests to Google Maps to Google’s I’m Feeling Lucky. The filter then executes code that displays an alert box.

[...]
 
Hah and let uBlock Origin exactly be the one i use. I'm not affected ^^
 
I use Malwarebytes. Didn't see it mentioned.
 
I'll point back to the article. It listed the impacted ad blockers. So if it isn't on the list I'd assume it's... not impacted. Just wanted to give people the info.

Personally, I've used a multi-layered approach for years. None of what I use is known to be impacted. uBlock Orgin is one of the things I use.

PS: This is merely a thread about ad blockers and a discovered vulnerability. No need for people to get irritated or argumentative. :)
 
And you would be wrong. They have ad blocker extensions for Chrome and Firefox.

forgive me, i looked up in google an found their website was refering customers to adblock plus, looked around a bit more and found their beta page
 
Malwarebytes leaves the wording a bit vague but ad blocking is mentioned with respect to their browser extension. This is boiling down to semantics.

[...]

This unobtrusive, lightweight tool also incorporates standard browser protection features, including ad blocking, ad tracker blocking, and known malicious websites.

[...]

Can we just agree that everyone is right and move on already?
 
Can we just agree that everyone is right and move on already?
Almost. I find it amusing that people that have never tried it (or even heard of it), know more about it than someone who is using it. I think it is as good, if not better, than Adblock Plus. I have tried both.
 
Can we just agree that everyone is right and move on already?
I wasn't really trying to argue, ya know. ;)
Almost. I find it amusing that people that have never tried it (or even heard of it), know more about it than someone who is using it. I think it is as good, if not better, than Adblock Plus. I have tried both.
I do use it, and I have never seen it block anything outside of malicious ads. Perhaps this is a setting that I have never known about. I will have to have a look.
 
I do use it, and I have never seen it block anything outside of malicious ads. Perhaps this is a setting that I have never known about. I will have to have a look.
Malwarebytes adware (adwcleaner) is not the same thing as Malwarebytes ad blocker browser extension. With Adblock Plus, there were sites I had to add filters to stop all the ads. With MB, I did not have to do that.
 
Malwarebytes adware (adwcleaner) is not the same thing as Malwarebytes ad blocker browser extension. With Adblock Plus, there were sites I had to add filters to stop all the ads. With MB, I did not have to do that.
Oh okay. In that case, you and I were talking about different Malwarebytes products.
 
Back
Top