Post Reply 
has anyone using The Cloud WiFi experienced a malicious change to their bookmarks?
12-23-2015, 10:50 AM (This post was last modified: 12-23-2015 10:56 PM by StephenG1CMZ.)
Post: #1
has anyone using The Cloud WiFi experienced a malicious change to their bookmarks?
    Whilst using the Cloud to access the internet at a local shop, I noticed that my bookmark for the HP Prime site now has an Icon resembling a white cloud on a black background. I'm sure that whatever was there before it was not that.
Can anyone confirm the HP Prime site's icon shouldn't be a Cloud?

Has anyone else experienced a malicious change to their mobile configuration whilst using this UK WiFi service?

Stephen Lewkowicz (G1CMZ)
https://my.numworks.com/python/steveg1cmz
Visit this user's website Find all posts by this user
Quote this message in a reply
12-24-2015, 10:09 AM
Post: #2
RE: has anyone using The Cloud WiFi experienced a malicious change to their bookmarks?
This demonstrates that an http connection is at the mercy of all the intermediaries. Sadly, hp.com don't have an https version, which would have ensured that the data you get is the data they sent.

The only https area I could find is
https://h20564.www2.hp.com/hpsc/swd/publ...g=en&cc=uk

I don't know if visiting that would be enough to fix the icon. It might depend on datestamps - the fake icon might have a very recent datestamp.

Just possibly you could visit and bookmark a link such as the above, to get the proper icon, and then edit it to point to the page you actually wanted.

If you start your visit at http://hp.com or any other unencrypted place, all bets are off because every link you visit thereafter could have been messed with. Which is why it's such a terrible idea for the banks to have http sites which redirect to their https e-banking facilities - if the first page is vulnerable you may be directed elsewhere.
Find all posts by this user
Quote this message in a reply
12-24-2015, 10:38 AM
Post: #3
RE: has anyone using The Cloud WiFi experienced a malicious change to their bookmarks?
(12-24-2015 10:09 AM)EdS2 Wrote:  This demonstrates that an http connection is at the mercy of all the intermediaries. Sadly, hp.com don't have an https version, which would have ensured that the data you get is the data they sent.

The only https area I could find is
https://h20564.www2.hp.com/hpsc/swd/publ...g=en&cc=uk

I don't know if visiting that would be enough to fix the icon. It might depend on datestamps - the fake icon might have a very recent datestamp.

Just possibly you could visit and bookmark a link such as the above, to get the proper icon, and then edit it to point to the page you actually wanted.

If you start your visit at http://hp.com or any other unencrypted place, all bets are off because every link you visit thereafter could have been messed with. Which is why it's such a terrible idea for the banks to have http sites which redirect to their https e-banking facilities - if the first page is vulnerable you may be directed elsewhere.
The bookmark had been on my mobile for some time - so the original hp-to-mobile icon when i set up the bookmark was OK. Subsequently, the icon stored on my mobile/browser was changed, I believe.
Is it still safe to click that Icon?

Stephen Lewkowicz (G1CMZ)
https://my.numworks.com/python/steveg1cmz
Visit this user's website Find all posts by this user
Quote this message in a reply
12-24-2015, 12:05 PM (This post was last modified: 12-24-2015 12:05 PM by Marcus von Cube.)
Post: #4
RE: has anyone using The Cloud WiFi experienced a malicious change to their bookmarks?
(12-24-2015 10:38 AM)StephenG1CMZ Wrote:  The bookmark had been on my mobile for some time - so the original hp-to-mobile icon when i set up the bookmark was OK. Subsequently, the icon stored on my mobile/browser was changed, I believe.
Is it still safe to click that Icon?

Many public Wifi services work differently from what you know from home: Instead of securing the link layer with a pass phrase the networks are unencrypted but they redirect all http access to their login page where you enter the credentials. Only after the client is known to the network, web pages are displayed as usual. It looks like you had opened the link in question before this authentication step and now the cloud icon has replaced the original icon of your HP bookmark. Just go to the site again from the same bookmark and you should be done.

Marcus von Cube
Wehrheim, Germany
http://www.mvcsys.de
http://wp34s.sf.net
http://mvcsys.de/doc/basic-compare.html
Find all posts by this user
Quote this message in a reply
12-25-2015, 11:00 AM (This post was last modified: 12-25-2015 11:01 AM by EdS2.)
Post: #5
RE: has anyone using The Cloud WiFi experienced a malicious change to their bookmarks?
(12-24-2015 10:38 AM)StephenG1CMZ Wrote:  The bookmark had been on my mobile for some time - so the original hp-to-mobile icon when i set up the bookmark was OK. Subsequently, the icon stored on my mobile/browser was changed, I believe.
Is it still safe to click that Icon?
yes, it's safe. The bookmark hasn't changed. The icon was updated because the browser saw a new favicon.ico when you visited the site. You can probably fix the bookmark, or indeed it will probably be easier to delete and recreate it.

(Or, Marcus may well be right and it will fix itself when you next use the bookmark without an interstitial page from the wifi provider.)

(I have some javascript somewhere which forces a specific icon.)
Find all posts by this user
Quote this message in a reply
12-25-2015, 03:14 PM
Post: #6
RE: has anyone using The Cloud WiFi experienced a malicious change to their bookmarks?
(12-25-2015 11:00 AM)EdS2 Wrote:  
(12-24-2015 10:38 AM)StephenG1CMZ Wrote:  The bookmark had been on my mobile for some time - so the original hp-to-mobile icon when i set up the bookmark was OK. Subsequently, the icon stored on my mobile/browser was changed, I believe.
Is it still safe to click that Icon?
yes, it's safe. The bookmark hasn't changed. The icon was updated because the browser saw a new favicon.ico when you visited the site. You can probably fix the bookmark, or indeed it will probably be easier to delete and recreate it.

(Or, Marcus may well be right and it will fix itself when you next use the bookmark without an interstitial page from the wifi provider.)

(I have some javascript somewhere which forces a specific icon.)
Thank you for that reassurance. The bookmark icon did not fix itself accessing the site using 3G/4G - I haven't tried on WiFi. I hadn't deleted it in case I needed to see what nasties might be in the file - but without inspecting the file contents all looks OK, except that if I had given anyone instructions to click on such-and-such icon to do something important, they'd now have bought a new phone.

Stephen Lewkowicz (G1CMZ)
https://my.numworks.com/python/steveg1cmz
Visit this user's website Find all posts by this user
Quote this message in a reply
12-26-2015, 11:49 AM
Post: #7
RE: has anyone using The Cloud WiFi experienced a malicious change to their bookmarks?
Just for future reference, this is the icon-fixing bookmarklet I've used in the past. Easiest way to use this is to make a new bookmark of any site, then edit it and past in this as a one-liner. Adjust the domain name from stackoverflow.com to whichever domain you want to fix. Then, visit the site with the broken icon, and from that page visit the new bookmark you just made. It should fixup the icon.

Code:
javascript:(function() {
    var link = document.createElement('link');
    link.type = 'image/x-icon';
    link.rel = 'shortcut icon';
    link.href = 'http://www.stackoverflow.com/favicon.ico';
    document.getElementsByTagName('head')[0].appendChild(link);
}());
Find all posts by this user
Quote this message in a reply
Post Reply 




User(s) browsing this thread: 2 Guest(s)