What is Reblaze - a phisher? Virus?

[OneWorld]

I am using the internet and click on various links (In Gumtree in this instance) and I get a full page saying Reblaze - human verification taking place and 'click here' which of course I will not do.

Does anyone know what Reblaze is, I have searched on the internet but I am none the wiser

[Eddy Deegan]

Reblaze is a suite of bundled capabilities collectively designed to protect a network (such as one hosting a website and its related backend platforms) from things like DDOS attacks and people trying to abuse APIs. Amongst other things it also integrates with CDNs and analyses the behaviour of users to verify that they are human as opposed to bots ... that kind of shizzle.

It's a genuine thing although, of course, one probably cannot say that about every page that claims to be it.

"If in doubt, don't click" is generally a good strategy for anything online.

[Wonks]

You obviously didn't use the right words when searching.

My first hit: https://www.reblaze.com/

[OneWorld]

You obviously didn't use the right words when searching.

My first hit: https://www.reblaze.com/

????????? - i searched on reblaze, and was taken to www.reblaze.com, which looks like a legit and professionally designed site, but the page that appears on GumTree is so basic looking, it just seems phishy

Could it be that Gumtree has been hacked and suffered a DoS attack

Here the page that comes up in Gumtree

https://www.gumtree.com/search?search_c ... nce=0.0001

[Wonks]

I don't see anything. I expect my ad blocker is getting rid of it.

[Wonks]

They (Reblaze) do indicate eBay use them, and Gumtree was owned by eBay until mid-2022 when Gumtree was sold off, so it could be some legacy stuff that's still around (if Gumtree now no longer use Reblaze).

Or it could have been a bad website setting that may now be fixed.

[OneWorld]

They (Reblaze) do indicate eBay use them, and Gumtree was owned by eBay until mid-2022 when Gumtree was sold off, so it could be some legacy stuff that's still around (if Gumtree now no longer use Reblaze).

Or it could have been a bad website setting that may now be fixed.

Thanks for the info, I won't be clicking anything just to be on the safe side. It seems odd, I have never seen that page before

[OneWorld]

They (Reblaze) do indicate eBay use them, and Gumtree was owned by eBay until mid-2022 when Gumtree was sold off, so it could be some legacy stuff that's still around (if Gumtree now no longer use Reblaze).

Or it could have been a bad website setting that may now be fixed.

Thanks for the info, I won't be clicking anything just to be on the safe side. It seems odd, I have never seen that page before

Just checked again, seems to be working ok now

[OneWorld]

Just picked up a little tip regarding logins.

It seems a phishing attempt can be recognised by a browser in browser screen.

More and more, when I log in anywhere, I get a poopup, "Login With Google" I don't know why Google is becoming so all pervasive, but that's another issue.

If you get that popup, resize the browser screen so it isn't full screen, attempt to drag the popup out of the main screen, to a different part of the desktop.

If the popup does not leave the browser window - it's a phisher.

I never bother using the "Use Google <<or whatever eg FaceBook etc>> login. I use a password manager, it's called my brain box and it has a fairly reliable memory module.

I think it sets a dangerous precedent using the "Log In With Your Google Account" it means we get in the habit of using one password for all sites we log in to - no way am I doing that!

[sonics]

If the popup does not leave the browser window - it's a phisher.

So what stops a coder programming that type of window?

I think it sets a dangerous precedent using the "Log In With Your Google Account" it means we get in the habit of using one password for all sites we log in to - no way am I doing that!

2FA with a strong password which in turn accesses a saved list of strong passwords is much safer than anything the average human brain can remember.

[OneWorld]

If the popup does not leave the browser window - it's a phisher.

So what stops a coder programming that type of window?

I think it sets a dangerous precedent using the "Log In With Your Google Account" it means we get in the habit of using one password for all sites we log in to - no way am I doing that!

2FA with a strong password which in turn accesses a saved list of strong passwords is much safer than anything the average human brain can remember.

What stops a coder doing the same? I haven’t coded such a site but at firs5 glance I would say that a scammed website, which is a page produced by the scammer, and any webpage is easy enough to copy (visually, not functionally) and the pop up is just a page in a page. However the legitimate pop up is essentially a page that is a separate entity that goes outwith the main site to the legitimate login site. Yes a coder could emulate such a process, but the pop up wouldn’t go to the right place

You mention “The average human brain can remember…” how do you know my brain is average or that I don’t use another process? Which I keep to myself

[BWC]

The fewer the number of things that you need to keep secret about your security, the stronger your security is. Another vote for a good PW manager here, though I wouldn't be comfortable using Google to login to everything or using any browser's built-in PW manager.

[sonics]

You mention “The average human brain can remember…” how do you know my brain is average or that I don’t use another process? Which I keep to myself

?? I did not say that you had an average brain, but sincerely hope that you use "another process" that involves a computer.

A computer can out-calculate any human brain with ease and therefore using that computing potential to increase your security is the smart thing to do.

...using any browser's built-in PW manager.

One reason that browser password managers with a strong master password are a great idea is that they are stored locally.

[OneWorld]

You mention “The average human brain can remember…” how do you know my brain is average or that I don’t use another process? Which I keep to myself

?? I did not say that you had an average brain, but sincerely hope that you use "another process" that involves a computer

Happen…..there again happen not

A computer can out-calculate any human brain with ease and therefore using that computing potential to increase your security is the smart thing to do.

nope, depends what kind of calculation it is, computers have difficulty with novel unforeseen circumstance…….”Computer says ‘no’ “ Computers are very good at doing things we’ve done before, yes there is an element of learning, by way of machine learning but it is very good when operating in a restricted domain, the Universe of Discourse, outwith that, the performance deteriorates or even becomes useless. The calculating is context dependent. As of course it is with human calculating. However human calculating has the edge on creative calculating

...using any browser's built-in PW manager.

One reason that browser password managers with a strong master password are a great idea is that they are stored locally.

The passwords stored in my head are stored locally too!

[BWC]

...using any browser's built-in PW manager.

One reason that browser password managers with a strong master password are a great idea is that they are stored locally.

Third party managers usually offer export for local backup. Beyond that, I don't see any advantage to having them stored locally. They may well be fine by now, but I still don't trust browsers for this. I'd rather it be the focus of the provider, rather than one feature among many.

I wish I could tell you just how strong my master password strategy is, but that's the one thing that I have to keep secret.

[BWC]

A computer can out-calculate any human brain with ease and therefore using that computing potential to increase your security is the smart thing to do.

nope, depends what kind of calculation it is, computers have difficulty with novel unforeseen circumstance…….”Computer says ‘no’ “ Computers are very good at doing things we’ve done before, yes there is an element of learning, by way of machine learning but it is very good when operating in a restricted domain, the Universe of Discourse, outwith that, the performance deteriorates or even becomes useless. The calculating is context dependent. As of course it is with human calculating. However human calculating has the edge on creative calculating

Yes, but in this case, the computer can easily outperform us. This is the sort of thing they do really well (assuming that the humans that programmed them didn't screw up too much).

[adrian_k]

Third party managers usually offer export for local backup. Beyond that, I don't see any advantage to having them stored locally. They may well be fine by now, but I still don't trust browsers for this. I'd rather it be the focus of the provider, rather than one feature among many.

I wish I could tell you just how strong my master password strategy is, but that's the one thing that I have to keep secret.

Mind you third party managers are not infallible: https://www.theverge.com/2022/12/22/235 ... lt-hackers

I use a local encrypted password store, either way, strong master password is the way to go.

[OneWorld]

...using any browser's built-in PW manager.

One reason that browser password managers with a strong master password are a great idea is that they are stored locally.

Third party managers usually offer export for local backup. Beyond that, I don't see any advantage to having them stored locally. They may well be fine by now, but I still don't trust browsers for this. I'd rather it be the focus of the provider, rather than one feature among many.

I wish I could tell you just how strong my master password strategy is, but that's the one thing that I have to keep secret.

".......... They may well be fine by now, but I still don't trust browsers for this.........."

Me neither. I like the flexibility of browsers and I customised and config'd mine to great extent, becoming almost totally reliant upon it. Then one day last week the browser decided to have a wobble and usually when this happens I close it down and started it up and usually I am back to where I was immediately before the wobble. Not this time though, the browser opened an it had been wound back to day 1 when first installed.

Fortunately I had made a backup (Thanks again Macrium)of the whole browser folder, but the backup was somewhat outdated, I only got back about 75% of what I had lost.

But yet again it raised the question to myself - why and how the blo*dy hell don't browser creators have a button saying "BACKUP" OK I know you can backup/export bookmarks etc and I have done that in the past but they don't always restore properly.

Trust browsers? no, no and thrice no

This past week I

[BWC]

Mind you third party managers are not infallible:
https://www.theverge.com/2022/12/22/235 ... lt-hackers

What is?

I use a local encrypted password store, either way, strong master password is the way to go.

Yep, even if the vault is stolen, it's useless to the thief if your master password is strong enough.

[BWC]

Then one day last week the browser decided to have a wobble...

Sorry to hear that. It sure is a great example of why not to use the browser's PW manager. Sometimes, ...separate tools for separate tasks.