frogzone@r @torproject @m0xee @jeffcliff @thendrix @gabriel @sj_zero @Suiseiseki The last time Tor browser crapped itself INSTANTLY was shortly after i loaded this ARCHIVED VERSION OF this page (@internetarchive). Someone on fedi shared the, iirc, non-archived version of this link and i was curious.
I made a note of the browser crash in october, i must've had JS enabled because my note says "reqJs"I have only just in the past few days had a chance to READ the note and revisit the page. As a part-time "coincidence suspector" I find it interesting that loading that page caused my browser to die instantly.... it doesn't now (not that that means much). If i had a chance to read it in october i'd have had a good few things to say about so-called "(#wateringHole) attacks". I feel a *cough* coming on....
The following are mentioned in the atricle, as attacked sites (my notes in parenthesis):
- #rojnews .news * COUGH* (#cloudflare (cf), not visited)
- #hawarnews .com (cf, not visited)
- #targetplatform .net (packed with youtube videos, seems westernized)
I'd be VERY interested to know whether the sites above were cf during/before this attack but either way this is quite concerning, if the site was cf before the attack that could address HOW those sites were breached in the first place. If cf during the attack, then cf has failed in its mission to protect from the #cyberattack. If the sites became cf after, then we must ask do sites immediately become cf'd when a problem emerges? Would Kurdish outlets knowingly have a policy like that? Do the site owners EVEN KNOW the site is cf? This is not as silly a question as it sounds.
Next i checked #kurdish news sites found in my own searches (with notes):
- #kurditv .com * STILL COUGHING* (requires #google js(without integrity checks?!) to view videos!)
- #kurdistanobserver .com (on googl servers, not visited)
- #thekurdishproject .org (cf, not visited (NV))
- #infopig .com (down at time of test)
- #iranpressnews .com (cf, NV)
- #ekurd .net (cf, NV)
- #kurdpa .net (cf, NV)
- #newslive .com (cf NV)
- #kurdistan24 .net (cf NV)
- #basnews .com (cf NV)
- #kurdistantv .net (cf NV)
- #zagrosnews .net (cf NV)
- #kurdistanin .net (googl non-integrity checked js.... bunny, cf and amazon cloudfront resources)
- #kurdistantribune .com (fetches non-integrity checked statcounter (cf) js, which is blocked by uBlockOrigin if u use TorBrowser in TailsOS. Uses youtube, feedburner (cf), #facebook and #twitter/ #fastly fetches snitch on the EXACT articles u read(!!!), with twitter js not being integrity checked)
WATERING HOLE ATTACK RATING = EXTREME
DIGITAL COLONIALISM INDEX = 99%?
*END COUGH* (yeah i spent a few good hours coughing this up like a bad furball) :acat_chew:
The article itself is not even very complete.... how are the supposed #APK files/apps getting manually(?) approved and installed on peoples' devices? .... @fdroidorg should be so lucky. Maybe the fdroid team need to take a feather from this hackers black hat? am i missing something here or does this story SMELL a bit?
Thoughts?
All GNU social JP content and data are available under the