Easylist now blocking validate.perfdrive.com. What is it?

[Zarathustra[H]]

So, all of a sudden I can't access a ton of sites (including my banks online account) due to easylist including a block of perfdrive.com

Does anyone know what perfdrive is? My googling thus far has led to rather limited results.

I obviously want to access my banks website, but not at the cost of having some sort of tracker leave cookies on my machine.

Appreciate any thoughts on this.

 

[MrGuvernment]

So, all of a sudden I can't access a ton of sites (including my banks online account) due to easylist including a block of perfdrive.com

Does anyone know what perfdrive is? My googling thus far has led to rather limited results.

I obviously want to access my banks website, but not at the cost of having some sort of tracker leave cookies on my machine.

Appreciate any thoughts on this.

Can you submit it to Easylist as a false positive for review?

 

[pendragon1]

Can you submit it to Easylist as a false positive for review?

reddit shows others already marked it as such a couple years ago...

 

[SamirD]

I would check if any other blockers have slgged your bank's website. It may not be a false positive--just something the bank hasn't figured out yet.

 

[Zarathustra[H]]

Can you submit it to Easylist as a false positive for review?

I could, but I wanted to figure out what it was first.

If my bank was using a 3rd party tracker that collects my data, those MF:ers deserved to be blocked. (And I need to find a new bank)

 

[SamirD]

If my bank was using a 3rd party tracker that collects my data, those MF:ers deserved to be blocked. (And I need to find a new bank)

Or you discontinue online banking services since they're a big target anyways...

 

[philb2]

Or you discontinue online banking services since they're a big target anyways...

Yeah, but that's so 20th century. My bank uses two factor authentication, with very short timeouts. Annoying, but I'm happy with that. And even though I use a password manager, I do not store any bank passwords there.

 

[SamirD]

Yeah, but that's so 20th century. My bank uses two factor authentication, with very short timeouts. Annoying, but I'm happy with that. And even though I use a password manager, I do not store any bank passwords there.

So were bank heists. Today, banks have lowered their responsibility and increased attack vectors. So your money is no longer safe unless you safeguard it. Just fyi from someone that knows more than I should about this stuff.

 

[Zarathustra[H]]

So were bank heists. Today, banks have lowered their responsibility and increased attack vectors. So your money is no longer safe unless you safeguard it. Just fyi from someone that knows more than I should about this stuff.

As long as it is a private account (not a business account) your money is always covered from loss via FDIC (or NCUA)

Avoiding online banking is a really draconian way to mitigate a minor risk.

Worst that is going to happen is that it will disappear from your account until you file a report, and then it will be back in a few days.

Not using your online accounts doesn't really even help protect you these days, as more and more exploits are hitting the upstream payment processors. You can literally have money stolen from an account you never even use.

The best advice I think is to never use debit cards (or the credit card function on your atm card) for payment.

At my previous bank the processor was hit, so I had money stolen via Mastercard charges from a bank account for which I had literally never used the card. It cam ein the envelope and I put it in my filing cabinet in my home office, and I still had fraudulent charges on it.

If possible request ATM only cards from your bank. (in other words an ATM card that is only an ATM card and cant be used for Mastercard or Visa purchases) Only pay with dedicated credit cards at stores or online. Credit card companies turn around fraud claims much quicker thank banks do, and you don't risk missing your mortgage payment because you are waiting for your balance to be restored. (Again, personal cards are covered, business cards are not)

 

[philb2]

Yes there is credit card fraud, but banks price that cost into their fee structure. When I have had fraudulent credit card charges, the bank always covers those charges but has to close the account and open up a new one. The waste of time to update online payees, that's the real cost.

 

[SamirD]

As long as it is a private account (not a business account) your money is always covered from loss via FDIC (or NCUA)

Avoiding online banking is a really draconian way to mitigate a minor risk.

Worst that is going to happen is that it will disappear from your account until you file a report, and then it will be back in a few days.

Not using your online accounts doesn't really even help protect you these days, as more and more exploits are hitting the upstream payment processors. You can literally have money stolen from an account you never even use.

The best advice I think is to never use debit cards (or the credit card function on your atm card) for payment.

At my previous bank the processor was hit, so I had money stolen via Mastercard charges from a bank account for which I had literally never used the card. It cam ein the envelope and I put it in my filing cabinet in my home office, and I still had fraudulent charges on it.

If possible request ATM only cards from your bank. (in other words an ATM card that is only an ATM card and cant be used for Mastercard or Visa purchases) Only pay with dedicated credit cards at stores or online. Credit card companies turn around fraud claims much quicker thank banks do, and you don't risk missing your mortgage payment because you are waiting for your balance to be restored. (Again, personal cards are covered, business cards are not)

That's incorrect. The revised 'account agreements' at most banks have so many loopholes by which they are not responsible it looks like swiss cheese. Just read through it.

The upstream CC theft is real as I've seen that before, but banks and the card brands have solid workflows for disputing such charges and getting money back, hence why CCs are recommended for purchases.

The best way to fight fraud imo is to lock down access on accounts you don't need access and only keep one or two 'exposed'. There's still enough of a nexus of damage if they are at the same bank, but it's better than nothing.

 

[philb2]

That's incorrect. The revised 'account agreements' at most banks have so many loopholes by which they are not responsible it looks like swiss cheese. Just read through it.

The upstream CC theft is real as I've seen that before, but banks and the card brands have solid workflows for disputing such charges and getting money back, hence why CCs are recommended for purchases.

The best way to fight fraud imo is to lock down access on accounts you don't need access and only keep one or two 'exposed'. There's still enough of a nexus of damage if they are at the same bank, but it's better than nothing.

And put a freeze on your credit reports with all 3 credit report companies. Pain in the ass if you need to apply for new credit, but totally worth it to thwart identify theft.

 

[SamirD]

And put a freeze on your credit reports with all 3 credit report companies. Pain in the ass if you need to apply for new credit, but totally worth it to thwart identify theft.

Oh, to thwart identity theft you have to go much, much further. But to lock down your bank accounts it's pretty simple--just don't trade security for convenience!

 

[philb2]

Oh, to thwart identity theft you have to go much, much further. But to lock down your bank accounts it's pretty simple--just don't trade security for convenience!

Of course. I'm also trying to get my name off identity broker sites. But if someone does steal my ID, at least they can't get credit or sign up for a loan.

The credit freeze has not affected my ability to download transaction data from my bank.

 

[MrGuvernment]

Sad how use customers keep getting the short end of the stick in all of this. When i explain to people stop saving creds and info n browsers, they give me the funniest look...then I tell them to follow Britton White on linked in...Even more fun is telling companies to not allow BYOD...and the excuses as to why they want to allow it to access company resources..../facepalm

 

[philb2]

.then I tell them to follow Britton White on linked in..

Which Britton White?

 

[MrGuvernment]

Which Britton White?

https://www.linkedin.com/in/britton-white-739b966/

following them for a little is a quick way to get one to stop saving any data in their browsers...and also why companies need to not allow BYOD devices access to their resources.

example
https://www.linkedin.com/posts/acti...g-?utm_source=share&utm_medium=member_desktop

 

[SamirD]

Sad how use customers keep getting the short end of the stick in all of this. When i explain to people stop saving creds and info n browsers, they give me the funniest look...then I tell them to follow Britton White on linked in...Even more fun is telling companies to not allow BYOD...and the excuses as to why they want to allow it to access company resources..../facepalm

Yeah, and it's even worse that companies want to keep your cc info 'on file' and then have data breeches. Between the now 2x wars out there, cyberwarfare going into overdrive with the new massive ddos attacks recently that dwarf previous ones, we're all speeding 'down the rails on a crazy train'

 

[SamirD]

https://www.linkedin.com/in/britton-white-739b966/

following them for a little is a quick way to get one to stop saving any data in their browsers...and also why companies need to not allow BYOD devices access to their resources.

example
https://www.linkedin.com/posts/acti...g-?utm_source=share&utm_medium=member_desktop

BYOD was always a recipe for disaster. When you have all your 'shields up' (mfa, etc) in theory it shouldn't matter, but the reality is that it just increases the amount of attack vectors by a order of magnitude and one exploit on your defenses is all it takes.

 

[MrGuvernment]

Yup, going through that battle with some co-workers on a project they are doing for a company, the CISO is trying to bend over back words for MS policies to allow a couple people to use their own BYOD because "we dont like the company devices" but then they want to make things more secure and have full control over all devices connecting to company resources.

It is easy, no BYOD, simple, policies block non-domain joined devices. If someone needs a specific device for their job, justify it, but if it is a "I want to use my Macbook to check company email" too bad, so sad.

 

[Zarathustra[H]]

Yeah, and it's even worse that companies want to keep your cc info 'on file' and then have data breeches. Between the now 2x wars out there, cyberwarfare going into overdrive with the new massive ddos attacks recently that dwarf previous ones, we're all speeding 'down the rails on a crazy train'

It's been pissing me off that Paypal wants to pre-authenticate me on all sites these days. I keep disabling it, but it always turns itself back on. it is infuriating.

I guess companies like Steam like it because it allows for in-app purchases without constantly needing to enter your username and password. Well I have never done an in-app purchase and never will do an in-app purchase and I would very much insist on entering my full username and password every time I make a purchase.

 

[Zarathustra[H]]

BYOD was always a recipe for disaster. When you have all your 'shields up' (mfa, etc) in theory it shouldn't matter, but the reality is that it just increases the amount of attack vectors by a order of magnitude and one exploit on your defenses is all it takes.

The client is always the weakest point. When you don't control the client machine, that amplifies by an order of magnitude.

 

[SamirD]

Yup, going through that battle with some co-workers on a project they are doing for a company, the CISO is trying to bend over back words for MS policies to allow a couple people to use their own BYOD because "we dont like the company devices" but then they want to make things more secure and have full control over all devices connecting to company resources.

It is easy, no BYOD, simple, policies block non-domain joined devices. If someone needs a specific device for their job, justify it, but if it is a "I want to use my Macbook to check company email" too bad, so sad.

Yeah, can't have it both ways for sure.

I think if a person wants a certain hardware, make the business case for it--'I am X amount more productive and can get Y work done faster'. Show the data and all that. Over $1000 it really shouldn't matter so long as the corporate image that is usually rolled out can boot and the hardware can get assimilated quickly enough into the ecosystem. Otherwise, if someone likes their choice of UI, hook up a kvm and kvm into your work equipment.

 

[SamirD]

It's been pissing me off that Paypal wants to pre-authenticate me on all sites these days. I keep disabling it, but it always turns itself back on. it is infuriating.

I guess companies like Steam like it because it allows for in-app purchases without constantly needing to enter your username and password. Well I have never done an in-app purchase and never will do an in-app purchase and I would very much insist on entering my full username and password every time I make a purchase.

Yeah, I hate these 'just one click purchase' systems. As I said in some other thread, but can't find the meme anymore:

"I will fire when I am goddamn good and ready--you got that?"

 

[SamirD]

The client is always the weakest point. When you don't control the client machine, that amplifies by an order of magnitude.

Yep, I try my best not to be that weakest point since I'm also the one that has to fix everything!