Presentation on DNS Poisoning at CALUG (Columbia Area Linux Users Group)

It’s been a while, but in September 2017, we did a presentation at the Columbia Area Linux Users Group (CALUG) on how to use DNS Poisoning (using IvyDNS as a case study) as a means of protection against Corporate Surveillance and how it can be used to increase your on-line Privacy and Security.

The presentation was called “NXDOMAIN is where it’s at! Using DNS Poisoning as another layer in your Security Onion to enhance your on-line Privacy & Security“. You can take a look at the presentation and what we talked about over here.

Tool in the Spotlight: Pure URL

This month’s Tool in the Spotlight: Pure URL, a Firefox extension that removes tracking query string fields like “utm_source=*” from URLs (the homepage of its creator is over here. NOTE: while, according to the add-on web page, the tools declares to be available under the GPL v3.0, we can’t find the location of its actual source code).

What makes us excited about this add-on is that it automatically modifies and strips all unnecessary query string content (e.g. “utm_source=*” but others as well) from URLs that it encounters while you are browsing. Many sites embed these query string elements in links that they provide in order to track you, their advertisement campaigns, conversion sources, etc.
But these fields are of no use to you and even work against your best interests.

What Pure URL does, is turn a hyperlink like this:
https://www.domain.com/?page=7741&utm_source=somesite.com&utm_medium=RSS&utm_campaign=mail
into the more reasonable:
https://www.domain.com/?page=7741

By default, Pure URL treats and removes the following unnecessary query string elements (lifted and modified from the extension’s web page as of writing of this article):

  • utm_source, utm_medium, utm_term, utm_content, utm_campaign: spyware fields used by Google Analytics
  • yclid: spyware fields used by Yandex
  • feature: a useless field used by youtube.com
  • fb_action_ids, fb_action_types, fb_ref, fb_source, action_object_map, action_type_map, action_ref_map: spyware fields used by Facebook
  • ref, fref, hc_location: tracking fields used by Facebook
  • ref_: tracking field used by imdb.com

Pure URL strips out these query string values from hyperlinks by default and lets you specify which others you want it to strip as well (and – but why would you do this – which ones of the above, you want to keep).
One word of caution: it is unclear whether or not it prevents these values from being submitted to servers when you make a request containing these values yourself. In other words: it is unclear whether or not this add-on only modifies your DOM or whether it also modifies your requests. This can be an issue when you click on links containing these values in another program (e.g. e-mail client) which then opens up the page in your browser.

While IvyDNS already protects you against this type of tracking on your end, it is useful to have a multi-layered approach to your online security and privacy. Pure URL is a nice addition to these layers which also prevent the server-side from tracking you through these query string values.

NOTE: we are entirely unaffiliated with whoever produces this tool, we receive no compensation whatsoever from them.

Advertising networks are delivery mechanisms for malware

The Register published an article on how advertising networks used by major and popular sites are (yet once more) being hijacked by malware peddlers. IvyDNS eliminates this attack vector and keeps you safe when you are online.

It’s just another reason to no longer treat advertising as ‘harmless’ or ‘a minor nuisance’: allowing content from unknown third parties to be downloaded to and executed on your devices is a major security risk that can lead to compromised devices and can include identity theft.

A two-year long, highly sophisticated malvertising campaign infected visitors to some of the most popular news sites in the UK, Australia, and Canada including Channel 9, Sky News, and MSN.

Readers of those news sites, just a portion of all affected (since it also affected eBay’s UK portal), were infected with modular trojans capable of harvesting account and email credentials, stealing keystrokes, capturing web cam footage, and opening backdoors.

The news sites are not at direct fault as they displayed the advertising; the ad networks and the underlying structure of high-pace and low-profit margins is what lets malvertising get its huge impact.

Read the full article over here.