malicious impersonator of xda - About xda-developers.com

I just stumbled on this malacious impersonator/mirror of xda, maybe you can take steps against it with the hosting provider. I have replaced the tt in http with xx to make the link non clickable as the site contains malware: hxxp://forum.datadevelopement.com/

@bitpushr

Thanks guys, another proxy site. They are blocked.

bitpushr said:
Thanks guys, another proxy site. They are blocked.
Click to expand...
Click to collapse
they are not a proxy, they impersonate XDA to spread malware. They copy all our posts and articles (or intellectual property), some of which have our real names attached to them, to spread malware (in our names) you should contact the authorities and at least the hosting provider and domain registrar

godutch said:
they are not a proxy, they impersonate XDA to spread malware. They copy all our posts and articles (or intellectual property), some of which have our real names attached to them, to spread malware (in our names) you should contact the authorities and at least the hosting provider and domain registrar
Click to expand...
Click to collapse
I would love to have the authorities go after them, but from experience they are not very interested in people like this. They use multiple hosting providers and multiple IPs to essentially fetch our site and automatically inject their own ads (and malware). It's a proxy and we are able to track which IPs they connect from, and block those IPs.
There are a few pages thay they cache and are still serving but typically they will shut down the site in a few hours.

Came across this thread when searching the above website. I am also seeing that the website is now showing up on xda aswell. If you do a search for the site name there are 193 results. Luckily my firewall blocked the website but, others may not be so lucky. Just wanted to give a heads up so the links can be removed or somehow sanitized.

Related

Phishing warning xda forum.

I tried to go into xda from a PC bookmark, and it redirects to a phishing page... I'm using a bookmark. Made by me at the real site.
I think its an error as it does not allow me to go through by any means.like going to xda and then click on forum...
Now I'm in tapatalk...
Sent from my XT862 using Tapatalk
Me too, no matter where I try to navigate I also get the phishing warning. Was able to get into this because I had this tab open.
gierso said:
I tried to go into xda from a PC bookmark, and it redirects to a phishing page... I'm using a bookmark. Made by me at the real site.
I think its an error as it does not allow me to go through by any means.like going to xda and then click on forum...
Now I'm in tapatalk...
Sent from my XT862 using Tapatalk
Click to expand...
Click to collapse
Thanks for your report, I´ll flag an Admin.
Same here - if I access the forum directly from certain machines (which are going through a proxy, if that helps):
http://forum.xda-developers.com/
by bookmark or typing it in, I get the phishing warning. If I click on the "real" forum link - I get the phishing warning again.
I was able to access this link directly via Google.
On Friday, I also got it if I tried to post - so hopefully this post actually gets posted. (Edit: At least posting is working from this machine again...)
It's working fine for me on OSX and Linux. Haven't had any issues.
More detail:
From Firefox on a Windows 7 machine with an undetermined proxy, I get the phishing warning when I attempt to access:
http://forum.xda-developers.com/
If I instead use:
http://forum.xda-developers.com/index.php
It works fine
Works fine in all situations when I'm at home
Entropy512 said:
More detail:
From Firefox on a Windows 7 machine with an undetermined proxy, I get the phishing warning when I attempt to access:
http://forum.xda-developers.com/
If I instead use:
http://forum.xda-developers.com/index.php
It works fine
Works fine in all situations when I'm at home
Click to expand...
Click to collapse
On the PC that gets the phishing warning, does it only do it on Firefox, or is it all browsers?
This is from our sysadmin:
For those of you who got the phishing page on Friday (27th), it was a configuration error. We apologize and it was corrected within a few hours of us finding out. One of our Senior Mods was also affected, due to being behind a corporate firewall.
@Entropy512, unfortunately we have had phishing attacks against our members from a domain similar to ours and they are using various proxies to proxy our site and evade our detection/blocks. I highly recommend you don't use a proxy when viewing XDA for the safety of your account.
For everyone else, please be aware that you are on *.xda-developers.com, not a domain similar to it. This is the only domain that the official XDA site is served from. There have been phishing attacks against us and our members and we're doing everything we can to mitigate this.

Why are we being tracked on Here ???

Were any of you aware your being tracked on here
If you install
http://download.cnet.com/8301-2007_...ack-plus-add-on-stops-the-tracking-paparazzi/
It then shows that
Four Companies are tracking what we do
AdNexus
Google Analytics (Ummmm strange name a bit Anal) if you ask me
Netshelter
Google adsence
These are Via Google Chrome
On IE there are 13 one being the Doubleclick
Nextaction
and quancast
So use Chrome seems safer on here the IE i have not tested Firefox
Guys come on what's going on
Why is this going on ?? and on here as well
Browsers/companies have been tracking your browsing habits for ages now. This isn't something new at all.
I have noticed it varies on sites but this is bad
Android centrol has just one but this has 13 in IE
i no they have been tracking and this prog stops them
But still not impressed at information being taken with out me knowing
And then we also have those vigilink redirects that pollute the outgoing links here on xda. They even use a script to hide the vigilink URL from your browser status bar. That script borders on malware.
Google An is to track how much people are on.
Google Ad is the ads on this site
AdNextus is also ads
And the other one you have you find out by your self.
These are all cookie-tags that enable behaviorly-targeted advertising. You can (and are) cookied on almost every website page you visit. This is a lucrative way for publishers to put ads in the face of relevant or in-market consumers that sell for a CPC/CPM much higher than generic RO display advertising... therefore higher dollar spends for companies who want to put their message/product out there.
Ever notice how you see a lot of the same ads on various sites? It's not coincidence.
I've been in the digital advertising industry for almost 10yrs, 95% of those companies mentioned above are all advertisers in one form or another.
You wanna talk about tracking? I heard your ISP *has to* save everything you do online for 2 years! Its an FBI law of some sorts..
Are there ad banners on this site? I've never seen one over here.
I guess its just to make surfing the internet faster due to to the fact it has stored our location, cookies etc.
There's an easy fix for tracking cookies, you can set your browser to ask if you want to allow a cookie when they try to set them and just deny the ones you don't need or want. Most of the time ads will try to set them by themselves.
Https everywhere is also a good plug in you should check out.
Sent from my PG86100 using xda premium
People flip out too much about privacy. There is *too much paranoia.*
Adsense and Analytics is so that your search results and advertisements more closely match your interests and general search topics. Yeah, they're tracking what you do. What of it? What are they using it for, but to help you?
All advertising services track you. We live in a world where you are not guaranteed privacy by being on the internet. If you think you have a fleck of security, you're wrong. You're being tracked by everyone and everything; every website you visit logs your IP, from which they can often find your home address... are you scared?
Oh, wait, no harm has come of it. That's right. No need to worry, everyone.
EDIT:
Just like to add, I actually appreciate not having to end all my google searches with 'for droid x' anymore. It's learned that my account tends to look for droid x information.
NType3 said:
People flip out too much about privacy. There is *too much paranoia.*
Adsense and Analytics is so that your search results and advertisements more closely match your interests and general search topics. Yeah, they're tracking what you do. What of it? What are they using it for, but to help you?
All advertising services track you. We live in a world where you are not guaranteed privacy by being on the internet. If you think you have a fleck of security, you're wrong. You're being tracked by everyone and everything; every website you visit logs your IP, from which they can often find your home address... are you scared?
Oh, wait, no harm has come of it. That's right. No need to worry, everyone.
EDIT:
Just like to add, I actually appreciate not having to end all my google searches with 'for droid x' anymore. It's learned that my account tends to look for droid x information.
Click to expand...
Click to collapse
Right, you post pics of your Vegas weekend on facebook, have your resume all over LinkedIn, have YouTube videos of your kids but get worried about silly ad cookies on public forums. It's the internet... the minute you plug it in you can be seen. Don't be paranoid and charge hard!

Email Compromise? (Diablo Spam)

Hi there,
I have my own domain name. When signing up to websites, such as xda-developers, I use that site name as the to address for my domain name ie, [email protected]
This morning, I've received a spam email with subject "Subject [EN]Diablo III Account Locked - Action Required" to my xdadevelopers address at my domain.
Has there been a database compromise perchance? I've had a search through the forums here and don't see anyone else that has mentioned it as yet. The spam arrived about 3 hours ago from now.
It'd be a shame to have to close my account and devnull this email address, as I really love these forums and the great users herein.
Regards.
Update 1: It's certainly not a dictionary attack that I can see, as I haven't received any others of this nature to my catchall mailbox.
If it's any help at all, the headers show this as the sender host;
Received: from WWW-9763E06E580.net (unknown [110.103.67.128])
(very likely unrelated to any alleged compromise attempts, if indeed a compromise even occured).
I have seen this reported a couple times before but no resolution as I recall. I have passed this on to one of the admins, hopefully he can take a look and let us know if this is a problem to be concerned about.
I'm not aware of any compromise of the database. What I can say is that we treat our members data with the utmost respect and this would certainly be a concern of ours, but I don't see any evidence of any kind of intrusion like that.
bitpushr said:
I'm not aware of any compromise of the database. What I can say is that we treat our members data with the utmost respect and this would certainly be a concern of ours, but I don't see any evidence of any kind of intrusion like that.
Click to expand...
Click to collapse
Thank you for checking that sir. I believe that in the other threads, it was suggested that someone might have posted their email and a screen-scraper harvested it, or perhaps their email was grabbed some other way, but nothing definitive ever came of it.
bitpushr said:
I'm not aware of any compromise of the database. What I can say is that we treat our members data with the utmost respect and this would certainly be a concern of ours, but I don't see any evidence of any kind of intrusion like that.
Click to expand...
Click to collapse
Thanks for that, and I respect that data is treated with complete secrecy. I've not used this address or posted it anywhere else. It's used solely to login with, so i'm still a bit confused. I'll leave it for now, as it's only one example.
Regards.
Hi,
I'm in the exact same case, I use per site email on my domain , no dictionary attacks too (I got catchall so I see them) and same mail received
Same mail same kind of sender:
Thu, 16 Aug 2012 08:22:23 +0200 (CEST)
Received: from WWW-9763E06E580.org (unknown [110.103.67.40])
I can assure that this email is not used in any screen-shot or anything else than logging here.
This is quite annoying and since I don't use the same header as the other one (me it's [email protected]) it really seems that the mails data are compromised.
Regards,
Tolriq.
As above, exactly the same spam email, although the email address I used to sign up here is more complex than just [email protected]
I'll keep the email around, in case anyone wants to follow up on it.
Could this perhaps be the result of the new theme showing user email addresses on member pages (Eg. somewhere on http://forum.xda-developers.com/member.php?u=3492510)? Even if it's corrected now, if it did at any point, spammers may have scraped the member list during that time.
I've also just gotten an email directed at my one-time use address used for registering at XDA. Something's up, check your logs you've been compromised. I highly recommend a notice and forced password reset.
Return-path: <[email protected]>
Envelope-to: xda@MYDOMAIN.COM
Received: from [110.103.66.127] (port=57501 helo=WWW-9763E06E580.org)
by [REDACTED] with esmtp (Exim 4.63)
(envelope-from <[email protected]>)
id 1T6h7P-000354-NH
for xda@MYDOMAIN.COM; Wed, 29 Aug 2012 08:11:36 -0400
From: "Diablo III" <[email protected]>
To: <xda@MYDOMAIN.COM>
Content-Transfer-Encoding: base64
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
X-Spam-Level: *****
X-Spam-Report: score=5.0 tests=CMAE_1, SHORTCIRCUIT version=3.3.1 cmae=v=1.1
cv=02sxpKrcaeIklPG9ikjtw9+Ix2dV+yAR3ckHHBRjlIA= c=0 sm=0 p=eKWGPzfAF9w9RlBXnosA:9
a=rfP7uN3eH0UA:10 a=SpdMY5nFWogA:10 a=IkcTkHD0fZMA:10 a=L-ISu7bKYZgA:10
a=jWLQlvoj7db9vSsTWhEWiQ==:17 a=blzCNhbTAAAA:8 a=3J15CkO5AAAA:8
a=xrJga5KMAAAA:8 a=HpAAvcLHHh0Zw7uRqdWCyQ==:117
X-Spam-Score: 5
Subject: [EN]Diablo III Account Locked - Action Required
I'll add a +1 to this (got phish with subject "[EN]Diablo III Account Locked - Action Required" trying to get me to visit a url on host us.diablo.net.zh-fot.in) . The unique address I used to register here in early 2008, while not super cryptic, is not as simple as [email protected] and likely would not be the left-hand part of anyone else's email addr, so likely would not have been derived from the phisher mixing-and-matching from different lists. It appears that they've successfully harvested xda member email addresses.
I can confirm that I've just got the phishing e-mail mentioned by other users here, on an e-mail account created and given exclusively to xda forum.
Code:
Received: from WWW-9763E06E580.org (unknown [110.103.67.201])
From: "Diablo III" <[email protected]>
To: <sax_[B][COLOR="Red"]xda-developers[/COLOR][/B]@xxxxxxxxxx.xxx>
Subject: [EN]Diablo III Account Locked - Action Required
Now I am in the process of making the current e-mail invalid and I creating a new unique one.
We will see how it goes...
I can confirm this. I use [email protected] and haven't had any unusual mail to any other address on my domain.
SMTP From: [email protected]
---
Message-ID: <[email protected]>
From: "Diablo III" <[email protected]>
To: <[email protected][Redacted]>
Subject: [EN]Diablo III Account Locked - Action Required
Date: Wed, 29 Aug 2012 17:00:34 +0800
MIME-Version: 1.0
Content-Type: text/html;
charset="utf-8"
Content-Transfer-Encoding: base64
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
[Base64 Message Body Redacted]
+1 for me
Mail address used here is site specific, never used for anything else, cannot be dictionary generated.
We have received several reports from users receiving spam and/or phishing emails to email accounts which were unique to their profile on our community. We feel that there are enough of these to indicate that at some point in the past there was some sort of information disclosure which exposed these email accounts. We are not aware of any particular information disclosure or what exact information may have been exposed.
That being said, we take our community members' information security seriously and continuously review our code and configurations for security vulnerabilities. We do, however, run 3rd party forum software and plugins which occasionally have public security vulnerabilities. We apply all patches as soon as they are available to ensure the security of our data and therefore of our community. Even so, there is always the chance that someone is using an unpublished security vulnerability to try to attack our forum and gain personal information.
Our forum, as with many others running similar software, is a target for hackers attempting to harvest personal data (email addresses, passwords, etc). We highly recommend that you use a unique password for each website you are signed up with, and change that password on a regular basis. For services that support two-factor authentication, enable this option for even more security and peace of mind.
If anyone has information relating to any sort of information disclosure or compromise, we encourage them to report them to the technical contact at http://www.xda-developers.com/contact/#technical
Thank you and as always, questions and comments are welcome.
I posted in the other thread about this but figured I'd chime in here as well. I also use my own [email protected] address just for this site. I've never posted the address publicly and I always make up new passwords for each site. Those are at minimum 8 random characters/numbers/symbols.
In the other thread it was proposed that an admin/moderators system may of been compromised and a screen scraper had seen our emails. I find this pretty unlikely since my last post before the ones about this was in March. Are you sure all the moderators/admins can be trusted not to of sold our information themselves?
I think enough people have reported this problem that you should acknowledge it on the homepage and ask if people receiving these emails can post back so you can get a real idea of how many peoples accounts have been compromised.
Until you have found the source of the leak what is the point of changing our emails/passwords, they could just pull the new info again, besides, it's a PIA to keep changing my email address. Is anything being done about this or are you just waiting for some good willed hacker to email you at the address you posted?
Tann San,
I have a zero-tolerance policy about spam and getting the information I trust to a site, leaked all over the place,
but the only reason I've posted about it, is to confirm that indeed happened, after seeing bitpushr's post,
so the sysadmin(s) can look into it.
After said that, please keep in mind that even if they find out what caused the leak this time and patch it,
that doesn't mean that it won't happen again in the future. So the least we (the members) can do,
is to follow svetius advice and keep different passwords for each service we subscribe to and different e-mail accounts
whenever possible, although most of the disposable e-mail services, sadly are banned in this site -- obviously to fight spam accounts.
I hope that this can answer your question about why to change email/passwords this time (and every time after that).
I understand your frustration, it is indeed PITA, but one can hope that whatever backdoor was open to our data, it is closed for now...
You misunderstood me, I do use different email addresses for all my logins, that's the benefit of having my own email server. I also use different random passwords for each account. What I meant was that it's a annoying to change my email address here more than once since the leak hasn't been identified. For example, I can change it right now to another one but then whoever got our addresses already could go back and get my new email address, so then I have to change it again.
I don't really use my account here very often but I do read the RSS feeds/articles every day. I'm just saying that it seems a bit irresponsible to not let people know that their email accounts and who knows what other information has been stolen. That is also part of the reason I asked what was being done about this besides waiting for whoever it was to tell them how they did it.
Unfortunately "hoping" that the leak has been sealed is not a solution.
I wrote the screen scraper suggestion, and that's a pretty unlikely scenario since those are usually used against high value targets for banking info/logins. Most harvesters use the outlook address book or mine the browser cache of victim machines. The most likely explanation is that this was a sql injection attack on the forum software and probably took place "many moons" ago.
Ditto
Not sure if you want more confirmation, but I too have received Diablo III related fishing messages - to an address specific to this board.
My best bet is that someone sold a list of email address on...
Not a big issue for me as I'll just change my email address if the messages gets too much. Going to change my password just in case, but I haven't noticed anything strange.
Good luck!
Rinkink said:
Not sure if you want more confirmation, but I too have received Diablo III related fishing messages - to an address specific to this board.
My best bet is that someone sold a list of email address on...
Not a big issue for me as I'll just change my email address if the messages gets too much. Going to change my password just in case, but I haven't noticed anything strange.
Good luck!
Click to expand...
Click to collapse
XDA will never, ever ever ever sell E-mail adreses!
Sent from my MB525 using xda app-developers app
Rinkink said:
Not sure if you want more confirmation, but I too have received Diablo III related fishing messages - to an address specific to this board.
My best bet is that someone sold a list of email address on...
Not a big issue for me as I'll just change my email address if the messages gets too much. Going to change my password just in case, but I haven't noticed anything strange.
Good luck!
Click to expand...
Click to collapse
We have looked for any suspicious activity carried out by authorised users, and have found nothing so far.
I'm currently working backwards through years of vBulletin emails to see if there's anything from the past that could be an issue.
Your actual password isn't stored on, or transmitted to, XDA. It's stored in a hashed and salted form, which is more than can be said for many high profile sites unfortunately that were in the news recently...
Still, we'll not be happy until we can work out what's happened, no matter how long ago or recently it may have been.

[Petition][Poll] We want Https on XDA!

[Petition][Poll] We want Https on XDA!
Three days ago I had a conversation with @benkxda. During that conversation, he pointed out that XDA uses no https encryption. Therefore everybody can read our passwords and PMs when we send them to the server. What if someone replaced our downloadable files with viruses?
Is that really what we want? Neither @benkxda nor I think so. Hence we decided to create this thread.
Now you might ask what you can do to get https on our forum. The first and easiest option is probably the most effective. Vote in the poll at the top of the page.
If you've got some spare time, you can also write a short (or long) post explaining your opinion.
If we get enough votes for this petition, the admins might consider supporting the https protocol.
To ensure that everybody sees this, we want to get this on the portal. Please help us by either clicking this link or by clicking the "Tip us?" button in the right upper corner of this post.
It would also help to spread the word if you put a link to this thread into your signature.
Thanks for reading.
Announcements
4th March 2014: 1000 supporters.
2nd January 2014: bitpushr implemented https for the login form! Thanks to all supporters.
23rd December 2013: And again, doubled. 800 votes now.
1st November 2013: Another announcement by bitpushr: They "have gotten [their] CDN provider to add SSL." Moreover, he will "add this to the forums".
28th September 2013: Doubled, again. 400 now.
31st August 2013: We just hit the 200 voters mark. Thanks.
13th August 2013: We reached 100 supporters. Keep voting.
7th August 2013: bitpushr announced that the admin team is working on https. I want to say thank you to all who have voted yet. But remember, we don't have https yet. So continue to vote.
29th July 2013: This petition was created.
Click to expand...
Click to collapse
Code for the signature
Code:
[SIZE="5"[B][/B]][[B][/B]URL="http://forum.xda-developers.com/showthread.php?t=2383868"][[B][/B]COLOR="Blue"]Vote for a secure XDA: [/[B][/B]COLOR][Petition][Poll] We want Https on XDA![/UR[B][/B]L][/SI[B][/B]ZE]
Well, XDA folks, you have to take the poll serious. In days where secret services all over the world spy almost everything, the poll has two options, a secret service version as well as a normal version :angel:
But to be honest, we are not safe from those spies. Encryption can help much - not only against those spy experts, but also against the administrators in a network, for eg in the company.
Currently, we have no secured connection like SSL/TLS secured HTTPS. Login data can be stolen, every communication is held open. We need a secure connection for the whole XDA website, including linked in scripts and images and not limited to the login sequence. This is state of the art even at Google or Facebook.
benkxda said:
Well, XDA folks, you have to take the poll serious. In days where secret services all over the world spy almost everything, the poll has two options, a secret service version as well as a normal version :angel:
But to be honest, we are not safe from those spies. Encryption can help much - not only against those spy experts, but also against the administrators in a network, for eg in the company.
Currently, we have no secured connection like SSL/TLS secured HTTPS. Login data can be stolen, every communication is held open. We need a secure connection, which is state of the art at Google or Facebook.
Click to expand...
Click to collapse
All sites these days should be https. Also I want to add that it is important that https is not only added to the login itself but the entire site. To cut cost, lots of sites use http to https redirect for login only and then swtich the user back to http. Problems with that are tools for cookie hijacking, session hijacking, and tools like sslstrip. The vote should be for SITE WIDE https.
Let's face facts people. On XDA, we download things and flash to our phones, tablets or other devices. If our account is hijacked )which is so easy its not funny) then someone else can replace our material with ones that have back doors/trojans and update the posted MD5. No one would know. security is a concern for me at least.
calisro said:
All sites these days should be https. Also I want to add that it is important that https is not only added to the login itself but the entire site. To cut cost, lots of sites use http to https redirect for login only and then swtich the user back to http. Problems with that are tools for cookie hijacking, session hijacking, and tools like sslstrip. The vote should be for SITE WIDE https.
Let's face facts people. On XDA, we download things and flash to our phones, tablets or other devices. If our account is hijacked )which is so easy its not funny) then someone else can replace our material with ones that have back doors/trojans and update the posted MD5. No one would know. security is a concern for me at least.
Click to expand...
Click to collapse
True, only full secured websites are really secured. Thanks for this hint, will edit my prior post.
calisro said:
All sites these days should be https. Also I want to add that it is important that https is not only added to the login itself but the entire site. To cut cost, lots of sites use http to https redirect for login only and then swtich the user back to http. Problems with that are tools for cookie hijacking, session hijacking, and tools like sslstrip. The vote should be for SITE WIDE https.
Let's face facts people. On XDA, we download things and flash to our phones, tablets or other devices. If our account is hijacked )which is so easy its not funny) then someone else can replace our material with ones that have back doors/trojans and update the posted MD5. No one would know. security is a concern for me at least.
Click to expand...
Click to collapse
Of course, it should be added to the entire site. However, I didn't even think about the downloading thing. That's definetly true and I'll add that.
Feel free to spread the word.
Thank you very much. :good:
benkxda said:
True, only full secured websites are really secured. Thanks for this hint, will edit my prior post.
Click to expand...
Click to collapse
Posted at the same time. :laugh:
benkxda said:
True, only full secured websites are really secured. Thanks for this hint, will edit my prior post.
Click to expand...
Click to collapse
Not fully correct.
NSA is getting also access to https secured connections.
http://www.dailytech.com/FBI+NSA+Wa...Keys+from+Internet+Companies/article32046.htm
Mardon said:
Not fully correct.
NSA is getting also access to https secured connections.
http://www.dailytech.com/FBI+NSA+Wa...Keys+from+Internet+Companies/article32046.htm
Click to expand...
Click to collapse
That's right, but our main concern should be the (bad) hackers. It is difficult to stop the NSA, you know.
Mardon said:
Not fully correct.
NSA is getting also access to https secured connections.
http://www.dailytech.com/FBI+NSA+Wa...Keys+from+Internet+Companies/article32046.htm
Click to expand...
Click to collapse
This must be verified first, but frankly I really believe, they try to get those master keys. But they would need a master key to get access. At least, an encryption keeps out most assailants.
nikwen said:
That's right, but our main concern should be the (bad) hackers. It is difficult to stop the NSA, you know.
Click to expand...
Click to collapse
Right https is much better i agree
If NSA or FBI or who else gets the masterkeys there also exist a chance for others (hackers) to get the keys too.
I think the whole internet needs a new full encrypted security protocol in future where the keys are randomly changed and such things like masterkeys only working a few hours to minimize the hacking risks.
But thats offtopic i think
Mardon said:
Right https is much better i agree
If NSA or FBI or who else gets the masterkeys there also exist a chance for others (hackers) to get the keys too.
I think the whole internet needs a new full encrypted security protocol in future where the keys are randomly changed and such things like masterkeys only working a few hours to minimize the hacking risks.
But thats offtopic i think
Click to expand...
Click to collapse
Oh yes, indeed I recently thought almost the same. And maybe we are a bit special picky, hope the "normal" users can keep up that indignation or sometimes outrage on these spy stuff. Also true, off topic.
Mardon said:
Right https is much better i agree
If NSA or FBI or who else gets the masterkeys there also exist a chance for others (hackers) to get the keys too.
I think the whole internet needs a new full encrypted security protocol in future where the keys are randomly changed and such things like masterkeys only working a few hours to minimize the hacking risks.
But thats offtopic i think
Click to expand...
Click to collapse
you realize there aren't one set of master keys for all certificates right? lol. Each certificate has a master key owned by the company owning the cert. If facebook gives them their master keys that doesn't mean they can snoop your xda or bank account traffic.
ok back on topic! I digress!
Mardon said:
Not fully correct.
NSA is getting also access to https secured connections.
http://www.dailytech.com/FBI+NSA+Wa...Keys+from+Internet+Companies/article32046.htm
Click to expand...
Click to collapse
Just saying, but on HTTPS stuff that we use, we use forward-secret HTTPS. Meaning the "private key" for the site is of no use for decrypting past connections. That's becoming more popular for larger sites these days, but I started looking into it a while ago, and it is ready to use now. Look for a key exchange method of DHE or ECDHE
As such, the only value in obtaining such keys would be to spoof future connections. If someone is that determined to target YOU individually with spoofed or MITM'd connections, you should be worrying about other things (it would be fairly impractical to mount a widescale meaningful attack).
If you are concerned, you should look into the issues with the CA system who issue SSL keys - an SSL certificate can be signed by ANY of them, and there's a number of CAs who are somewhat sketchy in trust... Tl;dr if an active attacker wants a key for your site to spoof it, he can get it. It won't be the same one (cannot decrypt legit traffic), but can be used to impersonate the site.
pulser_g2 said:
Just saying, but on HTTPS stuff that we use, we use forward-secret HTTPS. Meaning the "private key" for the site is of no use for decrypting past connections. That's becoming more popular for larger sites these days, but I started looking into it a while ago, and it is ready to use now. Look for a key exchange method of DHE or ECDHE
As such, the only value in obtaining such keys would be to spoof future connections. If someone is that determined to target YOU individually with spoofed or MITM'd connections, you should be worrying about other things (it would be fairly impractical to mount a widescale meaningful attack).
If you are concerned, you should look into the issues with the CA system who issue SSL keys - an SSL certificate can be signed by ANY of them, and there's a number of CAs who are somewhat sketchy in trust... Tl;dr if an active attacker wants a key for your site to spoof it, he can get it. It won't be the same one (cannot decrypt legit traffic), but can be used to impersonate the site.
Click to expand...
Click to collapse
Thanks for the info. I didn't know that.
Not a techie nor from a part of the world affected by PRISM (?) but still having read all this I'm inclined to say i second this motion
nikufellow said:
Not a techie nor from a part of the world affected by PRISM (?) but still having read all this I'm inclined to say i second this motion
Click to expand...
Click to collapse
Great.
Are you sure that you are not affected? Everyone is, some more, some less.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
(http://upload.wikimedia.org/wikipedia/commons/5/5c/Boundless-heatmap-large-001.jpg)
We've reached over 50 votes.
nikwen said:
We've reached over 50 votes.
Click to expand...
Click to collapse
Nice. So, some people know about HTTPS and encryption and prefer that. Not only because of the secret services of the "Five Eyes", but also to protect me from curious network administrators. There are surely more on XDA, who want to support this necessary petition.
EDIT: Oh, please don't misunderstand, I did not want to protect the secret services from other countries, as they might be not better in privacy protection, for eg the German secret service called "BND" seems to be the sixth eye. Again, I did not want to say only those five do bad things.
As lots of users don't know / care about encryption, a secured https connection with XDA might sensibilize at least some.
So, I support your request.
rog_star said:
As lots of users don't know / care about encryption, a secured https connection with XDA might sensibilize at least some.
So, I support your request.
Click to expand...
Click to collapse
Yeah, I hope so.
Thanks for voting.

XDA Clone

I just stumbled across another site that is a 1:1 clone of much of XDA: forum.freelatestmovies.org.
A lot of images are missing, and a lot of links don't work, but if you search the site via Google, there are a significant number of subforums/threads that do work, are current, and are direct copies (including XDA's 404 page lol). The homepage doesn't seem to want to load at all on my Mac, but a number of subforums and individual threads do, and the homepage loads on my mobile.
I'm not sure if it's someone phishing for xda usernames/passwords or if it's hosting any malware, or if it's just some bot that's crawling around copying everything, but it's clearly not legit, whatever it is.
Anyway, just wanted to bring it to the staff's attention.
Thanks for letting us know :good:
@bitpushr
Morningstar said:
I just stumbled across another site that is a 1:1 clone of much of XDA: forum.freelatestmovies.org.
A lot of images are missing, and a lot of links don't work, but if you search the site via Google, there are a significant number of subforums/threads that do work, are current, and are direct copies (including XDA's 404 page lol). The homepage doesn't seem to want to load at all on my Mac, but a number of subforums and individual threads do, and the homepage loads on my mobile.
I'm not sure if it's someone phishing for xda usernames/passwords or if it's hosting any malware, or if it's just some bot that's crawling around copying everything, but it's clearly not legit, whatever it is.
Anyway, just wanted to bring it to the staff's attention.
Click to expand...
Click to collapse
Morningstar, I was searching for your notipanel smali mod and google brought me to this site:
http://www.ttnairport.com/developer...notification-panel-background-t3189731/page3#
This might be an other clone as well.

Categories

Resources