HTTP smuggling & splitting, and lots of talk about "big brother" watching

Re: Outpost Firewall Free 2009 v6.5 Released

QUESTION FOR ALL ON THE BOARD: If http smuggling, http splitting, and man in the middle attacks are so dangerous aren't you scared of being easily hacked?
I have a router, and my router has never hacked so far?

So, why making apocalyptic statements?
I've been for hours surfing, downloading, entering all kinds of websites, and I have never seen this!?
Should I consider myself a lucky guy?

Do you consider yourselves lucky guys, since from the posts you have never been attacked by these forms of attacks?

However, I do remember an particular situation where I was under thinking that I've been a victim of ARP spoofing (if that was the case, I'm not sure if that was ARP spoofing attack)?
The fact the router blocked all traffic and shut itself down, and restarted itself-weird situation indeed, but this was 6 months ago, at least.

If router blocks all of these attacks by shutting itself down against mentioned attacks and than restarting itself, than there shouldn't be any problem, right?

I wonder if Stem has tested any router of software firewall against these attacks, since it seems it he is honestly one of posters who can actually speak with the knowledge, testing and experience that he has, especially to make companies to do better filtering against such and other forms attacks.

Cheers.

 

Re: Outpost Firewall Free 2009 v6.5 Released

well pandlouk did say that http smuggling, and http splitting are very very hard to stop so I presume that the modified http packets would just simply travel thru and bypass your Router without affecting it along with all the other normal http traffic on port 80.

But still if pandlouk can explain what is achieved by this attack

 

Re: Outpost Firewall Free 2009 v6.5 Released

Yes, I would like to know that, what is the main target, because if it's true that hacker can easily exploit this in/through my router, than it has been bypassed so many times, without possibility of detection, which means I've been hacked 100 times at least, and yet, on my computer nothing malicious has ever happened, not yet.
Isn't that ironic?
Perhaps, block all traffic or shutdown and restarting istelf is the only and the most secure solution, and that I think pretty much any software or hardware firewall/router actually has it.
I would simply like to know more about these attacks: ARP spoofing, man-in-the-middle attack, http splitting and http smuggling-what they represent and how truly dangerous are they?

 

Re: Outpost Firewall Free 2009 v6.5 Released

That simple it is.

You won´t take any notice. Your router and firewall are no help. If you connect to the internet you are passive part of all seeing eye (master and control central for http-poisoning and http-smuggling) if you want it or not. HTTP is a old protocol, there is no security to expect here. Maybe you understand now why the whole discussion about security is a farce, the main aim of monopolists and huge software companies is to reduce the attacks of kiddies, botcher and amateurs because they make too much noise, that is what they call bringing security to your home. But the biggest hole is kept silent and under the hood: HTTP. HTTP is the spy glass of the elite. Remember: The best intrusion will never be noticed except you take a deep look into it and make some long term forensics.

Only naive. The dangerous is the hidden the things you will never notice
unless you make strong efforts to understand the reason and to look behind.

Try to keep your naivity as long as possible but with entering this board your worry-free concept might be shocked step by step.

Probably you need a lesson in understanding the system of a virus. Aim of a sophisticated viral system is not to destroy its hosts nor to bother them too much it is a silent adaption to survive, to spread and to own and control more and more.

 

Re: Outpost Firewall Free 2009 v6.5 Released

Well, I guess this is all true, but still I consider myself enough experienced to know when my security has been compromised-so far, it hasn't been.
Trust me I would know it.

 

Re: Outpost Firewall Free 2009 v6.5 Released

Maybe you should first find a definition for what you call security.

For you security might be this way: Surfing the web without interruptions, everything looks fine, no anomalies to see,
I can do what I want to do without being bothered.

Maximum security (which is nearly unachievable) means: I surf the web, leave zero traces, I am absolutely encrypted, nothing can leak me (even no aqua, h2o, eau, retaw or water, ota, tao, dao ) I can do what I want but nobody can notice my presence, I am like a shadow, a phantom.

If you achieved to bypass the eye you would achieve to fool the devil. Isn´t that a challenge?

 

Re: Outpost Firewall Free 2009 v6.5 Released

And actually, your might not believe it, but this is the way on what my experience is based:
Surfing the web without interruptions, everything looks fine, no anomalies to see.
This is why I always find a hard time to believe that security can be so much compromised.
But this is just me, maybe I'm just one in a million, who knows?
I guess it all depends on the user itself!?

 

Re: Outpost Firewall Free 2009 v6.5 Released

I am having some difficulty understanding the risk factors involved regarding this HTTP smuggling, splitting etc.

I understand that:
1. It cannot be blocked by current firewall technology
2. No one knows who is behind its organized use.

These two points have been repeated over and over here so many times that the phrase, "Be Afraid! Be very afraid!!" pops up instantly in my mind when I see this topic being discussed.

What I am still missing is,
"Exactly WHY should I be afraid?!"
"Exactly what am I risking by failing to take this issue more seriously?"

I have seen some ask questions similar to the ones I ask myself, but these are generally rebuffed with something along the lines of, "I don't have time to explain, if you want to understand spend some time educating yourself and read the information you can find here, or set up a test network and perform the tests you can find there".

Well, I have read some of the links, and it is still not clear to me why I should be so afraid; maybe I am just too stupid to comprehend the so-simple-a-child-could-understand explanations in these links.

Also, I guess I must always be eternally grateful to my professors in college that they didn't brush me off and point me to my textbook when I had a question, eh? :-D

Anyway, my question was, and is still essentially this:
WHY should I be afraid?

 

Re: Outpost Firewall Free 2009 v6.5 Released

It depends on you, you don´t have to
if you have no problem with big brother.

Isn´t that reason enough to become alarmed.

Who is behind? This question is interesting, I could answer you this in fragments but that were only a drop of a hot stone.
There is a lot of system, edu, org, gov and elite behind, for sure but probably also enough guys from the industry
mixed up with some hardcore people and probably some of the internet founder too, those who have the knowledge of decades on their side. It would become a long list I guess. This is a very speculative zone there is a high probability that several young black, grey or white hats are part of it too. Maybe the upper core are only a few but they might have countless henchmans.

 

Re: Outpost Firewall Free 2009 v6.5 Released

There is a company from Quebec that claims to make your windows system safe against viral http packets: http tunnel

Bypassing firewall to secure http, sounds like from one dummy security to the other.

 

Re: Outpost Firewall Free 2009 v6.5 Released

I do have a problem with big brother, but I try not to worry about things over which I have no control.

Since apparently all of the powerful upper echelons of society are involved, it appears that the outcome is inevitable, and therefore this is not something that I need to be worried about.

Regardless, thank you for helping me clear this up in my head, and I apologise to the other readers for helping to keep this OT subject alive in this thread.

 

Re: Outpost Firewall Free 2009 v6.5 Released

Is this http tunnel similar to Tor?

 

Re: Outpost Firewall Free 2009 v6.5 Released

You are welcome.

Yes but they bother and disturb people with e.g. cyberstalking just to name one of their psyops, another one is sporadic attacks against their opponent systems and ddos attacks against their servers.

Don´t know. At least it sounds secure.

 

Re: Outpost Firewall Free 2009 v6.5 Released

It might help you to think about how we came to use the word "virus" with computers in the first place. Malware can be exactly like a germ - unseen, located where you might least suspect it, but easy to catch. Virus=germ=unseen. Things aren't always as they seem. Hope that analogy (albeit simple) might help.

 

I think this is more of "Privacy" or "Nuisance" Issue with modified packets coming in rather than a actual security Issue on your PC. like I say in the other thread to solve this use a encrypted vpn tunnel with a proxy server.

That said I would love to see Hacker try and bypass my MD rules, Shadow Defender and take control or Drop a virus on my pc.

 

The mod must have read my thoughts, that was also my thought to split the topic.

Good idea. But many proxies are insufficient to filter smuggling requests it must be a very good one.

 

Re: Outpost Firewall Free 2009 v6.5 Released

.
Regarding MITM attacks there are at least two scenarios I'm aware of. One is open wi-fi where anyone can "sniff" unencrypted transmissions. The other is a trojan/keylogger infection that can grab your data as you type it into a browser, etc. I don't see how data could be intercepted on route to your PC, unless we're talking CIA

 

Re: Outpost Firewall Free 2009 v6.5 Released

But sniffing unencrypted transmissions is the same thing as intercepting traffic on route to your PC is it not?

 

But the difference is that no one can target you individually, they can of course
target the unencrypted traffic going out from the proxy server IP but they wouldn't know who's traffic it is.

And good proxy servers are normally behind a layer 7 hardware fire wall much better than the general home user.

 

Re: Outpost Firewall Free 2009 v6.5 Released

I'm sorry, but from your word and the words of others, my security should have been compromised at least 100 times, literally, and it just does not happen.
I have never picked up a malware or anything else compromising, really.
I'm quite sure that there are here people who can offer the same experience.

 

That´s true, not directly targeting but what happens with the packets, they will be reduced or even minimized.
Instead of a broken pipe you now have a leaky water faucet.

 

Re: Outpost Firewall Free 2009 v6.5 Released

What CIA can do others also could do.

Agree.

 

Re: Outpost Firewall Free 2009 v6.5 Released

I hear this a lot. But think of the logic. People are killed while crossing streets every day. Yet, I don't pretend it's not a risk simply because I have crossed the streets thousands of times without ever being injured. Drug side-effects kill thousands every year. However, I can't claim that such and such a drug must be safe (even if it has killed a bunch of people) because I took it and was just fine. There are tons of analogies like this. The logic of "it hasn't happened to me," just doesn't compute. Nobody breaks a hip by falling on the ice - until they do. Nobody gets their house blown away in a tornado - until they do. Taking your logic to the extreme, nobody has ever been murdered - until they were murdered; that doesn't mean they were safe from murder before because they had never been murdered (until they were). I hope I'm making sense as I am trying to show how the logic you are using is flawed in a way that is....well....logical.

 

Re: Outpost Firewall Free 2009 v6.5 Released

I think this a wrong analogy, since I cross a street and my eyes in this case are my firewalls, so it depends on my eyes if the car is going to kill me. Obviously, people just don't pay attention on that. Drug-side effects?
It's comparable to open all ports on your computer and your computer is having malware-side effects. It all depends just how much you want your security gets compromised.
If you're going by dangers that internet offers, I would never buy router or modem, and I would never connect to the net, and yet I'm surfing without any trouble, none has yet shown interest in breaking through my protection-or it couldn't.
I simply think people make too exaggerating statements about security getting compromised. So what if big brother is watching me now?
I honestly don't care until some malware enters my computer, so far it just didn't happen.
Of course, mostly it depends on the surfer, but I have learned lessons from near past, and now everything is just ok.

But someone has yet to prove that my computer's security is compromised.

 

Re: Outpost Firewall Free 2009 v6.5 Released

I think this is not optimum approach.

It is like saying that since no one has yet proven that you have cancer, you don't have cancer.

If you have computer connected to any network, there is always possibility that your security has been compromised without your knowledge.