WildCatBoy -- how did I do this? - Security | DSLReports Forums (Page 3)

Author	All Replies
OzarkMan$ join:2000-12-22 Ozark Mtns.	reply to R2 Re: WildCatBoy -- how did I do this? Dang....I sure hope you don't blow a gasket one of these days
	to forum · permalink · 2001-06-02 14:43:20 ·
R2 R Not Premium,MVM join:2000-09-18 Long Beach, CA kudos:1	I blew a gasket a long time ago, that is why I am the way I am!;) I just can't figure out how this is working and I don't like that!:( I figured out one thing -- the file in my TIF shows me why I cannot block the ad with Hosts. The properties box shows the source as: »www.pcnineoneone.com/adimages/468_1.swf That makes it a ShockwaveFlash object. OK, so why couldn't I prevent it from running if I disabled the .swf extension and the ShockwaveFlash.Shockwave Flash Object Type in the registry?? That doesn't make sense. Only if I disabled the correct Class ID could it be prevented from running. This still doesn't tell me why or how that page triggers the ActiveX warning... but I am getting more and more of the puzzle figured out! Regardless, I suspect I will never get an answer... but that won't stop me from trying.:) _______________ This is weird also. OK the link above IS the source of the CoolerGuys ad. Double-click on the link and you will see the ad only. If you disable ActiveX, you will NOT see the ad -- only a place card -- and NO WARNING is shown!! Why not? Why doesn't blocking this ActiveX object trigger the same warning as the PC911 page? ________________ And here is the call in the packets to get the ad image: GET /adimages/468_1.swf HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98) Host: www.pcnineoneone.com This call was near the end of the packets and it is obviously the command that downloads that ad. I have NO idea what the purpose of the earlier packet was -- perhaps it to make sure the user HAS Shockwave Flash installed -- and if not, it will download it in order to play the ad?? I don't get it. [text was edited by author 2001-06-03 09:40:09]
	to forum · permalink · 2001-06-02 18:04:49 ·
R2 R Not Premium,MVM join:2000-09-18 Long Beach, CA kudos:1	reply to R2 OK, this is obviously way beyond everyone, but if anyone is following this, check this out: »support.microsoft.com/support/kb···9/43.ASP Notice the wording of this is EXACTLY as I posted in the SECOND warning message (new warning.jpg), but not the first. This page provides potentially unsafe information to an ActiveX Control. Your current security settings prohibit running controls in this manner. As a result, this page may not display correctly. Now to find where this wording originates from... ____________________ I am just using this thread as a scratch pad to be able to view my thoughts at home and at work... Here are some more links: »support.microsoft.com/support/kb···3/65.ASP »msdn.microsoft.com/library/devpr···rror.htm »msdn.microsoft.com/library/devpr···ex_contr ol It looks MORE and MORE to me that the actual web site is giving something like a "Throw Error" command when you disable ActiveX. It almost HAS to be -- since the error message seems to be web page specific. If I can find the command in the packets, then that would prove this. If so, I will then be writing PC911 and asking them to STOP issuing that Throw Error command!! __________________ I have extensively investigated the packets and I can find NO clear command from PC911 that "throws" the error message. That is weird. However, I did find this: »support.microsoft.com/support/kb···7/97.ASP And this WORKS!!! I entered this registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11cf-96B8-444553540000} With (Default) (value not set) and the only entry as: Compatibility Flags (Dword) 0x00000400 (1024) This time there is NO warning screen and the ad does not play. However, this disables the Flash player in ALL IE zones. I would prefer to just knock it out of the Internet Zone, however, I cannot find a Zone specific entry... yet. The MSKB has almost NOTHING on Compatibility Flags and Kill Bits... [text was edited by author 2001-06-04 18:21:21]
	to forum · permalink · 2001-06-03 20:06:46 ·
Zhen-Xjell Prolific Bunny Premium,VIP,ExMod 2001-04 join:2000-10-08 Bordentown, NJ	reply to R2 Just as an FYI, I was asked to check the site that displays the Active X warning using Proxo. I disabled Active X and when I checked the site out, no pop up appeared. Proxo filtered out the script from the HTML that my browser sees. When I disabled Proxo and refreshed, my browser popped up the same warning message. Hooray to Proxo. -- »All your Smurf are belong to Smurf! »Ad/Cookie Blocking App Reviews
	to forum · permalink · 2001-06-04 20:05:03 ·
R2 R Not Premium,MVM join:2000-09-18 Long Beach, CA kudos:1	Thanks Zhen. Does Proxo block ActiveX in ALL Zones, or can you set it up so that your Trusted sites can still run ActiveX? The above registry Tweak: REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11cf-96B8-444553540000}] "Compatibility Flags"=dword:00000400 ...will eliminate the ad and the Warning message. However, the downside is that it knocks out the Shockwave Flash Player in ALL IE Zones. I would like to keep it enabled in my Trusted sites Zone, but I am not sure this is possible... Does Proxo allow that? Thanks, Zhen. [text was edited by author 2001-06-04 21:20:51]
	to forum · permalink · 2001-06-04 21:04:58 ·

Zhen-Xjell Prolific Bunny Premium,VIP,ExMod 2001-04 join:2000-10-08 Bordentown, NJ	R2, Proxo is very robust. Anything can be done to make it work the way you want it to. For instance, my configuration of proxo may be the only of its kind in existence. The key to its robustness are the filters and the language they use. I am no expert yet, but I am on my way. From what I've seen, it appears there is nothing that Proxo cannot do. If it cannot, then you can write your own filter and share it here for everyone's use. For me, I do not use restricted zones. Typically, if I even so much as allow a cookie from a site, I usually allow everything from the site. Now I only accept cookies from 4 sites, so I am very particular with this. Hence, DSLR for instance is on my Proxo bypass list (the easiest choice until I learn the full command of the filtering language). -- »All your Smurf are belong to Smurf! »Ad/Cookie Blocking App Reviews The key thing to keep in mind, is that Proxo parses the actual web page. If it finds items you deem are unacceptable, Proxo filters them out. Very customizable. [text was edited by author 2001-06-04 21:27:14] UPDATE I posted a question on this here. [text was edited by author 2001-06-04 21:42:59]
	to forum · permalink · 2001-06-04 21:26:06 ·
R2 R Not Premium,MVM join:2000-09-18 Long Beach, CA kudos:1	I think I get it, but probably without seeing it I will not fully understand. You say you only allow cookies and everything from four sites. Therefore, those 4 sites are on some type of 'bypass' list. This would be akin to the Trusted sites Zone, c'est vrai? But you cannot possibly specify what 'permissions' you want on each and every website separately -- there must be some type of 'zone' setup, is not there? Or it is just two zones -- bypass and not bypass?
	to forum · permalink · 2001-06-04 23:11:55 ·
Zhen-Xjell Prolific Bunny Premium,VIP,ExMod 2001-04 join:2000-10-08 Bordentown, NJ	said by R2: I think I get it, but probably without seeing it I will not fully understand. You say you only allow cookies and everything from four sites. Therefore, those 4 sites are on some type of 'bypass' list. This would be akin to the Trusted sites Zone, c'est vrai? In a way yes. said by R2: But you cannot possibly specify what 'permissions' you want on each and every website separately -- there must be some type of 'zone' setup, is not there? Or it is just two zones -- bypass and not bypass? Think of it this way: Proxo enables the user to define what kind of HTML page the user will accept. Proxo, based on user defined filters, will re-write the web page before it presents it to you. One can say for instance, Proxo, please look for the "javascript" tag between the "head" tags and remove all of them. Or one can say, Proxo, please take out all references to IMG between the BODY tags for all URLs except the ones contained in this list: TAG_EXCEPTION.TXT. If you want to do something, most likely you can but it has to be written. Here is an example: »groups.yahoo.com/group/prox-list···age/3314 The author talks about the "oas" code. The script he wrote searches for it, and then removes it. Here is an example of code for killing (or filtering out from the web page) ActiveX code. From other examples I've seen, this code could be customized to check an exception list. But as of right now, I cannot modify the code because I do not know how. (From this site.) Aside from not currently knowing, I want to jump start this and posted another help question here. I plan on learning the filter language starting today so I can begin to provide some filters. I hope I've made this clear. -- »All your Smurf are belong to Smurf! »Ad/Cookie Blocking App Reviews
	to forum · permalink · 2001-06-05 08:06:55 ·
Zhen-Xjell Prolific Bunny Premium,VIP,ExMod 2001-04 join:2000-10-08 Bordentown, NJ	reply to R2 R2 and all: Here lays the answer as to how it can be done. Just download the ActiveX filter, and add this little tidbit in, and you should be set (I cannot test til later)... Beside, I have to finish the other reviews. -- »All your Smurf are belong to Smurf! »Ad/Cookie Blocking App Reviews Long post over there... basically at the end of it, this is said: just add (^$LST(activexAllow)) the the "url" field of the filter then you go to proxos config and add a "block"list named activexAllow if you did so $LST(activexAllow) would filter activex on all pages in the list. by puttin an ^ in front of it the filter matches all pages except those in the list [text was edited by author 2001-06-05 08:43:48]
	to forum · permalink · 2001-06-05 08:34:28 ·
R2 R Not Premium,MVM join:2000-09-18 Long Beach, CA kudos:1	reply to R2 I got way too frustrated trying to 'join' yahoo groups then to sign on to the Proxo group. That was ridiculously convoluted, so I aborted. Sorry, I cannot take that kind of abusive sign-in procedure!!:) If I see Oops... You are not a member of the group prox-list. One more time I am going to SCREAM! To specifically filter Flash (as opposed to all ActiveX), the filter should be: Name = "Remove flash" Active = TRUE Multi = TRUE Limit = 200 Match = "PLUGINSPAGE="http"\|codebase="http://download"\|.swf" Replace = "KEYVAL="NO_CODEBASE"" So this will filter SW Flash in ALL Zones. That should be no different than what I did above in the registry. I simply have Killed all IE use of SW Flash. The filter you listed first: Name = "Active X killer" Active = FALSE Bounds = "<OBJECT/OBJECT>" Limit = 1024 Match = "" Replace = "<!--ActiveX Killer by Martin Konicek-->" ... kills ALL ActiveX. Therefore, all pages (except those in "bypass") cannot use ActiveX. So, Proxo, in essence can be used to create TWO zones -- the 'filtered' zone and the 'unfiltered' (bypass) zone. I am still not sure what it can do that the correct Zone setup cannot do. And I have more than two zones, so I have more flexibility... ¿verdad? [text was edited by author 2001-06-05 10:39:13]
	to forum · permalink · 2001-06-05 10:06:45 ·
Zhen-Xjell Prolific Bunny Premium,VIP,ExMod 2001-04 join:2000-10-08 Bordentown, NJ	R2, you must not have read my post immediately above yours. What that particular code snippet does is disables ActiveX for all sites, except those listed in activexAllow. So you are effectively managing at any level you want, not just on a per site basis. I can set it up so that DSLR can run ActiveX and enable cookies, but yet disable all images, etc etc. Very configurable down to the smallest element because you are in essence re-writing the HTML page. You control what you want to see and not what the web developer wants you to see. -- »All your Smurf are belong to Smurf! »Ad/Cookie Blocking App Reviews UPDATE: So, Proxo, in essence can be used to create TWO zones -- the 'filtered' zone and the 'unfiltered' (bypass) zone. I am still not sure what it can do that the correct Zone setup cannot do. And I have more than two zones, so I have more flexibility... ¿verdad? R2, Proxo is more than just this, by default it filters cookies, web bugs, javascript, pop ups, pop unders, advertisements (images and flash), style sheets, and the list goes on and on and on. It is the one application that seems to take over everything, from IE zones to cookie cutters. And the nice thing about it is, if someone wants to implement the same filter as you, all you do is copy/paste your filter here and that someone can implement it. Much better than providing images and explaining how to do things in other programs. [text was edited by author 2001-06-05 10:32:57]
	to forum · permalink · 2001-06-05 10:23:15 ·
R2 R Not Premium,MVM join:2000-09-18 Long Beach, CA kudos:1	Gotcha. So you are creating a filter (in this case ActiveX). Then, for that filter, you can set sites that can bypass that specific filter. You can then create another filter -- let's say for Cookies. Then choose sites that can bypass that specific filter. Is this correct? Hmmm... very intriguing.
	to forum · permalink · 2001-06-05 10:32:00 ·
Zhen-Xjell Prolific Bunny Premium,VIP,ExMod 2001-04 join:2000-10-08 Bordentown, NJ	said by R2: Gotcha. So you are creating a filter (in this case ActiveX). Then, for that filter, you can set sites that can bypass that specific filter. You can then create another filter -- let's say for Cookies. Then choose sites that can bypass that specific filter. Is this correct? Hmmm... very intriguing. FYI... I just updated my post right above yours, please read the last bit. For this question, you got it, right on target. -- »All your Smurf are belong to Smurf! »Ad/Cookie Blocking App Reviews
	to forum · permalink · 2001-06-05 10:33:51 ·

Broadband Tech > Security > Security > WildCatBoy -- how did I do this?

Re: WildCatBoy -- how did I do this?