Security and privacy Q&A

I admit it, me too.

Actually, beyond EMP, there’s the possibility of a solar flare.

The 1859 “Carrington Event” would be far more costly if it happened now:

There was a “Cyberdeck” build posted to Reddit a while ago which included a Farraday cage w/ the idea of it being useful after such an event.

1 Like

Yeah that was also the jumping off point for a time travel novel I read years ago. The basic premise was that the character traveled back to that date roughly and then ended up stuck there due to that event.

And it’s possible something like that is looming right now apparently.

Giant Sunspot Has Doubled in Size in 24 Hours and It's Pointed at Earth.
:exploding_head:

1 Like

I take that back. I fear this more now. :laughing:

1 Like

Today’s question: what is it that a website could be trying to do that causes Windows Firewall to ask for permission? Access to less commonly used ports maybe? This is while watching some online sports stream, request comes in maybe once a day, or once per session, and only while streaming from that site.

image

Location data would be my first suspicion. Likely harmless as many providers of live content want to know at least your rough location to make sure you aren’t streaming content that’s not authorized in your region.

Netflix does this too as I’ve seen it when I use a VPN when I’m out of the US

Thanks, but I don’t think so in this case. Whenever a site asks location data, Firefox pops up the permission request. This looks different, activating the Firewall.

except if it’s doing so by inferring from your IP address and DNS info. They do that specifically to thwart people trying to use a VPN to get around the streaming restrictions.

Oh I see, I didn’t know that sites could ask for that, and that the Firewall would be the “app” to intercept such requests.

Yeah most of the video chat apps do that too, but for a different reason which is to route you through the closest edge server which in theory anyway gives you better reliability

The reason why I’m a little suspicious that I can’t think of a single site that ever gives me this popup, so in the very least it’s “unusual”. And since streaming sites are by default “shady” (rebroadcasting is typically illegal) I’m more concerned with anything they present me with.

1 Like

when it comes to that type of stuff, I’m with you.

in other words if it quacks like a duck, it’s probably a duck…

1 Like

What type of duck though? :sweat_smile: I’m still thinking some kind of port scanning looking for vulnerabilities, but unfortunately I’m a security noob. Anyway, I deny access and hope for the best.

Edit: looks like trying to access an uncommon port is a likely scenario. from Microsoft (emphasis mine)

There are two ways to allow an app through Windows Defender Firewall. Both of them are risky:

  • Add an app to the list of allowed apps (less risky).

  • Open a port (more risky).

When you open a port in Windows Defender Firewall you allow traffic into or out of your device, as though you drilled a hole in the firewall. This makes your device less secure and might create opportunities for hackers or malware to use one of those openings to get to your files or use your device to spread malware to other devices.

Generally, it’s safer to add an app to the list of allowed apps than to open a port. A port stays open until you close it, but an allowed app opens the “hole” only when needed.

To help reduce your security risk:

  • Only allow an app or open a port when you really need to, and follow the steps to remove apps from the list of allowed apps or close ports that you no longer need.

  • Never allow an app that you don’t recognize to communicate through the firewall.

1 Like

That’s likely exactly the tool(s) being employed. Again if something like Facebook is doing it, it’s harmless (other than of course it’s Facebook) , But like you said if you think there is anything even remotely dodgy about a site, it probably is and it’s wisest to be extra cautious .

1 Like

BTW: Xbox live uses port scanning technology too. But they do it for good reason to prevent you from mucking with things and the xbox app on windows suppresses the alert otherwise

1 Like

We copy and paste that to customers all of the time :slight_smile:

1 Like

Looking at the Event Viewer for Microsoft-Windows-Windows Firewall With Advanced Security/Firewall I see that it was an UDP request. Seems like it could be innocuous, it’s a less secure (?) way to stream data packets allowing for packet loss and out of order arrival. Still not sure if it could also open me up to exploits.

Rule ID: UDP Query User{TPCR-1234-5678-JOES-SECURITEASE}C:\program files\windowsapps\mozilla.firefox_102.0.0.0_x64\vfs\programfiles\firefox package root\firefox.exe
Rule Name: Firefox
Origin: Local
Active: Yes
Direction: Inbound
Profiles: Public
Action: Block
Application Path: C:\program files\windowsapps\mozilla.firefox_102.0.0.0_x64\vfs\programfiles\firefox package root\firefox.exe
Service Name:
Protocol: UDP
Security Options: None
Edge Traversal: None
Modifying User: NT SERVICE\mpssvc
Modifying Application: C:\WINDOWS\System32\svchost.exe