Just tracked down a really weird issue: when sending mail from my server, the Cyrillic letter х would be replaced by � and a newline.
I was inclined to blame it on other mail servers initially, but the issue turned out to be with my mail filters. And it’s of course due to the way this letter is encoded as two bytes in UTF-8: D1 85.
Doesn’t ring a bell? No, I didn’t get it either. Apparently, str.splitlines() in Python will consider various exotic line endings as well. One of these is the 85 byte. Back in 1973 the standard ISO 2022 apparently extended ASCII with C1 control codes, and this one stands for “Next Line.”
Does anyone use C1 control codes these days? No idea. But I had to replace str.splitlines() by re.split() call that would only split by \n and \r\n.
Of course the real issue is that I’m treating mails as strings rather than binary data. I somewhat remember there being a reason for this back when I wrote this code, probably BytesIO not allowing reading by lines. Well, maybe it’s just time to revisit that.
=> More informations about this toot | View the thread
And now that I got a spare WiFi dongle, this Raspberry Pi is actually doing its job. I ended up using Midori 7.0 instead of Firefox – it goes easier on resources of which this platform doesn’t have too many. Even starting this browser takes close to a minute.
Yet while Midori browser itself it quite outdated (the vendor decided to develop a Chromium fork instead), it uses webkit2gtk and that one is recent enough to run modern JavaScript code without any trouble whatsoever.
The biggest challenge was getting all hardware to work. The WiFi dongle required a custom kernel module which turned out to be rather simple – thanks to some people who forked Realtek’s original drivers and patched them up for newer Linux kernels.
But automating the system, making sure that it displays a single application window in fullscreen mode on boot – that was fairly trivial. I didn’t even need to connect any input devices while setting this up. Quite a breeze after having to deal with Android before.
=> More informations about this toot | View the thread
I guess other people know more: is it safe to ignore any Substack links as bullshit by now?
Just saw a Substack link in a blog comment which turned out to be an article full of conspiracy theories and Russian propaganda. Looked at the Substack account of the comment author: oh, blaming Jews for antisemitism. Now that is an original thought! /s
Is that all Substack is these days?
=> More informations about this toot | View the thread
I might have sent a less than polite reply to this mail by Google’s Chrome Web Store developer support. I know what I can, but I’m definitely not going to report 62 malicious extensions individually. Moderating that place is their job, not mine. If they need 62 tickets, they can surely create those themselves.
[#]Google #CWS #ChromeWebStore
=> More informations about this toot | View the thread
I’ve now solved this by archiving codepen.io. Created a pen with some JavaScript code to send out the POST request and put the result into the HTML. The archive now shows both that JavaScript code and the resulting text.
Same thing with JSFiddle didn’t work for some reason.
=> More informations about this toot | View the thread
Is there something like archive.today that is capable of capturing POST requests? I don’t need JavaScript rendering, I only need proof that the endpoint produces a particular result today (tomorrow it might produce something different).
=> More informations about this toot | View the thread
And now I got hold of some malicious “configurations” used by Phoenix Invicta extensions. As expected, injecting their JavaScript code into all web pages is what they do. That’s some massive power which they use to … 🥁🥁🥁 … spy on people and inject their ads into Google searches, making these ads almost indistinguishable from search results. Oh, and if you look closely they also open up a massive vulnerability in all websites. But it’s not like they would care about that.
Now that is hopefully reason enough for Google to kick these extensions out.
=> More informations about this toot | View the thread
Actually, make that 62 malicious extensions. Thanks to a commenter I found two more malicious ad blockers using the same approach as the EasyNav extension.
=> More informations about this toot | View the thread
Published a new article: Malicious extensions circumvent Google’s remote code ban
https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/
Looking at 60 malicious extensions belonging to three groups here, still running remote code despite Google banning it in Manifest V3. “Fun” fact: some of these extensions have been featured on my blog in 2023, others on McAfee’s in 2022.
Recurring pattern: downloading rules and adding them to declarativeNetRequest API. The abuse potential here is enormous, including injecting malicious scripts into websites.
Only one extension went for essentially a custom programming language, others settled with simpler approaches. Luckily for me because the latter allows better guesses about what this functionality is meant for. Spoiler: ads and affiliate fraud. Also: affiliate fraud and ads.
=> More informations about this toot | View the thread
Side-note: it’s staggering just how many false positives for my malware searches on Chrome Web Store data turn out to be true positives in a completely different sense. The place is riddled with all kinds of badness.
=> More informations about this toot | View the thread
Is there anything special about this Chinese song? https://www.youtube.com/watch?v=7OdargV9K88
Why are there Chrome extensions (yes, plural) blocking access to this video while stealthily reporting people who view it to their server? 🤔
=> More informations about this toot | View the thread
What the actual hell… I mean, the Proton CEO applauding to Trump decisions was already bad enough but this? No, this is not his birth year.
Also, people living in Switzerland definitely know what this means.
I’m currently quite glad that I never had the need for any Proton products.
https://mstdn.ca/@nbailey/113847256840180430
=> More informations about this toot | View the thread
Compiling “sketchy extensions disabling security mechanisms” list.
Adding an extension to the list with “Licensed Materials - Property of IBM” headers and published from an official IBM account: ✅
=> More informations about this toot | View the thread
Already the second Chrome extension where I found malicious functionality, only to discover that an update in the past two days removed it. What is going on? Is somebody actually going through the extension lists I published? 🤔
=> More informations about this toot | View the thread
If you happen to be in Brussels for FOSDEM in February (I won’t be) you might consider participating: “No billionares at FOSDEM”
https://drewdevault.com/2025/01/16/2025-01-16-No-Billionares-at-FOSDEM-please.html
A sit-in is being organized to prevent Jack Dorsey from using this platform. If in doubt, feel free to read about Dorsey’s “achievements” in this blog post.
=> More informations about this toot | View the thread
And another one, this time in Italian. Confusing repetitive text, statements that contradict each other, completely invented Google’s reaction (I have yet to see an indication of any action whatsoever on Google’s part).
It was bad enough when journalists were messing up the message because they didn’t understand it. But this is… something else.
No, I don’t like this future. I don’t like it at all.
=> More informations about this toot | View the thread
A bunch of years ago I recommended against the use of the Session messenger (a Signal fork) but that wasn’t due to its technical merits. I found it concerning what kind of audience that messenger addresses. If the app is geared towards white nationalists, sexists and the like, then nobody else should help improve its image with their presence. Mind you, that was a long time ago and I don’t know whether they’ve improved.
But @soatok took apart their cryptographic approach now and… well, I better just quote him:
https://soatok.blog/2025/01/14/dont-use-session-signal-fork/
=> More informations about this toot | View the thread
I finally found a use case for the Raspberry Pi that I got a decade ago. Wasn’t sure which model it is, turns out: Raspberry Pi Model B Rev 2. That’s the very first model, really ancient.
Which means that I needed Raspberry Pi OS (Legacy) for it. But despite “Legacy” it’s current – October last year. And it just worked.
And then I needed a browser. Not necessarily current, it wouldn’t connect to arbitrary websites. The preinstalled Chromium immediately refused to work on such outdated hardware. And internet discussions indicated that things would be similar for Firefox.
Yet Firefox not only installed but started as well. And it is Firefox 102 ESR which was discontinued merely a year ago – compared to the hardware this is brand new. Wow!
(No, I’m not recommending running Firefox on this device for regular browsing, it’s horribly slow. But for my purpose it might do.)
=> More informations about this toot | View the thread
I meant to publish a rant about Google and Chrome Web Store for a while now, and now it is out: https://palant.info/2025/01/13/chrome-web-store-is-a-mess/
This details many of Google’s shortcoming at keeping Chrome Web Store safe, with the conclusion: “for the end users the result is a huge (and rather dangerous) mess.”
I am explaining how Google handled (or rather didn’t handle for most part) my recent reports. How they make reporting problematic extensions extremely hard and then keep reporters in the dark about the state of these reports. How Google repeatedly chose to ignore their own policies and allowed shady, spammy and sometimes outright malicious extensions to prevail.
There is some text here on the completely meaningless “Featured” badge that is more likely to be awarded to malicious extensions than to legitimate ones. And how user reviews aren’t allowing informed decisions either because Google will allow even the most obvious fakes to remain.
I’ve also decided to publish a guest post by a researcher who wanted to remain anonymous: https://palant.info/2025/01/13/biscience-collecting-browsing-history-under-false-pretenses/
This post provides more details on BIScience Ltd., another company selling browsing data of extension users. @tuckner and I wrote a bit about that one recently, but this has been going on since at least 2019 apparently. Google allows it as long as extension authors claim (not very convincingly) that this data collection is necessary for the extension’s functionality. It’s not that Google doesn’t have policies that would prohibit it, yet Google chooses not to enforce those.
[#]google #cws #ChromeExtensions #privacy #ChromeWebStore
=> More informations about this toot | View the thread
My query turns up 211 VPN extensions in Chrome Web Store. Some are clearly targeting Russian users, others Chinese. Almost none disclose who is running them. I wonder whether I want to research how many of these are likely honeypots.
=> More informations about this toot | View the thread
=> This profile with reblog | Go to WPalant@infosec.exchange account This content has been proxied by September (ba2dc).Proxy Information
text/gemini
