Nothing in this article explained how this advertising could actually be dangerous. It "collects the IP address and user agent string." Is there something serious or not?
From what I understood from the reading, this could be an example of XSS (cross-site scripting): we "trust" a site, but there are other connections towards other ones, potentially malicious. So, weather(dot)com could have been compromised and should need to run some checks.
When you customer base is 100m+, that's potentially affecting a lot of people. It's very likely most of their users are not very technically literate, so these kinds of attacks are very performant.
"Only 0.1% of our profit comes from pureeing children into profit!" isn't a defense.
Install adblockers to universally block advertising networks--even on sites you would otherwise trust and like to support--and encourage all your friends and loved ones to do the same, especially if they're less technically literate.
I didn’t think The Weather Channel was available outside the US. I’m sure they’ll give you a forecast on weather.com but the company is American based.
The folks behind weather.com are actively trying to kill weather.gov through lobbying and other campaigns. Folks need to be made aware that their tax dollars are already being spent on top-notch science tools by folks with a vested interested in their safety.
They almost got their dream leader of NOAA when Trump appointed the head of AccuWeather, Barry Meyers, to lead NOAA. He withdrew his nomination for health reasons, but believes the government shouldn't provide any type of direct forecasts to the public. Michael Lewis has a good write up of this in his book The Fifth Risk.
The article has no citations to back it the claims. It states "researchers also believe that this malware is being used by an organized crime ring either to prepare for an enormous future attack on targeted users, or to sell collected information on the dark web" with no attribution. Nor is it obvious how battery condition or orientation would be any use to attackers or purchasers.
Seems like it could be reproduced easily by a typical HN reader. “Fetch a site a thousand times and check the served JavaScript for weirdness” isn’t exactly a high bar. Defining weirdness is the secret sauce for sure, though!
Battery condition and orientation are useful for fingerprinting devices, alongside the more commonly-known canvas attacks.
Your battery status and orientation aren't going to be useful for tracking you in a "future attack on targeted users", since by then both would have completely changed.
There’s the actual NOAA page for your area which is lightweight and increadibly information dense, IMO it’s what other weather websites can measure themselves against it’s pretty awesome!
Also: curl wttr.in (I guess hackernews night nock that over heh, it seems like it’s been struggling lately.)
Mobile and desktop (it auto-adjusts), visit https://forecast.weather.gov/ for a nice NOAA experience. I've even had a great email experience reporting a data population error, the local-to-me team replied within hours and had it fixed up.
Wunderground (weather underground) used to be an amazing resource before the "Web 2.0" redesign. You could still access it as "classic.wunderground.com" for many years right up until IBM bought them and they finally turned it off in ~2016. There are still screenshots of it floating around. It looks like crap, very 1999 web design but it was organically built and curated for ~15 years and quite functional compared to what they have now. Also significantly faster IIRC.
Commercial online weather sites have really gone downhill since wunderground classic. I have yet to see a comparable info-dense site since.
> Last year, a single malvertising campaign reached 100 million users, and there’s no reason attackers would pay for all that exposure unless some fish were biting.
But there is.
For example, an entity could have sold the malware to a rube. They would do this by using the same "bullet proof" logic: why would they be selling a tool that can hit 100 million users unless some fish will bite?
A meteorologist colleague informed me of https://www.yr.no/ and it has a version in English. It is what I usually use along with weather.gov. Their short and long-term World-Wide ECMWF forecasts are really nice as are the meteorograms. Yeah dump weather.com.
I did not know that about Jeff. I don't have the reference on my fingertips, but it is an interesting read about how Jeff and co-founders started wunderground.com. These guys were early internet pioneers and played a role in the web as we know it today.
Oh man, I was using yr.no when I was in Norway, but didn't realize it had global coverage. In particular they have a really neat graph of hyper-local precip probability over the next 90 minutes, which is really handy when hiking in Norway :)
"if a user stumbles upon a webpage that has a compromised third-party library, the malware runs checks.
These checks consist of who the user agent is, the type of device they are operating on, the level of battery it has, and the device’s motion and orientation. After these checks are verified, the malware will connect the infected device to a remoter peer prior to transferring the device’s IP address"
This statement is written to make it seem like like something bad is happening. But read the statement -- it's total BS.
I wondered the same, I made a mental note to check out this supposed feature. But now that you've asked this question and since the author was just peddling unsubstantiated hyperbolic horseshit in the 2nd half of the article, I'm guessing there's no such Wireshark feature.
I can save you the trouble. There is no such feature. Using Wireshark FOR advanced malware analysis is a thing, but it has no special feature built in with that name.
It's almost like the author was given some short hand notes and wrote them up wrong.
We use Wireshark day in, day out at my work place and many of us picked up on that statement.
weather.com was already collecting and marketing an obscene amount of user data as anyway. That's what drove me to stop using it a while back. Wunderground is in the same group.
This is US-specific, but what I use now is the National Weather Service's website. It's actually really excellent. https://www.weather.gov/
53 comments
[ 3.3 ms ] story [ 27.5 ms ] threadweather.com uses an ad provider who gives them a malicious ad .1% of the time.
"Only 0.1% of our profit comes from pureeing children into profit!" isn't a defense.
Install adblockers to universally block advertising networks--even on sites you would otherwise trust and like to support--and encourage all your friends and loved ones to do the same, especially if they're less technically literate.
Battery condition and orientation are useful for fingerprinting devices, alongside the more commonly-known canvas attacks.
Your battery status may be used to track you online, 98 comments (2016) https://news.ycombinator.com/item?id=12208880
You're assuming that they must, in the future, again identify you: that is not at all necessary for e.g. spear phishing, blackmail, or other attacks.
"So anyone who has visited weather.com from a mobile device in the past few months is now vulnerable to future malicious activity down the road."
Also: curl wttr.in (I guess hackernews night nock that over heh, it seems like it’s been struggling lately.)
Commercial online weather sites have really gone downhill since wunderground classic. I have yet to see a comparable info-dense site since.
Or at least the page for my market is. https://www.spaghettimodels.com/cities/orlando.htm
Also, practical advice: use an ad/content blocker.
But there is.
For example, an entity could have sold the malware to a rube. They would do this by using the same "bullet proof" logic: why would they be selling a tool that can hit 100 million users unless some fish will bite?
Edit: Ohh and one more: Jeff Masters and his crew at Weather Underground (wunderground.com). For example another nice meteorogram: https://www.wunderground.com/forecast/us/co/boulder/KCOBOULD...
"if a user stumbles upon a webpage that has a compromised third-party library, the malware runs checks. These checks consist of who the user agent is, the type of device they are operating on, the level of battery it has, and the device’s motion and orientation. After these checks are verified, the malware will connect the infected device to a remoter peer prior to transferring the device’s IP address"
This statement is written to make it seem like like something bad is happening. But read the statement -- it's total BS.
Is this some feature of Wireshark I've never come across, or does the author not know what they're talking about?
It's almost like the author was given some short hand notes and wrote them up wrong.
We use Wireshark day in, day out at my work place and many of us picked up on that statement.
This is US-specific, but what I use now is the National Weather Service's website. It's actually really excellent. https://www.weather.gov/
[1] - https://www.weather.gov/