krebsonsecurity as malware domain

I’ve switched Chrome ad blockers to µBlock, which claims to be lighter weight than AdBlock and AdBlockPlus. Also the author is a slightly cranky open source guy who refuses to even take donations, and I like that. So far my only complaint is a few pages don’t load well and a couple of ecommerce things failed unless I disabled it.

Just tracked down one failure: http://krebsonsecurity.com/2014/10/chip-pin-vs-chip-signature/ displays as plain text, no CSS or Javascript or anything. Turns out the entire krebsonsecurity.com domain is blocked by the “domainsonly” list from DNS-BH Malware Domains. Which is sort of hilarious given Krebs’ work publishing about malware. I can’t tell if that’s a bug in the list, that Krebs was actually compromised at some point, or if it’s just some pissing match between security nerds. I think the last explanation is most likely, Krebs is often the focus of strong opinions. If so that’s stupid and annoying though; these black hole lists should only be applied very sparingly. FWIW the ban goes back to 2010.

µBlock’s tools for understanding stuff aren’t bad. If you right click the icon and choose “Options”, there’s a “Statistics” tab where you can reload a page and see what was blocked and by which rules. It doesn’t show which ruleset contains the rule though, so you have to hunt for that.

I think it’s hilarious that Chrome’s New Tab page blocks 3 requests, all matching the rule google.*/gen_204?. Tracking images? The new tab page loads like 15 other resources from Google that are allowed.

Update: the Krebs list was commented out with a datestamp of 2014-10-29, two days before I wrote this blog post.