Avast WEBforum

Other => General Topics => Topic started by: CharleyO on December 15, 2009, 08:04:32 PM

Title: SECURITY WARNINGS & Notices - Please post them here
Post by: CharleyO on December 15, 2009, 08:04:32 PM
***

It was suggested that we needed these all in one thread. So, I have created this thread for that use and hope that all will use this thread to post the security warnings on this forum.

Here is a link to the posting that prompted this thread.

http://forum.avast.com/index.php?topic=52250.msg442193#msg442193


***
Title: Re: Security Warning Notices - Please post them here
Post by: scythe944 on December 15, 2009, 08:11:26 PM
Now we just need a mod to make it a sticky, and we'll be set!
Title: Re: Security Warning Notices - Please post them here
Post by: DavidR on December 15, 2009, 08:37:48 PM
If everyone placed the security warnings in here it wouldn't need to be sticky as the activity would keep it high, as is seen with the >> Updates << topic.

I have an aversion for stickies, almost as severe as for toolbars ;D
Title: Re: Security Warning Notices - Please post them here
Post by: logos on December 15, 2009, 08:40:59 PM
I for one wouldn't mind a sticky for this thread here  ;) such a thread is obviously needed and..and thanks to the OP for starting it  :)
Title: Re: Security Warning Notices - Please post them here
Post by: YoKenny on December 15, 2009, 09:09:30 PM
How do you tell if a topic is a sticky?

It sure is easy in Malwarebytes forum:
http://www.malwarebytes.org/forums/index.php?showforum=11

@ DavidR

+1
Title: Re: Security Warning Notices - Please post them here
Post by: logos on December 15, 2009, 09:13:10 PM
How do you tell if a topic is a sticky?

like that  ;D
Title: Re: Security Warning Notices - Please post them here
Post by: bob3160 on December 16, 2009, 01:07:41 AM
I for one wouldn't mind a sticky for this thread here  ;) such a thread is obviously needed and..and thanks to the OP for starting it  :)
Sticky isn't needed since this will rise to the top each time an entry is posted which is the same criteria with many other frequent Threads. :)
( missed Davids post. :) )
Title: Re: Security Warning Notices - Please post them here
Post by: scythe944 on December 16, 2009, 07:02:30 PM
i got it, i got it!  ;D

nevermind the sticky subject...
Title: Re: Security Warning Notices - Please post them here
Post by: Pondus on December 17, 2009, 07:12:16 PM
Rogue antivirus lurks behind Google Doodle searches
http://www.networkworld.com/news/2009/121609-rogue-antivirus-lurks-behind-google.html?t51hb



Five things you need to know about social engineering
The more victims who click links and install the bad guy's software, the more money the criminals make
http://www.pcworld.idg.com.au/article/330130/five_things_need_know_about_social_engineering?fp=4&fpid=776400
Title: Re: Security Warning Notices - Please post them here
Post by: DavidR on December 17, 2009, 08:32:50 PM
A lot of malware lurks in google searches, some even have the brass neck to pay for search placement on specific search words/terms or have sponsored links. Google really need to be more proactive in rooting out the possibly malicious/fraudulent sponsored links or search placement.
Title: Re: Security Warning Notices - Please post them here
Post by: Tarq57 on December 17, 2009, 11:21:43 PM
A lot of malware lurks in google searches, some even have the brass neck to pay for search placement on specific search words/terms or have sponsored links. Google really need to be more proactive in rooting out the possibly malicious/fraudulent sponsored links or search placement.
+1.
I use a hosts file, and SpywareBlaster. (Yeah, belts and braces, I know...).
If I'm careless enough to click on any of those Google sponsored results that rise to the top like a pale yellow scum, about 9 times out of 10 my browser can not connect to the site.
Fine by me.
Title: Re: Security Warning Notices - Please post them here
Post by: logos on December 17, 2009, 11:34:32 PM
Google sponsored results  ??? what's that  ??? >>>>>>>>>>>>>>>>> http://adblockplus.org/en/  ;D (or "adthwart" in Chrome)
Title: Re: Security Warning Notices - Please post them here
Post by: DavidR on December 17, 2009, 11:39:36 PM
Well there is always the CustomizeGoogle add-on which I use and I never see sponsored ads anyway, my comment was one of caution for others considering the sponsored links.
Title: Re: Security Warning Notices - Please post them here
Post by: logos on December 17, 2009, 11:52:21 PM
yeah I got CustomizeGoogle  as well with ads blocked wherever it's possible. I never mention it because it's set once for all, and I forget about it, while abp allows to block more than what's on the EasyLists, on demand. It's just that ABP has more visibility during the browsing. Sorry for the off topic  ;)
Title: Re: Security Warning Notices - Please post them here
Post by: Alan|Cvette on December 18, 2009, 12:06:19 AM
Just made a topic about this, but thought I would post here too anyway.

Modern Warfare 2 servers hacked, Trojan's inserted.
http://www.infinityward.com/forum/viewtopic.php?f=24&t=181646 (http://www.infinityward.com/forum/viewtopic.php?f=24&t=181646)

Title: Re: Security Warning Notices - Please post them here
Post by: polonus on December 18, 2009, 03:42:49 PM
Hi you malware fighters and posters of this thread,

Well, add this link and read the bottom posting there please?
http://forum.avast.com/index.php?topic=52349.msg443049#msg443049

and then add this one as well as a Security Warning:
http://forum.avast.com/index.php?topic=52310.msg442762#msg442762

pol
Title: Re: Security Warning Notices - Please post them here
Post by: polonus on December 18, 2009, 04:13:58 PM
SSL-servers targeted by botherders
To-day by polonus
Comments and reactions:

Not only Windows desktops are targeted by botnet herders that want to enlarge their botnets, also more and more they will target FTP, SSL and webservers to be taken over. The hijacked or hacked servers will then often function as malcode database or are being used to forward spam. According to Finnish av vendor F-Secure  FTP servers are the favorite hack target for cybercriminals. "We also saw that where SSL-servers were being abused. Sites with a valid SSL-certificate become hacked and then abused for drive-by downloads", according to reasearcher Mikko Hypponen.

Through running a drive-by download via a HTTPS-connection some proxy and gateway scanners cannot scan for malware. "Then it is easier to break into servers", says Hypponen. Then server botnets are being formed out of these hacked servers, functioning as a form of sub-botnets. "We now see server botnets. An interesting feature is that these interconnected server botnet is herded by one individual", says Shadowserver Foundation's  DiMino. Servers are to facilitate botnet extension and expansion.

Server-bots
In the mean time we spotted specific server-bots to use PHP and Perl to change servers into realtime spam machines. "The benefit there is the enormous amount of bandwidth and power to maximize the amount of spam sent." According to security expert Marc Maiffret botherserd are recruiting attackers that are experienced server hackers. Maiffret expects legit websites to be the main target for webattacks in 2010 and beyond:
http://www.darkreading.com/vulnerability_management/security/app-security/showArticle.jhtml;jsessionid=4RTX0GD0KT3ILQE1GHPSKHWATMY32JVN?articleID=222002433

pol

P.S. If these malserver bots perform a man in the middle attack you can forget SSL security alltogether,

D
Title: Re: Security Warning Notices - Please post them here
Post by: bob3160 on December 18, 2009, 05:39:05 PM
Unless something is seriously done about all these drive by attacks,
the internet as we know it will soon cease to exist.  :'(
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: CharleyO on December 19, 2009, 07:28:42 AM
***

Misplaced security warning notice :

http://forum.avast.com/index.php?topic=52307.msg442708#msg442708


***
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: CharleyO on December 19, 2009, 07:30:38 AM
***

Another misplaced security warning :

http://forum.avast.com/index.php?topic=52349.msg443049#msg443049


***
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: Pondus on December 19, 2009, 03:08:52 PM
China cages game Trojan hackers
(Go directly to jail, do not collect any gold)
http://www.theregister.co.uk/2009/12/17/china_jails_game_trojan_vxers/
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: Pondus on December 19, 2009, 03:10:45 PM
Film review site hacked to spew malicious PDFs

Quote
Hackers on Thursday exploited a vulnerability on Ain't It Cool News that redirected anyone visiting the movie review site to a server containing a malicious Adobe Reader file.

http://www.theregister.co.uk/2009/12/18/aintitcool_malware_attack/
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: polonus on December 19, 2009, 07:33:52 PM
Hi malware fighters,

Last week av vendor CA revealed the detection of a botnet inside Amazon's EC2 cloud:
http://community.ca.com/blogs/securityadvisor/archive/2009/12/09/zeus-in-the-cloud.aspx  & http://blogs.zdnet.com/security/?p=5110

But according to Scan Safe's Mary Landesman it already existed for a couple of years.

 "In spite of recent messages distributing malware through  Amazon's cloudservices is not a new phenomenon. It has been happening since June last where Amazon's S3 service is concerned and since February 2008 takes place at Amazon's EC2 service", reports Landesman. This totaled up during the  last three years to 80 unique malware incidents where Amazon was concerned. 22 incidents took place during 2007, 13 during 2008 and 45 were seen this year. Re: http://blog.scansafe.com/journal/2009/12/17/amazon-cloud-has-rained-malware-before.html

"It is no guarantee for a safe malcode location." Therefore links to the Amazon cloud should be treated extra carefully, just like links to other sources. On the other hand "cloud malware" can be easily halted as Amazon will not treat this lightly, allthough they were rather lax in removing it,


polonus
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: polonus on December 19, 2009, 08:26:31 PM
Hi CharleyO and all the other malware fighters,

The zero-day hole in Adobe Reader and Acrobat will not earlier be patched as the next patch round within three weeks' time (that is in the new year) and hackers now abuse it actively to infect systems.
An out-of-band patch for this critical hole would have a negative impact, according to Adobe's Brad Arkin....

You can be protected here, for Adobe recommends customers follow the mitigation guidance below, utilizing the Adobe Reader and Acrobat JavaScript Blacklist Framework, until a patch is available.

Windows: For end-users on Windows, download the compressed file from here: http://download.macromedia.com/pub/acrobat/updates/APSA09-07_C_Reg_Keys.zip
, and double-click on the appropriate registry setting, based on your version of Reader or Acrobat, to populate the JavaScript Blacklist Framework. Adobe will automatically reset the value during the next update.

http://kb2.adobe.com/cps/532/cpsid_53237.html

polonus
Title: Re: Security Warning Notices - Please post them here
Post by: Alan|Cvette on December 19, 2009, 08:37:09 PM
Unless something is seriously done about all these drive by attacks,
the internet as we know it will soon cease to exist.  :'(

*nods*   :-\

Don't you think it would be a neat idea, to have anti-virus "bots" with different scan engines running around the internet scanning every website it comes across, and then saving the information and location of the suspicious site. Until Bot 2 with a different engine comes around and confirms what Bot 1 found.

/End day dreaming.

Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: polonus on December 19, 2009, 08:58:21 PM
Hi Alan|Cvette,

We already have that aboard - the avast webshield is protecting you, and FlashGotters and NoScripters of all lands have been protected against previous, present and future threats from the day FG and NS came around and with Request Policy extensions to top it off, I will browse my Fx or Flock browser with full confidence. And if NS extension would come to Chrome or SRWare's Iron I would use that browser for the additional built in tab "sandbox" security that now has landed also in Firefox 3.7 Minefield. So there is still hope for you and your dream has already been realized, you just have to install it, and then the people of Shadowserver Foundation are working your dream every day: http://www.shadowserver.org/wiki/

I wish you Merry Christmas and a Happy NewYear,

pol
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: Alan|Cvette on December 19, 2009, 09:07:04 PM
Hi Alan|Cvette,

We already have that aboard - the avast webshield is protecting you, and FlashGotters and NoScripters of all lands have been protected against previous, present and future threats from the day FG and NS came around and with Request Policy extensions to top it off, I will browse my Fx or Flock browser with full confidence. And if NS extension would come to Chrome or SRWare's Iron I would use that browser for the additional built in tab "sandbox" security that now has landed also in Firefox 3.7 Minefield. So there is still hope for you and your dream has already been realized, you just have to install it, and then the people of Shadowserver Foundation are working your dream every day: http://www.shadowserver.org/wiki/

I wish you Merry Christmas and a Happy NewYear, pol

I always have my "light bulb" moment a few years too late ;D hahaha. I sure do love Firefox though:

Adblock+
BetterPrivacy
Browser Defender
CS Lite
Finjan
Ghostery
Lastpass
NoScript
WOT

I feel naked browsing in IE without those, IEtab is nice too so I don't have to switch if a website requests I use IE.

I only wish Avast!'s sandboxing would work with my Firefox  :-[
---

Iron is pretty cool, I never really use it or Chrome that much though. I'm trying out Google Frame right now which is basically Chrome's best features in Internet Explorer.

Merry Christmas pol!
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: Omega40 on December 19, 2009, 09:20:44 PM
Interesting read:
http://en.wikipedia.org/wiki/Honeypot_%28computing%29
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: Omid Farhang on December 19, 2009, 09:23:36 PM
Data Doctor 2010 will make you sick (http://boelectronic.blogspot.com/2009/12/data-doctor-2010-will-make-you-sick.html)

Data Doctor 2010 (http://sites.google.com/site/boelectronic/computer/malware/list-of-common-malwares/data-doctor-2010), an encryption trojan via our old "friends" iframedollars. It encrypts the files on your hard drive very rapidly if you’re unfortunate enough to be victimized by it.
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: Omid Farhang on December 22, 2009, 03:25:39 PM
Facebook is getting worse everyday!! God Damn Koobface!!

Take care about what you are seeing in facebook, what you click on and what you do, The Koobface worm is growing too fast and I've seen most of my friends are hacked by this nasty worm and their account is sending malware links to their friends via comment on their wall, private message or chat.

1. More Info: http://boelectronic.blogspot.com/2009/12/facebook-money-mule-or-credit-card.html
2. More Info: http://boelectronic.blogspot.com/2009/12/check-your-friends-facebook-ims-may.html
3. Clicking on the links in my own test (I did in my test machine, I'm not infected!) redirected to... (Screenshot and info in the follow link): http://boelectronic.blogspot.com/2009/12/oh-oh-oh-santa-delivering-fakeav.html

(posts in my blog are collected from other companies blogs).
[I posted that Koobface Sample to avast!, hope avast! detect it soon]
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: logos on December 22, 2009, 03:52:54 PM
definitely staying away from Facebook, I hate it anyway  ;D thanks for the heads up  ;)...I'll let my friends using it regularly know about the risks, again.
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: Omega40 on December 22, 2009, 06:57:52 PM
I dropped Facebook as soon as they messed with my privacy settings.  >:(
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: nmb on December 22, 2009, 07:00:38 PM
Facebook user with no problems what so ever.

I have changed all the settings to best suit me and will not accept any application requests. nor do I upload any pictures in any social networking sites.

I don't have any problems using fb.

nmb
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: YoKenny on December 23, 2009, 12:18:54 AM
Facebook user with no problems what so ever.

I have changed all the settings to best suit me and will not accept any application requests. nor do I upload any pictures in any social networking sites.

I don't have any problems using fb.

nmb

+1

Become a Fan on Facebook:
http://www.malwarebytes.org/forums/index.php?showtopic=16409

Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: nmb on December 23, 2009, 06:55:03 AM
Become a Fan on Facebook:
http://www.malwarebytes.org/forums/index.php?showtopic=16409

I'm already.

nmb
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: Omega40 on December 23, 2009, 07:12:52 AM
Become a Fan on Facebook:
http://www.malwarebytes.org/forums/index.php?showtopic=16409

I'm already.

nmb
Don't  do Facebook...doesn't MBAM have a Twitter account?
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: YoKenny on December 23, 2009, 07:16:01 AM
Become a Fan on Facebook:
http://www.malwarebytes.org/forums/index.php?showtopic=16409

I'm already.

nmb
Don't  do Facebook...doesn't MBAM have a Twitter account?
Follow us on Twitter!
http://www.malwarebytes.org/forums/index.php?showtopic=16338
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: Omega40 on December 23, 2009, 07:53:57 AM
Thank you, YK.  ;)
Title: Live.com Exploited as Pharma-Fraud Cover
Post by: logos on December 24, 2009, 10:45:38 AM
Quote
Pharma link spammers invade Live Space
http://www.theregister.co.uk/2009/12/23/link_spammers_hit_live_space/


Quote
Live.com Exploited as Pharma-Fraud Cover
http://threatcenter.blogspot.com/2009/12/livecom-exploited-as-pharma-fraud-cover.html
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: Pondus on December 24, 2009, 02:41:01 PM
From Norman Security

Summing up 2009 - predictions for the year to come
http://www.norman.com/security_center/security_center_archive/2009/74565/en
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: CharleyO on December 24, 2009, 07:20:06 PM
***

Misplaced warning :

http://forum.avast.com/index.php?topic=52529.0


***
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: polonus on December 27, 2009, 01:39:14 AM
Hi malware fighters,

Latest software of adservers vulnerable: http://forum.openx.org/index.php?showtopic=503454011
8 million vunerable Flash-ads can be googled up: http://www.google.com/search?hl=en&num=100&q=filetype:swf+inurl:clickTAG&aq=f&oq=&aqi=
Cross site scripting attacks are actually being performed: http://kingfeatures.com/pressrm/PR316.htm
and this was done in the past as well: http://www.thetechherald.com/article.php/200952/4979/Funny-pages-used-to-launch-PDF-attack-on-latest-vulnerability

polonus
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: polonus on December 28, 2009, 01:12:12 AM
Hi malware fighters,

This year also saw an explosive increase of the number of malware-kits, making  everyone to construct his own malware within a few mouse-clicks, Especially for Xmas-time the malcreants launched "Chrismas Stealer" to steal log-in data from Firefox and MSN. Re: http://blog.damballa.com/?p=462

The user just has to fill out his own mail-address and that of the victim. Then the victim will get an e-mail with an attachment.  When this gets opened the Firefox log-in data and MSN log-in data will be sent to the sender. On the other side these kits could also dupe the user to loose his log-in data,

polonus
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: polonus on December 29, 2009, 09:22:05 PM
Hi malware fighters,

Malware "horror"scope for 2010 -

All security and av-vendors have made predictions for the coming security year 2010. Panda Security - Kaspersky Lab - F-Secure - AVG - RSA - Verizon - Anton Chuvakin - McAfee - Symantec - ESET looked into their crystal balls and came up with the following predictions for 2010
The summon it up neatly more of the same but in larger quantities. But the insights differ.

W 7 and Mac OS X
The introduction of W7 this year is a positive influence according to Finnish F-secure researchers, XP SP3 will become a malware-haven or malware getto in regions where W7 is less prevalent. Most av-vendors think that when the participation of W7 is large enough also this new OS will be attacked. They foresee this coming within the next two years, according to Panda Security. Malcreants are migrating their malware for the new MS platform and especially migrating to the 64-bit version. Kaspersky means that the security holes inside the new Windows7 will result in many drive-by download attacks, and also because of holes in products like Adobe's and Apple's are being found. Security vendor Verizon has another vision. Windows 7 will be more robust as expected and withstand attacks so attackers will go for the application software.

Also the Mac OS X will have full attention of malcreants. As the market share increases, the larger the number of attacks will become. “2010 will prove once and for all that Macs aren't immune to exploits”, according to Websense.

Fake-virusscanners
The most remarkable prediction has PC Tools. The vendor predicts a trend to combine all existing malware trends with new, inventive techniques. This malware will be more socially interactive and look more reliable and trustworthy to users, like some fake-av programs already do. The next step will be that cyber criminals are going to use budgets to start their own call centers, helplines, and virtual offices and service providers and even start ad campaigns for their rogue fake av scanners. Furthermore fake av scanners will become more and more aggressive and will even hijack operational systems.

Kaspersky on the contrary predicts less fake av-scanners, because the market is flooded by them already, so less income for the crooks. Also raised attention from intelligence and security services alike make it harder to spread and create fake av.

Fortinet thinks that the general users now is aware of scare ware, cyber criminals will switch to ransom ware during 2919, where the ask money for digital properties they encrypted.

Ads
This year the New York Times was being hit by attackers posing as legit advertisers and then placed malicious ads. A succesful attack well worth investing in it. Legit bought ads or hacked ad space users will be attacked in this way during the coming year.

Social engineering
Now the Operational System and applications are becoming more solid and secure, the easiest way to get to people's money or install malicious software is to socially engineer or mislead them, according to ESET's Randy Abrams. He too thinks the coming of W7 makes malcreants can't easily infect systems. Symantec says social engineering became so popular because it does not matter what OS or what browser is being used, the user themselves are being attacked. “Weak parts on a computer are less important. Social engineering has become one of the prevailing attack methods and this will be the growing trend for 2010.”

Shortened URL-services
Services to shorten URLs have become a trend with Twitter. A big problem there is that the user does not know where they re-direct to after clicking the link. The popular URL-shortener Bit.ly let us know they will scan better for spam and malcode, nut an increase in abusing the services is expected for the coming new year. Also spammers will use shortened URLs to circumvent spam filters. But parties involved will protect better, because their business model will be under attack.

Human CAPTCHA-crackers
As spammers find it more and more difficult to break the CAPTCHA-codes automatically, they will use human forces in developing economies to define new spam accounts manually to try and circumvent new detection technologies. Symantec assumes individuals that manually make the accounts get paid 10% of the overall costs, while account hunters will get 30 to 40 dollar per 1.000 accounts.

DDoS-attack
At least one big distributed denial-of-service (DDoS) against some nation. according to F-Secure.

Everyone into the Cloud
The cloud will be the av technology of the days to come, while others now report they have been doing this "for years and years". In 2010 all av vendors will go into the cloud if they aren't already doing so, well this means Spanish Panda Security. On the other side cloud services are an interesting target platform for attackers.

A specific service that can await new attacks is Google Wave. Initially cybercrime will use the service for spreading spam, then it will be abused in phishing attacks, abusing security holes and spreading malware will follow. Chrome OS will be left alone, while MacAfee thinks this will be a hacker's paradise.

Last but not least cyber criminals will hide inside the cloud, like we have seen this recent year.

Cyberwar
For quite some time we hear about cyberwar and cyber terror, where China and North-Korea are mentioned. We saw large scale Ddos-attacks against Estonia and Georgia last year. Govt sites can also come under attack of politically motivated hackers to deface an official website with political slogans. We will see both kind of attacks during the coming year.

Increase of malware
All av vendors agree that we will encounter more and more vicious malcode during 2010. A lot of av scanners will have a hard time to detect them, predicts Kaspersky Lab. Some vendors will develop complex security software as an answer to this kind of advanced malware, but some malware will be able to circumvent detection, go under the radar and stay immune for quite some time.

Users that do their Internet banking have to watch out for state of the art banking Trojans. Then the malcreants will develop geo-located attack-versions that are varied according to language and content, so the user will run a higher risk to open the wrong link. Symantec also expects an increase of English language spam.

The World Soccer Chamiponships will play an important role for Trojans, fake-ticket business, spam, attacks on legit ticket shops and DDoS-attacks.

AVG sees the coming automatic malware generation as one of the biggest problems for 2010,
making end-users will choose compete security suites over a stand-alone av solution. Then it warns against upcoming economies. The number of users in Brazil, China and India will increase tremendously, but using illegal software and the absence of av or fw will create lots of problems Users will be sitting ducks for attack in mentioned countries.

Verizon thinks the development of malware will come to a standstill. “Malware won't evolve further.”

Full-disk encryption and NAC
This will not come to fruition and there won't be a break-through, says Anton Chuvakin, who is predicting that Network Access Controls (NAC) will be almost gone near the end of 2010.

Data leaks
In 2009 the biggest leakage of data took place in human history, the theft of over 130 million creditcard data at Heartland Payment Systems. The coming year will see more data leakage, but smaller. McAfee focuses on social networking. Fake applications will be a problem for the hundreds of millions that use it, turning their data into the hands of cyber crooks.

China
Will stay at the wrong end of the stick (and stays an interesting role model for others  Grin )

Community
De internet community will slowly get educated, according to Verizon.The number of senior users that deal with cybercrime will go down considerably, while young ones learn their generation how to protect, so they will be better informed and able to secure themselves by identifying, finding and defy cyber criminals. After a ten year period of study, research, coordination and training cyberpolice will now finally come "harvest" on this, according to McAfee.

RSA closed on a positive note, that there will be more cooperation between the members of the security community, both researchers and vendors alike will cooperate to launch new initiatives.

Well anyway Polonus wishes you all a malware free and solidly secure avast-year 2010!

polonus
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: Pondus on December 29, 2009, 10:37:23 PM
Good Guys Bring Down the Mega-D Botnet

Quote
Chalk up one for the defenders. Here’s how a trio of security researchers used a three-step attack to defeat a 250,000-pronged botnet.

http://www.pcworld.com/article/185122/good_guys_bring_down_the_megad_botnet.html
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: Pondus on December 29, 2009, 10:39:35 PM
Top 10 tech stories of the decade
http://computerworld.co.nz/news.nsf/tech/E40BE6B4769086A2CC25769A00716FEA
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: born2golf on December 30, 2009, 12:04:19 AM
***

It was suggested that we needed these all in one thread. So, I have created this thread for that use and hope that all will use this thread to post the security warnings on this forum.

Here is a link to the posting that prompted this thread.

http://forum.avast.com/index.php?topic=52250.msg442193#msg442193


*** I am running Vista Home Premium and when I go into Control Panel/Security it shows I am not running a virus protection program.  How do I get this to recognize that I am running Avast Home Edition?
PS: I hope I am posting this in the right place.
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: Pondus on December 30, 2009, 12:09:29 AM
Quote
PS: I hope I am posting this in the right place.
you are not, go here and start a new topic http://forum.avast.com/index.php?board=2.0
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: logos on December 30, 2009, 12:16:17 AM
yeah, he had a security warning  ;D ROFL
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: .: L' arc :. on December 30, 2009, 04:24:34 PM
The curious case of Combofix and the hostile copyright infringer (http://www.bleepingcomputer.com/forums/topic279176.html)
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: spg SCOTT on December 30, 2009, 04:39:12 PM
The curious case of Combofix and the hostile copyright infringer (http://www.bleepingcomputer.com/forums/topic279176.html)

WOW...some people... ::) :o

ComboFix was what fixed my old pc when I first joined...in one swift script :)
Brilliant program (and Dev :))
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: bob3160 on December 30, 2009, 06:48:35 PM
As soon as I get back home, I'll have to remove it from my server.  :'(

Edit,
It's now no longer visible.   :'(
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: YoKenny on December 30, 2009, 06:49:52 PM
The curious case of Combofix and the hostile copyright infringer (http://www.bleepingcomputer.com/forums/topic279176.html)
Please DO NOT USE COMBOFIX on your own without supervision!!!
http://www.bleepingcomputer.com/forums/topic273628.html
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: YoKenny on December 30, 2009, 07:12:07 PM
Quote
Microsoft releases fix for Windows Vista Black Screen
December 30th, 2009

Microsoft has released a hotfix to resolve an issue, where a computer that is running Windows Vista or Windows Server 2008 stops responding at a black screen early in the startup process 
http://www.thewindowsclub.com/microsoft-releases-fix-for-windows-vista-black-screen
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: polonus on December 31, 2009, 09:53:16 PM
Hackers actively abuse Symantec business av scanner holes.....

Security leaks in Symantec av scanners for the business market are now being actively abused
to download all sorts of nasty malware. http://isc.sans.org/diary.html?storyid=7834
The attacks take place through port 12174 and are aimed at Symantec AntiVirus Corporate Edition,
Client Security and Endpoint Security. According to the av vendor they see a dramatic increase
of the number of attacks for port 12174. http://www.securityfocus.com/bid/34671/exploit

The update for the four security holes in Alert Management System 2 (AMS2) i
has been available since April 28 2009, but it seems that some system admins were reluctant to
install them. AMS2 is part of the Symantec System Center console, AntiVirus Server,
and AntiVirus Central Quarantine Server.
The av-vendor advizes all firms to close port 12174 and to enroll the updates asap

http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02

polonus

P.S. Weren't they Symantec not chosen as number 1 av recently in a test? Well, ahum...

D.
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: polonus on January 03, 2010, 12:50:15 AM
Hi malware fighters,

As reminded by bob3160 posted here also: http://forum.avast.com/index.php?topic=52979.msg449143#msg449143
topic Hexzone, Virut and Pusdo correlations...

pol
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: polonus on January 04, 2010, 06:43:33 PM
Hi malware fighters,

Security and threats to the Cloud: http://forum.avast.com/index.php?topic=53036.msg449605#msg449605

polonus
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: logos on January 05, 2010, 01:31:51 PM
nothing really new here, just an update on what's going on:
Quote
Adobe Reader vuln hit with unusually advanced attack
Eight more days to go
http://www.theregister.co.uk/2010/01/04/adobe_reader_attack/
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: scythe944 on January 05, 2010, 05:09:24 PM
nothing really new here, just an update on what's going on:
Quote
Adobe Reader vuln hit with unusually advanced attack
Eight more days to go
http://www.theregister.co.uk/2010/01/04/adobe_reader_attack/

Damn, and avast wasn't among the few A/V's that found the infection.  I guess we'll have to find the infection somewhere and submit it to alwil soon!
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: logos on January 05, 2010, 06:07:31 PM
nothing really new here, just an update on what's going on:
Quote
Adobe Reader vuln hit with unusually advanced attack
Eight more days to go
http://www.theregister.co.uk/2010/01/04/adobe_reader_attack/

Damn, and avast wasn't among the few A/V's that found the infection.  I guess we'll have to find the infection somewhere and submit it to alwil soon!
yes, I didn't look at the virus total link in the article.... :o
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: polonus on January 05, 2010, 06:22:54 PM
Hi malware fighters,

Threat for website defacements through XSS flaws on blogsites is reported here: http://forum.avast.com/index.php?topic=53082.msg449946#msg449946

polonus
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: bob3160 on January 05, 2010, 06:24:27 PM
Hi malware fighters,

Threat for website defacements through XSS flaws on blogsites is reported here: http://forum.avast.com/index.php?topic=53082.msg449946#msg449946

polonus
So now we have 2 posts for the same item...  :)
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: polonus on January 05, 2010, 06:26:50 PM
Hi bob3160,

One full posting and one small additional link here. While you alerted for it..

Damian
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: logos on January 05, 2010, 06:31:53 PM
Hi bob3160,

One full posting and one small additional link here. While you alerted for it..

Damian

agree with that, so that those who'd want to comment can go to the other thread and not clutter this one here.
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: bob3160 on January 05, 2010, 07:13:58 PM
Unfortunately that only creates more clutter so we now create 2 posts instead on one.
It defeats the whole purpose.
At this point, just make your separate posts, it's getting harder and harder to follow all the entries anyway.
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: YoKenny on January 05, 2010, 07:40:18 PM
Unfortunately that only creates more clutter so we now create 2 posts instead on one.
It defeats the whole purpose.
At this point, just make your separate posts, it's getting harder and harder to follow all the entries anyway.

+1

One post plus comments  8)

One post in SECURITY WARNINGS then 2 topics to follow ::)
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: bob3160 on January 07, 2010, 02:13:05 PM
Encryption busted on popular USB flash drives (http://ct.zdnet.com/clicks?t=520016790-98ec0b9bf7e2843a2a0b58f2ad773e46-bf&brand=ZDNET&s=5)

A word of warning to those of you who rely on hardware-based encrypted USB flash drives. Security firm SySS has reportedly cracked the
AES 256-bit hardware-based encryption used on flash drives manufactured by Kingston, SanDisk and Verbatim.
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: logos on January 07, 2010, 02:27:55 PM
Encryption busted on popular USB flash drives (http://ct.zdnet.com/clicks?t=520016790-98ec0b9bf7e2843a2a0b58f2ad773e46-bf&brand=ZDNET&s=5)

A word of warning to those of you who rely on hardware-based encrypted USB flash drives. Security firm SySS has reportedly cracked the
AES 256-bit hardware-based encryption used on flash drives manufactured by Kingston, SanDisk and Verbatim.


bob you should have added this too, they didn't crack the algorithm, they used a security flaw in the encryption/decryption program:
Quote
The crack relies on a weakness so astoundingly bone-headed that it’s almost hard to believe. While the data on the drive is indeed encrypted using 256-bit crypto, there’s a huge failure in the authentication program. When the correct password is supplied by the user, the authentication program always send the same character string to the drive to decrypt the data no matter what the password used. What’s also staggering is that this character string is the same for Kingston, SanDisk and Verbatim USB flash drives.

 if they had cracked AES 256, which is hardly to happen anytime soon, it would have made the headlines on a few sites and mags  ;D ...but well, the program flaw is bad enough to be mentioned.
 But there are alternatives, TrueCrypt and now Bitlocker (Windows 7 version) that can be used to encrypt USB drives as well.
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: logos on January 07, 2010, 03:42:28 PM
Hacker pierces hardware firewalls with web page
http://forum.avast.com/index.php?topic=53163.msg450630#msg450630
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: bob3160 on January 08, 2010, 12:12:20 AM
Encryption busted on popular USB flash drives (http://ct.zdnet.com/clicks?t=520016790-98ec0b9bf7e2843a2a0b58f2ad773e46-bf&brand=ZDNET&s=5)

A word of warning to those of you who rely on hardware-based encrypted USB flash drives. Security firm SySS has reportedly cracked the
AES 256-bit hardware-based encryption used on flash drives manufactured by Kingston, SanDisk and Verbatim.


bob you should have added this too, they didn't crack the algorithm, they used a security flaw in the encryption/decryption program:
Quote
The crack relies on a weakness so astoundingly bone-headed that it’s almost hard to believe. While the data on the drive is indeed encrypted using 256-bit crypto, there’s a huge failure in the authentication program. When the correct password is supplied by the user, the authentication program always send the same character string to the drive to decrypt the data no matter what the password used. What’s also staggering is that this character string is the same for Kingston, SanDisk and Verbatim USB flash drives.

 if they had cracked AES 256, which is hardly to happen anytime soon, it would have made the headlines on a few sites and mags  ;D ...but well, the program flaw is bad enough to be mentioned.
 But there are alternatives, TrueCrypt and now Bitlocker (Windows 7 version) that can be used to encrypt USB drives as well.
Logos,
I supplied the link which gave that information. :) I spent the time reading it and so did you so why shouldn't the rest of those that where interested.   ;D
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: hello123 on January 08, 2010, 02:37:10 AM

Quote
Juniper Networks is warning customers of a critical flaw in its gateway routers that allows attackers to crash the devices by sending them small amounts of easily-spoofed traffic.


http://www.theregister.co.uk/2010/01/07/juniper_critical_router_bug/
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: hello123 on January 08, 2010, 02:38:40 AM
And Microsoft Patch on Tuesday.

http://threatpost.com/en_us/blogs/microsoft-plans-quiet-january-patch-tuesday-010710
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: logos on January 08, 2010, 10:47:07 AM
Logos,
I supplied the link which gave that information. :) I spent the time reading it and so did you so why shouldn't the rest of those that where interested.   ;D

the first lines of the article were misleading, and you quoted them, and just them, here's why...some might NOT read the article and but your post here.
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: YoKenny on January 08, 2010, 03:02:45 PM
Quote
Office.Microsoft.Com Search Results Can Lead To Rogue Anti-Virus
Date:01.08.2010
Threat Type: Malicious Web Site / Malicious Code

Websense Security Labs™ ThreatSeeker™ Network has detected that search results on office.microsoft.com can lead users to a Rogue AV page.
http://securitylabs.websense.com/content/Alerts/3519.aspx
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: YoKenny on January 08, 2010, 03:18:32 PM
Quote
Some Observations on Rootkits

Getting hit by a live rootkit infection is among the more unfortunate fates that can befall an unsuspecting computer user.

Parting thoughts
• Keep real-time protection enabled
• Run 64-bit Windows
http://blogs.technet.com/mmpc/archive/2010/01/07/some-observations-on-rootkits.aspx
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: polonus on January 08, 2010, 03:58:42 PM
Hi malware fighters,

Data Doctor is a new encryption cyber crime ransom tool that makes users believe their system does not function properly anymore after letting the OS start up in SafeMode, one has to pay 63 euro to get access to your data again.
Here is a tool to help you to de-encrypt: http://sunbeltblog.blogspot.com/2010/01/data-doctor-2010-encrypted-files-we.html

polonus

Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: hello123 on January 08, 2010, 07:47:39 PM
Industry group plans Cyber attack Simulation.
http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=222200643
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: polonus on January 08, 2010, 10:40:47 PM
Hi malware fighters,

Milions and millions of Windows computers runs an "unhealthy" kernel, as appeared from a Microsoft survey. The kernel is the heart of the Windows OS and changes to it could have disastrous reults. The most favourite technique to do this is for a rootkit to hide on a machine is making changes to the kernell. The software vendor wanted to know how many systems were actuallly rootkitted. "We found that a gigantic amount of computers is running a unhealthy kernel", according to MS MalwareProtection Center's Randy Treit.  1% of all tested computers , that means millions of machines for the whole of the Windows population.

Treit says it is not only malware that will makes changes to the kernel to destabilize the OS, also legit software can do thist. Whenthe kernel has been hijacked via legit software, a rootkit can hijack a next level, making detecting the malcode harder. Of all infestations 7% were low-level rootkits. For 60% the Alureon family of rootkists was responsible.

64-bit Windows
Acoording to Microsoft-analist the numbers show that 64-bit Windows systems are better protected against rootkits than a 32-bit Windows version (the situation now). Of all rootkits the software vendor found, only 0,67% functioned on a 64-bit platform. "It might well be that even a lower number of rootkits can activate on a 64-bit computer. Signing  drivers and features ;ikes Kernel Patch Protection make 64-bit Windows ea rootkit hostile environment." Treit advizes users that want to outsmart rootkits to change to a  64-bit Windows. At the moment these systems are less risky. "When you could choose, go for the 64-bit."

polonus
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: YoKenny on January 08, 2010, 11:33:20 PM
@ polonus
Quote
Milions and millions of Windows computers runs an "unhealthy" kernel, as appeared from a Microsoft survey. The kernel is the heart of the Windows OS and changes to it could have disastrous reults. The most favourite technique to do this is for a rootkit to hide on a machine is making changes to the kernell. The software vendor wanted to know how many systems were actuallly rootkitted. "We found that a gigantic amount of computers is running a unhealthy kernel", according to MS MalwareProtection Center's Randy Treit.  1% of all tested computers , that means millions of machines for the whole of the Windows population.

That's what I indicated here with a link to the article:
http://forum.avast.com/index.php?topic=52252.msg451041#msg451041
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: polonus on January 09, 2010, 01:14:07 AM
Hi YoKenny,

Then we two are twice forewarned and twice forearmed. The tdsss is a nasty one, and the virus and worms is overflowing with victim messages asking for help, essexboy and oldman have their hands full to eliminate this persistent process hopper rootkit b*gger- also seems firefox WITHOUT noscript is another threat where this malware is concerned,

your friend pol
Title: Serious IE and Windows flaws...
Post by: logos on January 11, 2010, 01:34:02 PM
http://www.theregister.co.uk/2010/01/08/jaunaury_patch_tuesday/

Quote
Microsoft won't fix vulnerabilities in the latest versions of Internet Explorer or Windows during its regularly scheduled patch release on Tuesday, meaning users will have to wait at least another month to get updates that correct the security risks.
Title: Re: Serious IE and Windows flaws...
Post by: YoKenny on January 11, 2010, 01:47:23 PM
http://www.theregister.co.uk/2010/01/08/jaunaury_patch_tuesday/

Quote
Microsoft won't fix vulnerabilities in the latest versions of Internet Explorer or Windows during its regularly scheduled patch release on Tuesday, meaning users will have to wait at least another month to get updates that correct the security risks.

Anything on The Register is just there for sensationalism and media hype
Quote
Microsoft's Jerry Bryant said the company is still working on a fix for the SMB flaw and is not aware of any in-the-wild attacks that target the weakness.
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: logos on January 11, 2010, 02:40:30 PM
Quote
Anything on The Register is just there for sensationalism and media hype
it's simply not true  ::) ...do you prefer the Inquirer ?  :D
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: bob3160 on January 11, 2010, 05:01:29 PM
Quote
Anything on The Register is just there for sensationalism and media hype
it's simply not true  ::) ...do you prefer the Inquirer ?  :D
It got the "Tiger by the tail" story right....  ;D ;D
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: Pondus on January 11, 2010, 05:23:28 PM
False Facebook charge group used to spread malware
Alert  Print Post commentMalware pokes outraged users
http://www.theregister.co.uk/2010/01/11/facebook_charging_rumour_malfeasance/


Rogue phishing app smuggled onto Android Marketplace
Alert  Print Post commentGhost in the machine
http://www.theregister.co.uk/2010/01/11/android_phishing_app/
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: polonus on January 11, 2010, 10:01:32 PM
Hi malware fighters,

G-Data warns that PDF is an insecure fileformat...
PDF is a nifty, but because of all security leaks an insecure file format , G Data warns. Last year 74 holes were found up for Adobe Reader and Acrobat, twice the number of 2008. The benefits to use PDF are clear. Through all sort of free PDF Readers it can be opened on various systems. Then it is hard to change a PDF file, something to prevent unauthorised changes of the file. Also it is a compact format, making it attractive to send as an attachment with emails.

Over the years the PDF file format got more features, adding greatly to the complexity of the software. Resulting in finding exploits and security holes a lot easier. Through simple toolkits like there are Eleanor, Liberty Exploit System or Elfiesta, it is quite easy to produce infested PDF-files. Such programs can be run without almost any technological insight from the side of the cyber criminals.

Attack
The majority of exploits will use an embedded JavaScript that will be executed upon opening the file. The malicious Javascript will use the so-called Heap Spray-method to overload memory with NOP-commands (No Operation-commands) and also by reloading the shellcode over and over again. The JavaScript-vulnerability in the PDF file can be used to run the shellcode and execute it. The executed shellcode will then download the malicious payload, for instanced botnetcomponents.

User that want to be protected are advised to use another leaner PDF-reader, but the av vendor asks users to install a av scanner and disable JavaScript at the same time or use the Windows DEP-function (Data Execution Prevention). "Well it is a pity that a lot of legit software won't run under mentioned settings."

Also a security warning for PDF documents, forewarned is forearmed, folks,

polonus
Title: Re: Serious IE and Windows flaws...
Post by: mkis on January 11, 2010, 10:42:06 PM
http://www.theregister.co.uk/2010/01/08/jaunaury_patch_tuesday/

Quote
Microsoft won't fix vulnerabilities in the latest versions of Internet Explorer or Windows during its regularly scheduled patch release on Tuesday, meaning users will have to wait at least another month to get updates that correct the security risks.

Anything on The Register is just there for sensationalism and media hype
Quote
Microsoft's Jerry Bryant said the company is still working on a fix for the SMB flaw and is not aware of any in-the-wild attacks that target the weakness.

'Anything' in this sense would suggest everything put out by The Register is hype which is plainly not true.

But I get your point YoKenny. I get The Register, and it is most times sensation hard sell that is nonetheless most times accurate enough (give or take some occasional near misses). And heaps less bundled with the soft bloat / hard sell that epitomizes many of the other publications that make up my tech feeds.

Notably, each page is a clean page - you can go to the previously viewed page without having to first negotiate a pile of hidden iframes.
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: polonus on January 11, 2010, 11:19:15 PM
Hi YoKenny and mkis,

Hackers may use the exploit to crash Windows. “We are developing an update to solve this problem”, according to Bryant on his blog. The old workaround, shutting down ports 139 and 445, (use the wwdc tool) is the only possibility so-far to keep the OS secure against this denial-of-service-attack.

nCircle main spokesman Andrew Storms commented, that he had expected the SMB-problem to be patched this month, if only as a PR-thing.
“On the other hand it is to be understood that MS did not, because it is "only" just a DoS-attack.” The main issue SMBv2 was patched with http://www.microsoft.com/technet/security/bulletin/ms09-050.mspx  
during October last; the issue that still remains unpatched is this: http://www.microsoft.com/technet/security/advisory/977544.mspx

So if not paying attention users will mix things up... but Microsoft "is concerned that this new report of a vulnerability was not responsibly disclosed, potentially putting computer users at risk." not further commenting on it only criminalizing the disclosure of the vulnerability,

polonus


Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: logos on January 12, 2010, 12:09:05 AM
thanks Polonus and mkis  ;)

mkis, I see the register exactly how you described it.
Polonus, good job with the additional info, confirming my post.
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: mkis on January 12, 2010, 12:12:51 AM
Hi YoKenny and mkis,

Hackers may use the exploit to crash Windows. “We are developing an update to solve this problem”, according to Bryant on his blog. The old workaround, shutting down ports 139 and 445, (use the wwdc tool) is the only possibility so-far to keep the OS secure against this denial-of-service-attack.

nCircle main spokesman Andrew Storms commented, that he had expected the SMB-problem to be patched this month, if only as a PR-thing.
“On the other hand it is to be understood that MS did not, because it is "only" just a DoS-attack.” The main issue SMBv2 was patched with http://www.microsoft.com/technet/security/bulletin/ms09-050.mspx  
during October last; the issue that still remains unpatched is this: http://www.microsoft.com/technet/security/advisory/977544.mspx

So if not paying attention users will mix things up... but Microsoft "is concerned that this new report of a vulnerability was not responsibly disclosed, potentially putting computer users at risk." not further commenting on it only criminalizing the disclosure of the vulnerability,

polonus


Yes I think the security issue at the moment  http://secunia.com/advisories/cve_reference/CVE-2009-3103/
 with the Microsoft thing as well  http://www.microsoft.com/technet/security/advisory/977544.mspx and at the same time people getting infected

I've been picking up bits and pieces on the forum now and then but not really much up with the play. Makes interesting reading though. Lots to be learned amongst this lot.
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: mkis on January 12, 2010, 12:17:51 AM
and siszyd32.exe    :o :o :o


Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: DavidR on January 12, 2010, 01:08:00 AM
You need to modify your link as all it does is take you to the search function, not display any results if that was your aim.
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: bob3160 on January 12, 2010, 02:07:34 AM
There is a safe way to browse and not worry about these security warnings.
http://forum.avast.com/index.php?topic=19387.msg441269#msg441269 (http://forum.avast.com/index.php?topic=19387.msg441269#msg441269)
While I'm on this OS, I don't think I have anything to fear even without any Anti Virus protection. :)
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: mkis on January 12, 2010, 05:26:14 AM
You need to modify your link as all it does is take you to the search function, not display any results if that was your aim.

okay I see what you mean, meant to be search for siszyd32.exe under virus and worms. Just back on internet. I will delete link since we all know how to get there.
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: Pondus on January 12, 2010, 03:20:02 PM
Chrome Sets Browser Security Standard, Says Expert

http://www.pcworld.com/article/186486/chrome_sets_browser_security_standard_says_expert.html
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: Pondus on January 12, 2010, 03:35:18 PM
Firm to Release Database & Web Server 0days
http://www.krebsonsecurity.com/2010/01/firm-to-release-database-web-server-0days/

Jan 10, 2010: Regarding responsible disclosure
http://intevydis.blogspot.com/2010/01/jan-10-2010-regarding-responsible.html

Sun Directory Server 7.0 core_get_proxyauth_dn DoS
http://intevydis.blogspot.com/2010/01/sun-directory-server-70.html
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: YoKenny on January 12, 2010, 03:36:07 PM
Chrome Sets Browser Security Standard, Says Expert

http://www.pcworld.com/article/186486/chrome_sets_browser_security_standard_says_expert.html

Have a look at Some Observations on Rootkits:
http://blogs.technet.com/mmpc/archive/2010/01/07/some-observations-on-rootkits.aspx

Where it says at the bottom
Quote
Run 64-bit Windows
for the time being, it appears that currently, users running 64 bit Windows are less likely to be compromised by rootkits. While the threat landscape is constantly evolving, for now you can breathe a lot easier if you're running 64-bit Windows. If you have a choice, go with 64-bit.
I won't be switching to Chrome. 8)

Did you catch The Simpsons 20th Anniversary Special?
http://www.associatedcontent.com/article/2576391/the_simpsons_20th_anniversary_special.html
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: mkis on January 12, 2010, 09:30:34 PM

Have a look at Some Observations on Rootkits:
http://blogs.technet.com/mmpc/archive/2010/01/07/some-observations-on-rootkits.aspx

Where it says at the bottom
Quote
Run 64-bit Windows
for the time being, it appears that currently, users running 64 bit Windows are less likely to be compromised by rootkits. While the threat landscape is constantly evolving, for now you can breathe a lot easier if you're running 64-bit Windows. If you have a choice, go with 64-bit.
I won't be switching to Chrome. 8)
 

Super technet article   :D

Can you elaborate on how relates to Chrome specifically?
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: logos on January 12, 2010, 09:41:01 PM

Have a look at Some Observations on Rootkits:
http://blogs.technet.com/mmpc/archive/2010/01/07/some-observations-on-rootkits.aspx

Where it says at the bottom
Quote
Run 64-bit Windows
for the time being, it appears that currently, users running 64 bit Windows are less likely to be compromised by rootkits. While the threat landscape is constantly evolving, for now you can breathe a lot easier if you're running 64-bit Windows. If you have a choice, go with 64-bit.
I won't be switching to Chrome. 8)
 

Super technet article   :D

Can you elaborate on how relates to Chrome specifically?

that was my reaction too  ;) Yokenny has the ability to link unrelated things very often so don't worry. The "thinking" here is because he's running a 64 bit version of Windows and IE8 he feels safe enough against rootkit not to have to use Chrome and its sandboxing abilities. Doesn't make any sense but that's Yokenny... :D
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: mkis on January 12, 2010, 10:17:13 PM
I think the main issue with Chrome is still the privacy issue - collecting client server data, say, with localisation strategies and other personalization, or through google diagnose, an so on.

So far anyway.

Rootkits are another matter though. deserving of greater attention, so it seems from recent developments. 
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: polonus on January 12, 2010, 11:36:10 PM
Hi mkis,

We can do something about that with silentio -
silentio! - anonymize your Google™ Chrome Browser!
Save your own privacy with opwoco silentio!
Feel free to spread it! http://www.opwoco.com/silentio/

opwoco security solutions

Bröckers & Wesseling GbR
Wieferthook 29
48599 Gronau-Epe
Germany


polonus
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: logos on January 12, 2010, 11:42:47 PM
Hi Polonus,

I'm rerouted to https://www.opwoco.de/ which shouldn't be an issue but I cannot find "silentio" there...
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: polonus on January 13, 2010, 12:01:57 AM
Hi Logos,

Maybe it was removed from the developer site on demand,
Here is an alternative downloadsite:
Checking: http://wakoopa.com/download/silentio/1.0.0.0
Engine version: 5.0.1.12222
Total virus-finding records: 933762
File size: 11.62 KB
File MD5: 7eaf73e43dc1d2da525869b9159a9373

http://wakoopa.com/download/silentio/1.0.0.0 - archive HTML
>http://wakoopa.com/download/silentio/1.0.0.0/Script.0 - Ok
>http://wakoopa.com/download/silentio/1.0.0.0/Script.1 - Ok
http://wakoopa.com/download/silentio/1.0.0.0 - Ok

polonus
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: logos on January 13, 2010, 12:08:11 AM
@ Polonus: thanks  ;)

edit: I either get a page not found or registration required...nevermind.
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: YoKenny on January 13, 2010, 01:20:29 AM

Have a look at Some Observations on Rootkits:
http://blogs.technet.com/mmpc/archive/2010/01/07/some-observations-on-rootkits.aspx

Where it says at the bottom
Quote
Run 64-bit Windows
for the time being, it appears that currently, users running 64 bit Windows are less likely to be compromised by rootkits. While the threat landscape is constantly evolving, for now you can breathe a lot easier if you're running 64-bit Windows. If you have a choice, go with 64-bit.
I won't be switching to Chrome. 8)
 

Super technet article   :D

Can you elaborate on how relates to Chrome specifically?

that was my reaction too  ;) Yokenny has the ability to link unrelated things very often so don't worry. The "thinking" here is because he's running a 64 bit version of Windows and IE8 he feels safe enough against rootkit not to have to use Chrome and its sandboxing abilities. Doesn't make any sense but that's Yokenny... :D

I like to keep things simple.

I do not need Chrome.

Everything should be as simple as it is, but not simpler.
Any intelligent fool can make things bigger and more complex... It takes a touch of genius - and a lot of courage to move in the opposite direction.
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.

Albert Einstein
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: spg SCOTT on January 13, 2010, 01:38:16 AM
...
Everything should be as simple as it is, but not simpler.
...

The simpler the better

Occam's razor (http://en.wikipedia.org/wiki/Occam%27s_razor)
Quote
the principle that "entities must not be multiplied beyond necessity" and the conclusion thereof, that the simplest explanation or strategy tends to be the best one.
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: mkis on January 13, 2010, 01:42:13 AM
I find Chrome to be simple that's why I use it. And convenient also.
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: spg SCOTT on January 13, 2010, 01:52:42 AM
I also like chrome as it is very simple, and I can run it from my meneory stick at school etc. (iron)
but frankly, I am spoilt by firefox, NS etc.... :)
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: bob3160 on January 13, 2010, 02:24:52 AM
Quote
I do not need Chrome.
You don't know what your missing.  ;D
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: YoKenny on January 13, 2010, 02:40:47 AM
Quote
I do not need Chrome.
You don't know what your missing.  ;D

How about Browser Defender 8)
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: mkis on January 13, 2010, 03:01:07 AM
Wasn't Einstein referring to the solution to quantum theory as being simple, but no simpler?
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: bob3160 on January 13, 2010, 03:03:32 PM
Quote
I do not need Chrome.
You don't know what your missing.  ;D

How about Browser Defender 8)
I didn't know that was a browser ???  ;D
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: hello123 on January 13, 2010, 06:16:26 PM
Quote
I didn't know that was a browser

I'm pretty sure it isn't. I think he means, the Browser Defender Add-on isn't available for chrome.
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: mkis on January 13, 2010, 06:43:36 PM
There is no doubt about YoKenny's capabilities. I for one have learned loads from him on this forum. Nor would I question his integrity - after all, who am I to cast that stone.

I have simply found  google browser to be a rewarding experience. This is particularly so in regard to teaching how to use - a couple of directions are all that is needed, and the user is happily away to learn themself the rest. So very good as far as newbs and digitally-challenged people are concerned. They love the New Tab functionality.

This does not mean google would be the best browser in all respects.

Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: polonus on January 13, 2010, 07:28:57 PM
To mkis, YoKenny, hello 123 and all other psosters in this thread.
Consider this opinion from a browser hacker par excellence and his opinion about the Google Chrome browser, some facts that cannot be easily denied even how hard it may be to realize IE is a years and years old concept that was only uphauled with IE8 not changed, same old wine into a new bag...and so the use of IE6 is still endangering all  the users of safer and more secure browsers online....

The new security feature that Google Chrome brings is sandboxing, and this is the prediction about sandboxing in appl. for 2010: http://threatpost.com/en_us/blogs/i-have-only-one-security-prediction-2010-010610
Here GoogleChrome is the browser trendsetter, Fx has landed at separate tab launching only at version 3.7.Drive-by-downloads and malicious e-mail attachments are to-days main threats. This because a malcreant is an opportunist and select the weakest spot in the defense where they can circumvent any firewall. Security is not about SYN packet monitoring, no, the attack surface is minimized by a Fw, it does not do one thing about the desktop that is connected out to the Internet. That makes sandbozing that important, my dear malware fighters, because it seperates supicious data from user's data - it makes the attacker has a more difficult task to perform to succeed. Protected Mode of IE is a right step towards that, but Google Chrome performs much better here, because Google understand that the browser equals the Operational System, that IE = explorer alias browser=system.  And using this priciple in a browser they have built from scrap is a gigantec step forward where browser security is concerned. Davi Zovi therefore means GoogleChrome in these respects is the leader of the pack.. http://www.computerworld.com/s/article/9143518/Chrome_sets_browser_security_standard_says_expert The man that earned 10.000 bucks with hacking Safari, means that sandboxing is the answer:
http://cansecwest.com/post/2007-04-20-14:54:00.First_Mac_Hacked_Cancel_Or_Allow
To come up with a patch for every hole found certainly is not the way to go, that is a race that cannot be won,

polonus
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: CharleyO on January 14, 2010, 10:47:10 AM
***

Misplaced warning message at the link below :

http://forum.avast.com/index.php?topic=53353.msg452460#msg452460


***
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: CharleyO on January 15, 2010, 07:26:02 AM
***

Misplaced warning notice :

http://forum.avast.com/index.php?topic=53429.msg453175#msg453175


***
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: Pondus on January 15, 2010, 03:46:11 PM
Adobe hit by Chinese Google attack
http://www.v3.co.uk/v3/news/2256152/adobe-hit-chinese-google-attack
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: DavidR on January 15, 2010, 04:59:59 PM
Nice one, I see Adobe are trying to side step the awkward question that it may have been a PDF exploit that lead to the hacking of Google ;D

Quote
However, Adobe is remaining pretty tight-lipped over whether the hackers originally tried to gain entry into Google's systems by exploiting a PDF vulnerability.
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: logos on January 15, 2010, 05:09:34 PM
Nice one, I see Adobe are trying to side step the awkward question that it may have been a PDF exploit that lead to the hacking of Google ;D

Quote
However, Adobe is remaining pretty tight-lipped over whether the hackers originally tried to gain entry into Google's systems by exploiting a PDF vulnerability.

and now it's two potential intermediary culprit, MS (with IE6) and Adobe Reader  :) ... we'll soon talk more about the vectors used than about the hackers behind it  ;D
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: Pondus on January 16, 2010, 07:31:17 PM
New Trojan malware cocktail targets Microsoft Outlook Web Access users

http://www.computerworld.com.au/article/332659/new_trojan_malware_cocktail_targets_microsoft_outlook_web_access_users/
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: polonus on January 17, 2010, 04:53:35 PM
FIX for the new IE vulnerability...

Recently a serious hole has been found in Internet Explorer to enable hackers to penetrate corporational networks.
The SANS-institute warns the code is being exploited in the wild:

http://www.dshield.org/diary.html?storyid=8002

One of MS advisories is enabling Data Execution Prevention (DEP) for Internet Explorer. In certain versions DEP is already installed and active, in other it is not. People do not need the FIX when on IE-8 on XP SP3 or Windows Vista SP1 of later versions. The list of vulnerable systems are in the MS list.

A FIX has now been published on the MS site, switching on DEP for IE so the exploit cannot be exploited.
The SANS institute does not expect an out-of-band patch to be launched, but the next round to be enrolled in February. So most sytems may stay vulnerable.

To overcome that time-frame install the FIXFIX. You can find it here:

http://support.microsoft.com/kb/979352

Put the installer onto the desktop and double click to install the FIX. Put the fix as a bookmark inside the browser, because when the patch arrives you can undo the patch coming February,

polonus
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: news on January 17, 2010, 08:08:38 PM
Thanks so much Polonus for the info. I've patched a few systems using this vital information. Great to see it published here on the avast! forum as well.
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: .: L' arc :. on January 18, 2010, 01:24:57 PM
Google, Citing Attack, Threatens to Exit China
New York Times (http://www.nytimes.com/2010/01/13/world/asia/13beijing.html?hp)
Quote
     BEIJING — Google said Tuesday that it would stop cooperating with Chinese Internet censorship and consider shutting down its operations in the country altogether, citing assaults from hackers on its computer systems and China’s attempts to “limit free speech on the Web.”


Pop-Up Security Warnings Pose Threats
Federal Bureau of Investigation (http://www.fbi.gov/pressrel/pressrel09/popup121109.htm)
Quote
     The FBI warned consumers today about an ongoing threat involving pop-up security messages that appear while they are on the Internet. The messages may contain a virus that could harm your computer, cause costly repairs or, even worse, lead to identity theft. The messages contain scareware, fake or rogue anti-virus software that looks authentic.
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: logos on January 18, 2010, 01:48:50 PM
@ .: L' arc :.:
both are old news, the FBI warning from December 11, 2009 , and the undergoing Google vs China story is from January 12...and I started a thread on the 13th:
http://forum.avast.com/index.php?topic=53364.msg452547#msg452547
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: polonus on January 18, 2010, 07:09:08 PM
Hi folks,

Demonstration of the Aurora IE Exploit on video:
http://praetorianprefect.com/archives/2010/01/the-aurora-ie-exploit-in-action/

domain names and files to check on for Aurora hack:
http://www.mcafee.com/us/local_content/reports/how_can_u_tell_v5.pdf

extended analysis of the Exploit: http://blog.threatexpert.com/2010/01/trojanhydraq-part-ii.html

Comment shows the effectiveness of social engineering in Exploits:
http://web2.sys-con.com/node/1248613

polonus
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: polonus on January 19, 2010, 03:42:35 PM
Hi malware fighters,

Hackers promise the Aurora exploit to work with IE8 and DEP: http://twitter.com/DinoDaiZovi
He also expects to get a functionable exploit for XP and IE8:
The first attack outside the Aurora exploit cycle, was found here:
http://securitylabs.websense.com/content/Blogs/3530.aspx
The site was taken down. The heap spray exploit will be refined,

polonus
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: Chris Thomas on January 19, 2010, 03:44:28 PM
@ polonus

Any precautionary measure?
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: polonus on January 19, 2010, 04:05:40 PM
Hi Chris Thomas,

Not really at the moment. One could upgrade to IE8 according to the MS advice. Security experts say that the exploit can only be prevented through hardware DEP.
So we expect an out-of-band patch before Feb. 9 any moment now, emergency patch imminent:
http://blogs.technet.com/msrc/archive/2010/01/18/advisory-979352-update-for-monday-january-18.aspx
At the moment we have this MS fix to be used temporarily : http://go.microsoft.com/?linkid=9668626
Software DEP is no real DEP, only a form of '/SAFESEH' no effective means to stop this explot, according to MS.
MS security expert Ness remarks that there is a well-known attack that can circumvent DEP via .NET classes. "IE8 does not allow loading these .NET classes in the Internet Zone. In the Intranet zone they are allowed. That is why an attacker that hosts content on a network may circumvent DEP to successfully abuse the hole."
So for the moment refrain of using IE, shun BlueE until patched as many governments now say (Germany, France, Holland), and use Firefox or Flock browser with NoScript and RequestPolicy add-ons installed. Then you are 100% safe,

polonus

P.S. Check if your machine supports hardware DEP? http://support.microsoft.com/kb/912923

D
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: YoKenny on January 19, 2010, 04:16:36 PM
@  polonus 

Quote
As we’ve previously reported, attacks remain targeted to a very limited number of corporations and are only effective against Internet Explorer 6.

We have not seen successful attacks on Internet Explorer 8. We continue to recommend customers upgrade to Internet Explorer 8 to benefit from the improved security protection it offers.


I am a FUD fighter:
http://en.wiktionary.org/wiki/FUD

Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: Chris Thomas on January 19, 2010, 04:23:07 PM
@ Polonus

Thanks for keeping me updated

I won't be using IE and I have made my security settings very high
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: polonus on January 19, 2010, 04:27:36 PM
Hi YoKenny,

Heap spray attacks are no FUD, and why would MS come up with an out of band emergency patch if there was nothing wrong. Why would governments like Germany, France and the Netherlands advise their citizens NOT to use IE for the moment. Just because of what you call FUD. No it is MS that can only secure their software through hardware measurements.
If someone could explain to me why GoogleChrome is better security wise as Firefox, I would drop Firefox every minute. Why IE users cannot come to terms with the idea that their browser has a long, long beard, IE concept is decennia old,

polonus
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: logos on January 19, 2010, 05:05:13 PM
Poisoned PDF pill used to attack US military contractors
http://www.theregister.co.uk/2010/01/18/booby_trapped_pdf_cyber_espionage/
http://www.f-secure.com/weblog/archives/00001859.html
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: Pondus on January 19, 2010, 10:12:46 PM
D-Link issues fixes for router vulnerabilities

Taiwanese firm says flaw could allow hackers to access administrative settings
http://www.computerworld.com/s/article/9145139/D_Link_issues_fixes_for_router_vulnerabilities?taxonomyId=80

D-Link Routers: One Hack to Own Them All
http://www.sourcesec.com/2010/01/09/d-link-routers-one-hack-to-own-them-all/
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: Pondus on January 19, 2010, 10:18:47 PM
Akamai: World Internet connection speeds on the rise; Russia, Brazil top cyberattack centers
http://blogs.zdnet.com/BTL/?p=29634


Russia, Brazil Lead Cyber Attack Barrage
http://www.esecurityplanet.com/features/article.php/3858971/From-Russia-With-Spam.htm
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: Pondus on January 19, 2010, 10:24:31 PM
Super firewall aims to block site swampers
http://www.pcw.co.uk/personal-computer-world/news/2160399/super-firewall-aims-block-dos

Super firewall aims to stop DDOS
http://www.infoworld.com/d/security-central/super-firewall-aims-stop-ddos-401

Welcome to the DIADEM FIREWALL homepage.
http://www.diadem-firewall.org/index.php

pdf
http://www.diadem-firewall.org/documents/Diadem%20Firewall%20-%20D8%20-%20Initial%20Firewall%20Element%20Prototype.pdf
Title: Re: SECURITY WARNINGS Notices - Please post them here
Post by: bob3160 on January 20, 2010, 04:57:10 AM
Microsoft readies emergency IE patch
The out-of-band update will be released once the company is satisfied that it has been properly tested against all affected versions of Windows. by Ryan Naraine

READ FULL STORY (http://ct.zdnet.com/clicks?t=521872013-98ec0b9bf7e2843a2a0b58f2ad773e46-bf&brand=ZDNET&s=5)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Marc57 on January 21, 2010, 12:49:07 AM
Critical out-of-band IE patch coming tomorrow (Jan 21)


http://blogs.zdnet.com/security/?p=5298&tag=nl.e589
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: CharleyO on January 21, 2010, 06:47:24 AM
***

Be on the lookout for email like this example I received today. Do not open it!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
MESSAGE QUARANTINED

Virus Detected: CMU-10739-20100120

Message Details:
From: "DHL Manager Cynthia Estes" <shipping(at)dhl.com>
Subject: DHL Tracking Number 0260151405.
Date: Thu, 21 Jan 2010 10:05:23 +0800
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


***
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Omid Farhang on January 21, 2010, 12:36:05 PM
***

Be on the lookout for email like this example I received today. Do not open it!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
MESSAGE QUARANTINED

Virus Detected: CMU-10739-20100120

Message Details:
From: "DHL Manager Cynthia Estes" <shipping(at)dhl.com>
Subject: DHL Tracking Number 0260151405.
Date: Thu, 21 Jan 2010 10:05:23 +0800
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


***

Gmail users are safe, Gmail itself block it and says the reason to block it.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: DavidR on January 21, 2010, 04:50:44 PM
Be on the lookout for email like this example I received today. Do not open it!
<snip>
Message Details:
From: "DHL Manager Cynthia Estes" <shipping(at)dhl.com>
Subject: DHL Tracking Number 0260151405.
Date: Thu, 21 Jan 2010 10:05:23 +0800
<snip>

This type of phishing/malicious email has been doing the rounds for well over a year or longer. It just seems the company changes, UPS previously, etc.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: MikeBCda on January 21, 2010, 07:41:45 PM
Yup -- I still see variations (in my ISP's quarantine) supposedly from just about every courier/delivery service around ... UPS, FedEx, Purolator, you name it.

Even if there's no infection in the email itself (or attachments, if any), this is essentially just a new twist on the classic "problem with your account" phishing thing supposed from the bank.  Those are really funny, actually, since the vast majority of them are typically from banks you've never dealt with.  The rare ones that do claim to be from my bank I'll forward to its security department since the contents seem to indicate familiarity with the bank's online systems.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Chris Thomas on January 21, 2010, 08:41:11 PM
The IE vulnerability has been fixed

Just do a Windows Update

http://news.bbc.co.uk/2/hi/technology/8469632.stm
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on January 22, 2010, 03:54:45 PM
Microsoft Security Advisory (979682) (http://www.microsoft.com/technet/security/advisory/979682.mspx)
Vulnerability in Windows Kernel Could Allow Elevation of Privilege

Note: This only seems to affect 32 bit architecture.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on January 22, 2010, 03:57:47 PM
Hi bob3160,

About the work-around:
In a posting to a public mailing list, Tavis Ormandy disclosed a zero day privilege escalation vulnerability in the Windows kernel. All versions of Windows, starting with Windows NT 3.1 up to including Windows 7, are affected.

The vulnerability affects support for 16 bit applications. In most cases, it is safe to turn off support for 16 bit applications.

Here are the mitigation instructions (copied from the advisory):

Temporarily disabling the MSDOS and WOWEXEC subsystems will prevent the attack from functioning, as without a process with VdmAllowed, it is not possible to access NtVdmControl() (without SeTcbPrivilege, of course).

The policy template "Windows ComponentsApplication CompatibilityPrevent access to 16-bit applications" may be used within the group policy editor to prevent unprivileged users from executing 16-bit applications. I'm informed this is an officially supported machine configuration.

Administrators unfamiliar with group policy may find the videos below instructive. Further information is available from the Windows Server Group Policy Home

http://technet.microsoft.com/en-us/windowsserver/grouppolicy/default.aspx.

pol
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on January 22, 2010, 10:50:19 PM
Widespread attacks exploit newly patched IE bug
Symantec has seen attacks on hundreds of websites over the past day

http://computerworld.co.nz/news.nsf/scrt/3A4F677083954A91CC2576B300156A8D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on January 22, 2010, 11:19:33 PM
Widespread attacks exploit newly patched IE bug
Symantec has seen attacks on hundreds of websites over the past day

http://computerworld.co.nz/news.nsf/scrt/3A4F677083954A91CC2576B300156A8D

can't believe it...OK believe it or not this afternoon I was thinking there would possibly be a new bug after this patch, resulting from the patch itself may be ;D  :D oh no  :o
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on January 23, 2010, 02:19:17 AM
This is for real. It's unbelievable but it's happening. :o
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on January 26, 2010, 06:33:57 PM
UK is world's most popular phishing target
http://www.computing.co.uk/v3/news/2256635/uk-popular-phishing-target

Cardiff tops UK plastic fraud list
Alert  Print Post commentEr, in your face, London!
http://www.theregister.co.uk/2010/01/21/uk_plastic_fraud_hotspot/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on January 26, 2010, 06:39:58 PM
Depressing Analysis Of RockYou Hacked Passwords
http://www.techcrunch.com/2010/01/21/depressing-analysis-of-rockyou-hacked-passwords/


Swedes swap passwords for chocolate treats
http://www.thelocal.se/24486/20100120/


RockYou admits security snafu exposed email login details
http://www.theregister.co.uk/2009/12/17/rockyou_security_snafu/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on January 26, 2010, 06:50:11 PM
'Cyber Genome Project' kicked off by DARPA
Alert  Print Post commentThe code you write - it'll be as traceable as your DNA
http://www.theregister.co.uk/2010/01/26/cyber_genome_project/


False positive.....not only avast:
Kaspersky update slaps Trojan warning on Google Adsense
Alert  Print Post commentTsk, you and your false positives
http://www.theregister.co.uk/2010/01/25/kaspersky_adsense_false_positive/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: CharleyO on January 26, 2010, 07:27:48 PM
***

Another warning for the newbies that might not know better. Notice that it is supposedly from UPS but it is a fake and if opened by the unknowing, you get a virus.


**************************************
EARTHLINK VIRUS BLOCKER MESSAGE STATUS
**************************************

MESSAGE QUARANTINED

Virus Detected: CMU-10763-20100126

Message Details:
From: "UPS Support Jamie Mckinney" <tracking@ups.com>
Subject: UPS Delivery Problem NR 23911.
Date: Tue, 26 Jan 2010 20:04:42 +0200

For your protection, EarthLink Virus Blocker has quarantined a message sent to you because it contains a virus.


***
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Omid Farhang on January 26, 2010, 09:16:44 PM
...Another warning for the newbies that might not know better. Notice that it is supposedly from UPS but it is a fake and if opened by the unknowing, you get a virus....

Yes, I got same warning from Gmail, Thanks Google!!, Gmail said it did not load that mail from my Yahoo inbox (POP Access) and leave it in there because of suspicion attachment of that mail.

I download attachment, scanned it and I found this great job from avast! antivirus: http://www.virustotal.com/analisis/a81c322675370b8bfcbc03e012b94b317d3f5a115b820ee04b43bb876ba7226b-1264525820 (http://www.virustotal.com/analisis/a81c322675370b8bfcbc03e012b94b317d3f5a115b820ee04b43bb876ba7226b-1264525820)
Quote
Title: Message left on server: "UPS Delivery Problem NR 89904."
The message "UPS Delivery Problem NR 89904." from UPS Support Derrick Zimmerman (tracking [at] ups [dot] com) contained a virus or a suspicious attachment. It was therefore not fetched from your account xxxxxx [at] yahoo.com and has been left on the server.

If you wish to write to UPS, just hit reply and send UPS a message.


Thanks,

The Gmail Team
in the above quote I've edited e-mail addresses
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on January 27, 2010, 06:39:26 PM
Hoaxing Facebook
http://www.norman.com/security_center/blog/snorre_fagerland/77558/en
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on January 27, 2010, 06:44:21 PM
TechCrunch hacked twice in 24 hours
http://www.v3.co.uk/v3/news/2256848/techcrunch-hacked-again

Malware infections double on Web pages
http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2010/01/26/BU211BN9KF.DTL
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on January 27, 2010, 08:37:56 PM
Hi  malware fighters,

That it is dangerous to leave your desktop unattented, even just for a while, is an open door. See why?
Here: http://ha.ckers.org/blog/20100126/quicky-firefox-bookmarklet-backdoor/

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on January 28, 2010, 02:45:30 AM
Hi malware fighters,

Spyeye is a hard to detect new bot on the market, costs for cybercriminals 500 euro, was to be used for instance in combination with the Chinese hack toolkit: http://pandalabs.pandasecurity.com/ms10-002-exploit-constructor/

Mentioned bot is a data stealer and invisible in the Windows process list...
http://malwareint.blogspot.com/2010/01/spyeye-new-bot-on-market.html

The malicious bot industry is getting bigger and bigger, and this is an alarming situation, my good friends.

polonus

Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on January 28, 2010, 03:18:42 PM
Google Chrome flagged as insecure by Secunia
http://forum.avast.com/index.php?topic=54533.0
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on January 28, 2010, 10:40:01 PM
Hi malware fighters,

The number of botnets that uses HTTP to communicate with infested machines has doubled during the last six months. Traditionally botnets were commanded through Internet Relay Chat (IRC) , but that development has stopped. The number of IRC-based botnets stopped to grow at approx. 400, while HTTP-based botnets grew from 800 to 1600. That growth has to do with the low costs of HTTP-bot-building toolkits, according to Team Cymru, a non-profit anti-cybercrime organisation .

Toolkits
These toolkits are getting more and more  functional and the ease to use  the HTTP interface will make that botherders has left the IRC-platform as communication channel massively. HTTP botnets are more and more used for Distributed Denial of Service (DDoS)-Attacks. "There are different ways to make money from this kind of attacks, while other alternative use of botnets are to be preferred with less risk."

Most Command & Controle servers, both for IRC and HTTP, are located in the United States of America. Also the North of Europe with the Netherlands, plays an important role. Despite of the fact that IRC-based botnets showed no growth, their number did not go down either. That is why Team Cymru predicts this kind of bots are to play a further role, but the future lies with the HTTP-based bots. Link: http://www.team-cymru.org/ReadingRoom/Whitepapers/2010/developing-botnets.pdf

polonus

P.S. Another fact is HTTP-based bots can be easily relocated...and webadmins have monitored port
6667 while HTTP goes more under the detection-radar. Default and standard IPS/IDS systems just through DPI will filter for "/join".....  and then bye bye botnet. HTTP is more difficult while it looks like legit traffic,

Damian
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on January 29, 2010, 05:57:21 PM
Malware Aims to Evade Windows 7 Safeguards

Windows 7 adds a number of new security features, but social engineering attacks mean that you can’t let your guard down.

http://www.networkworld.com/news/2010/012810-malware-aims-to-evade-windows.html?page=1
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: CharleyO on January 29, 2010, 06:45:36 PM
***

Misplaced warning ...

http://forum.avast.com/index.php?topic=54645.msg462529#msg462529


***
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on January 29, 2010, 10:33:04 PM
Quote
Misplaced warning ...
Unfortunately there are many of these still cluttering up the forum.  :'(
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on February 01, 2010, 05:12:22 PM
CIA, PayPal under bizarre SSL assault - Plus hundreds of others

http://www.theregister.co.uk/2010/01/29/strange_ssl_web_attack/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on February 01, 2010, 05:25:20 PM
Hi malware fighter,

Have to post this here as well:
http://forum.avast.com/index.php?topic=54872.0

pol
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on February 01, 2010, 05:41:31 PM
Hi malware fighter,

Have to post this here as well:
http://forum.avast.com/index.php?topic=54872.0

pol
It would take up less Forum real estate if it where only posted here. :)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Omid Farhang on February 01, 2010, 09:48:26 PM
It would take up less Forum real estate if it where only posted here. :)
but, by posting Only here, it would not be easy to 'discuss', with all the different topics it would be confusing, maybe the better solution is open a new room (category) in the forum for these threads.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on February 01, 2010, 10:00:22 PM
Quote
but, by posting Only here, it would not be easy to 'discuss'
exactly, don't know why that needs to be repeated again, it's so obvious that a dedicated thread can't be used for discussion at all. Already nice that those starting new threads still drop a note here as well  ;)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on February 01, 2010, 11:22:22 PM
Consolidating into one thread frees up forum clutter.
Posting here and in it's own thread only causes more clutter.

And why can't it be discussed in this thread ???
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on February 01, 2010, 11:30:18 PM
Consolidating into one thread frees up forum clutter.
Posting here and in it's own thread only causes more clutter.

And why can't it be discussed in this thread ???

discuss in this thread, when ten different sorts of warnings about new web threats are posted everyday, would be the worse mess ever...weren't you the one asking me (kindly  ;D ) one day to avoid commenting posts in the "updates" thread, isn't it the same here ???
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on February 01, 2010, 11:31:33 PM
No
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on February 01, 2010, 11:32:47 PM
No


why ?
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on February 01, 2010, 11:35:19 PM
Updates are simply notifications of program updates.

Security warnings sometimes require a discussion.

Just trying to keep the pages from scrolling by.
If it doesn't bother you, then be my guest, post away.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on February 01, 2010, 11:41:59 PM
Updates are simply notifications of program updates.

Security warnings sometimes require a discussion.

Just trying to keep the pages from scrolling by.
If it doesn't bother you, then be my guest, post away.

thanks  ;D But I'd rather stick to what I think is the best, and it seems a few others are sharing my views. I can't seriously imagine a discussion about Chrome last vulnerability, suddenly interrupted by three posts about Adobe Flash, and eventually a new discussion starting in the middle of that. That would drive everyone nuts here. And updates can also be discussed by the way  :)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on February 01, 2010, 11:45:18 PM
What ever makes you happy Boss... ;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Omid Farhang on February 01, 2010, 11:48:56 PM
thanks  ;D But I'd rather stick to what I think is the best, and it seems a few others are sharing my views. I can't seriously imagine a discussion about Chrome last vulnerability, suddenly interrupted by three posts about Adobe Flash, and eventually a new discussion starting in the middle of that. That would drive everyone nuts here. And updates can also be discussed by the way  :)

agree!

Bob, Logos said it well, imagine you post a spam warning and I post a warning about a new security hole, others want to talk about spam to you and some other want to talk about that security hole to me, how we can do both together? I don't think opening a new thread bother the site forum resources, but I just think doing that in general forum together with new users question would speed up that category too fast and some questions would move to next page unanswered.

so I think it would be better to have different category in forum home page for that.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on February 01, 2010, 11:55:47 PM
It isn't site resources but site clutter that concerns me.
At present, I can't keep up with all the posts but as I said before, What ever...  ( I'm not a moderator so whatever I or any ofthe others say and do,
really doesn't matter anyway}
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Omid Farhang on February 02, 2010, 12:13:39 AM
It isn't site resources but site clutter that concerns me.
At present, I can't keep up with all the posts but as I said before, What ever...  ( I'm not a moderator so whatever I or any ofthe others say and do,
really doesn't matter anyway}

Bob, both your age and forum reputation tell me that I must listen to you and do same what you say ;)
and I only told you my own opinion.  :)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on February 02, 2010, 12:24:50 AM
Hi folks,

Opening up this thread was a good idea by Charley's. I fully agree and try to put the various threats I stumble upon linked here. Only thing I find is that sometimes one misses out on some of the issues and topics treated here, just because they are not obvious in sight and that is why a lot of visitors do not see them apparently.....
On the other hand I agree with Logos here that the long topic thread gives less room to discuss a particular topic. That is another point.
The "cluttering and resources take"n is not such a good argument, because I only give a link to click through to read the extensive message in the subject thread that I would have posted anyways. One more link and hi malware fighters... polonus, is not much of eating up resources, well that is m.h.o. and that is why there is different people and different views in this world,

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on February 02, 2010, 12:37:51 AM
There is a big difference between clutter and resources.   One really has nothing to do with the other.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Marc57 on February 02, 2010, 09:39:07 PM
Code execution holes in iPhone OS, iPod Touch

Apple has shipped a patch to cover five documented vulnerabilities that expose iPhone and iPod Touch users to malicious hacker attacks

http://blogs.zdnet.com/security/?p=5381&tag=nl.e589
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on February 03, 2010, 03:18:05 PM
Stubborn trojan stashes install file in Windows help
http://www.theregister.co.uk/2010/02/03/help_file_trojan/

Be careful on help files (McAfee Labs Blog)
http://www.avertlabs.com/research/blog/index.php/2010/02/02/be-careful-on-help-files/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on February 03, 2010, 04:25:16 PM
Most consumers reuse banking passwords on other sites  ::)

tell me more about phishing  ;D , I mean that's not the same procedure but it just sounds like some people are just asking for it  ;D
http://www.theregister.co.uk/2010/02/02/e_banking_password_fail_survey/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on February 04, 2010, 03:04:11 PM
Use-after-free vulnerability in Adobe
http://www.norman.com/security_center/security_center_archive/2010/77695/no
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on February 04, 2010, 03:06:14 PM
Fake Microsoft Outlook Update Installs Trojan

Quote
A malicious spam campaign caught by Panda Labs is using a fake Microsoft Update notice to trick victims into installing a Trojan. While well crafted, the attack still provides dead giveaways.

http://www.networkworld.com/news/2010/020310-fake-microsoft-outlook-update-installs.html?hpg1=bn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on February 04, 2010, 03:14:32 PM
Fake Firefox site bundles undead adware
http://www.theregister.co.uk/2010/02/03/fake_firefox_download/

Warez backdoor allows hackers to pwn Twitter accounts
http://www.theregister.co.uk/2010/02/03/twitter_phish/

IE Flaw Gives Hackers Access to User Files, Microsoft Says
http://www.pcworld.com/article/188506/ie_flaw_gives_hackers_access_to_user_files_microsoft_says.html

Microsoft confirms new Internet Explorer flaw
http://www.telegraph.co.uk/technology/microsoft/7155664/Microsoft-confirms-new-Internet-Explorer-flaw.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on February 04, 2010, 05:26:33 PM

Microsoft confirms new Internet Explorer flaw
http://www.telegraph.co.uk/technology/microsoft/7155664/Microsoft-confirms-new-Internet-Explorer-flaw.html

Microsoft Security Advisory: Vulnerability in Internet Explorer could allow information disclosure
Quote
Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/advisory/980088.mspx

To have us fix this problem for you, go to the "Fix it for me" section. If you would rather fix this problem yourself, see the workaround section in the security advisory.
http://support.microsoft.com/kb/980088
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on February 05, 2010, 01:03:06 AM
Conficker have done it again........

Conficker virus outbreak at Greater Manchester Police
http://www.sophos.com/blogs/gc/g/2010/02/02/conficker-virus-outbreak-greater-manchester-police/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: spg SCOTT on February 05, 2010, 02:36:40 PM
You would think by now that even the police would be ready for conficker... ::)

And they want a direct link to our data... :( (http://forum.avast.com/index.php?topic=55083.msg465735#new)...
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Go Pack Go on February 05, 2010, 04:15:04 PM
AplusWebMaster at the Safer-Networking Forums is really good about posting security threats: http://forums.spybot.info/forumdisplay.php?f=28 (http://forums.spybot.info/forumdisplay.php?f=28)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on February 05, 2010, 04:28:39 PM
Hi malware fighters,

Unauthorized hackers can now have access to backdoors left in ISP auditing software,
Cisco was rather upfront about this, but for other software we don't even know where it is.
This to prevent suspects to be warned by their ISP they are being monitored via backdoors:
http://www.darkreading.com/insiderthreat/security/perimeter/showArticle.jhtml?articleID=222600993

Always thought the Internet was wormholed, now with these 6 issues it is proven,

Exploiting Lawful Intercept to Wiretap the Internet
Many goverments require telecommunications companies to provide interfaces that law enforcement can use to monitor their customer's communications. If these interfaces are poorly designed, implemented, or managed they can provide a backdoor for attackers to perform surveillance without lawful authorization. Most lawful intercept technology is proprietary and difficult to peer review. Fortunately, Cisco has published the core architecture of it's lawful intercept technology in an Internet Draft and a number of public configuration guides.

This talk will review Cisco's architecture for lawful intercept from a security perspective. The talk will explain how a number of different weaknesses in its design coupled with publicly disclosed security vulnerabilities could enable a malicious person to access the interface and spy on communications without leaving a trace. The talk will explain what steps network operators need to take to protect this interface. The talk will also provide a set of recommendations for the redesign of the interface as well as SNMP authentication in general to better mitigate the security risks.

Warnings were there from 2008:
http://www.forbes.com/2010/02/03/hackers-networking-equipment-technology-security-cisco.html

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on February 05, 2010, 04:46:02 PM
Aurora Attack - Zero day exploit in IE6


Quote
Aurora attacks, which is known to be originated from china, is a major attack in the recent past which used an Internet explorer exploit code to attack companies like Google and Adobe and succeeded in stealing some intellectual properties.

http://www.norman.com/security_center/security_center_archive/2010/77717/en-us
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on February 05, 2010, 05:01:59 PM
Microsoft slates colossal Windows patch next week

Ties record with 13 security updates, plans to fix 26 bugs in Windows, Office

http://www.computerworld.com/s/article/9152258/Microsoft_slates_colossal_Windows_patch_next_week?source=rss_news

http://www.microsoft.com/technet/security/bulletin/ms10-feb.mspx
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on February 05, 2010, 05:07:51 PM
Microsoft slates colossal Windows patch next week

Ties record with 13 security updates, plans to fix 26 bugs in Windows, Office

http://www.computerworld.com/s/article/9152258/Microsoft_slates_colossal_Windows_patch_next_week?source=rss_news

thanks for the heads up, was expecting something just for IE but it seems more is involved.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on February 05, 2010, 09:48:12 PM
Microsoft's Mundie calls for 'internet driving licence'  :o
http://www.v3.co.uk/v3/news/2257372/microsoft-mundie-calls   
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on February 05, 2010, 09:58:43 PM
Microsoft's Mundie calls for 'internet driving licence'  :o
http://www.v3.co.uk/v3/news/2257372/microsoft-mundie-calls   

yeah  ;D will be remembered as a good joke in a few days  :D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on February 05, 2010, 10:56:45 PM
Microsoft's Mundie calls for 'internet driving licence'  :o
http://www.v3.co.uk/v3/news/2257372/microsoft-mundie-calls   
Not only need a license but they should be re-tested every few years.
It would certainly cut down on the number of infected systems.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on February 05, 2010, 11:23:32 PM
Microsoft's Mundie calls for 'internet driving licence'  :o
http://www.v3.co.uk/v3/news/2257372/microsoft-mundie-calls  
Not only need a license but they should be re-tested every few years.
It would certainly cut down on the number of infected systems.

...yeah, and hackers are dumb enough to fail and not get such a license right?
adding: kids would learn and succeed too eventually...and then spread the malware sent to them by hackers, just for fun.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Jtaylor83 on February 05, 2010, 11:38:22 PM
If Microsoft is taking this thing seriously, then we all can't use our computers without a license.

I'll just throw my PC in the garbage and enjoy nature instead.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on February 05, 2010, 11:50:17 PM


I'll just throw my PC in the garbage and enjoy nature instead.

same here  :) wondering sometimes if it would be so bad  ???
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on February 06, 2010, 09:44:27 PM
Hi malware fighters,

Gumblar and Conficker dominate the malware scene:
http://www.security.nl/image/2555/1
better look here:
http://www.security.nl/popup/2555

pol

P.S. 13% of the malware was Adobe related exploits....
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on February 08, 2010, 11:40:32 AM
Mozilla overlooked malware-laced Firefox add-ons

http://www.theregister.co.uk/2010/02/05/malicious_firefox_extensions/

Quote
Two Firefox add-ons available for months on Mozilla's website infected users with malware that stole passwords and opened a backdoor on Windows machines, the open-source browser maker has confirmed.

The add-ons, available on an experimental section of Mozilla's official add-on download site carried trojans that have been detected since 2008 by commercial anti-virus products. And yet they weren't removed until late January and earlier this week because a scanning tool used to vet add-ons during upload failed to catch the malicious files.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on February 08, 2010, 06:06:13 PM
Fake Firefox Update Pages Push Adware
http://threatcenter.blogspot.com/2010/02/fake-firefox-update-pages-push-adware.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Alan Baxter on February 08, 2010, 06:17:12 PM
Mozilla overlooked malware-laced Firefox add-ons

The SoThink detection may have been a false positive.
http://blog.mozilla.com/addons/2010/02/04/please-read-security-issue-on-amo/comment-page-1/#comment-45452
Quote
"Alan Baxter says:
February 6, 2010 at 11:51 am

It looks like the current scans of the SoThink 4.0 addon may have been false positives. SoThink updated the addon to 4.2 because of false positive reports in May 2008. Did AMO verify that 4.0 actually contained a trojan?

From http://74.125.47.132/search?q=cache:aou1K7snX3QJ:https://addons.mozilla.org/en-US/firefox/addons/versions/6541+site:addons.mozilla.org+sothink+%22version+history%22&cd=1&hl=en&ct=clnk&gl=us:
Version 4.2 — May 16, 2008 — 685 KB
Works with:
* Firefox: 1.5 – 3.0b3
Fixed Bug
* Some of anti-virus softwares misreported that it contained virus.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on February 09, 2010, 04:33:05 PM
Conficker.........again..... ???


Conficker outbreak infects Leeds hospital servers
http://www.theregister.co.uk/2010/02/09/conficker_nhs_outbreaks/

ZeuS tracker shrinks takedowns from days to minutes
http://www.theregister.co.uk/2010/02/05/zeus_tracker/

Leaky anti-virus defences letting malware through
http://www.theregister.co.uk/2010/02/08/security_scanner_shortcomings/


Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: spg SCOTT on February 09, 2010, 05:25:44 PM
First the police, then the health service...what is next, the the fire service?

Seriously though, ESPECIALLY in those areas there should be safeguards against things like that, like no external media or no personal laptops etc. as this seems to be a vector for attack...
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Alan Baxter on February 10, 2010, 06:01:08 AM
One Mozilla malware report turned out to be a false positive

Mozilla overlooked malware-laced Firefox add-ons

http://www.theregister.co.uk/2010/02/05/malicious_firefox_extensions/

Quote
Two Firefox add-ons available for months on Mozilla's website infected users with malware that stole passwords and opened a backdoor on Windows machines, the open-source browser maker has confirmed.

The add-ons, available on an experimental section of Mozilla's official add-on download site carried trojans that have been detected since 2008 by commercial anti-virus products. And yet they weren't removed until late January and earlier this week because a scanning tool used to vet add-ons during upload failed to catch the malicious files.

Mozilla has announced that their report of a trojan in the SoThink Video Downloader extension was a false positive after all.
http://blog.mozilla.com/addons/2010/02/09/update-on-the-amo-security-issue/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: computerfreaker on February 10, 2010, 06:10:39 AM
One Mozilla malware report turned out to be a false positive

Mozilla overlooked malware-laced Firefox add-ons

http://www.theregister.co.uk/2010/02/05/malicious_firefox_extensions/

Quote
Two Firefox add-ons available for months on Mozilla's website infected users with malware that stole passwords and opened a backdoor on Windows machines, the open-source browser maker has confirmed.

The add-ons, available on an experimental section of Mozilla's official add-on download site carried trojans that have been detected since 2008 by commercial anti-virus products. And yet they weren't removed until late January and earlier this week because a scanning tool used to vet add-ons during upload failed to catch the malicious files.

Mozilla has announced that their report of a trojan in the SoThink Video Downloader extension was a false positive after all.
http://blog.mozilla.com/addons/2010/02/09/update-on-the-amo-security-issue/
Wow. I've got to wonder how much of a backlash Mozilla's going to get; IMHO, it's going to be big and well-deserved. First, letting a trojan into addons, even experimental addons, is just plain a bad decision, given there were - and are - tools detecting said trojan. Smearing SoThink - even accidentally - is only going to make it worse.
Maybe Mozilla just had a lot of bad luck, but the circumstances are sure weird.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on February 10, 2010, 05:40:16 PM
New Russian Botnet Tries to Kill Rival

Quote
An upstart Trojan horse program has decided to take on its much-larger rival by stealing data and then removing the malicious program from infected computers.
http://www.nytimes.com/external/idg/2010/02/09/09idg-new-russian-botnet-tries-to-kill-rival-90923.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on February 10, 2010, 05:50:00 PM
New Russian Botnet Tries to Kill Rival

Quote
An upstart Trojan horse program has decided to take on its much-larger rival by stealing data and then removing the malicious program from infected computers.
http://www.nytimes.com/external/idg/2010/02/09/09idg-new-russian-botnet-tries-to-kill-rival-90923.html

lol Polonus has already mentioned that the first thing a rogue would do is get rid of the competition, to avoid other malware interference...I would add to make sure the victim will send the cash to the winner only  :D This seems confirmed here  ;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on February 10, 2010, 06:16:53 PM
Security chip that does encryption in PCs hacked

http://news.yahoo.com/s/ap/20100208/ap_on_hi_te/us_tec_crypto_chip_cracked;_ylt=AlgYlCohoMwaXKR3qvFz_VwjtBAF;_ylu=X3oDMTJyZzFmdXMxBGFzc2V0A2FwLzIwMTAwMjA4L3VzX3RlY19jcnlwdG9fY2hpcF9jcmFja2VkBGNwb3MDMgRwb3MDNQRzZWMDeW5fdG9wX3N0b3J5BHNsawNzZWN1cml0eWNoaXA
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: CharleyO on February 11, 2010, 05:45:24 PM
***

Certainly not good news, Pondus.

Almost nothing is secure now. 


***
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: news on February 11, 2010, 05:55:09 PM
Very interesting article. An extremely scary one too. Thanks for the link Pondus.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: computerfreaker on February 12, 2010, 03:59:33 AM
Anybody seen this? The Zimuse virus returns:
http://www.thewindowsclub.com/retro-virus-comes-back-to-hit-hard-disk-mbr (http://www.thewindowsclub.com/retro-virus-comes-back-to-hit-hard-disk-mbr)

It waits 20-40 days, then overwrites the user's MBR and reboots the computer. Result: fatal. (http://www.youtube.com/watch?v=KgjX4LQrkgI (http://www.youtube.com/watch?v=KgjX4LQrkgI) shows the virus in action)
Because it's installation is pretty much silent, users frequently have no idea what hit them.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on February 12, 2010, 03:57:56 PM
Windows Activation Technologies Update for Windows 7
http://windowsteamblog.com/blogs/genuinewindows/archive/2010/02/11/windows-activation-technologies-update-for-windows-7.aspx
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on February 12, 2010, 04:04:07 PM
Windows Activation Technologies Update for Windows 7
http://windowsteamblog.com/blogs/genuinewindows/archive/2010/02/11/windows-activation-technologies-update-for-windows-7.aspx

I think this was posted already, may be in the update section, yesterday  ;)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on February 12, 2010, 10:54:17 PM
and here we go again......

Adobe to rush out another critical Reader patch
http://www.computerworld.com/s/article/9156038/Adobe_to_rush_out_another_critical_Reader_patch?source=rss_news
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on February 13, 2010, 12:02:18 AM
Kaspersky defends false detection experiment
http://www.theregister.co.uk/2010/02/10/kaspersky_malware_detection_experiment/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: DavidR on February 13, 2010, 12:10:19 AM
Adobe to rush out another critical Reader patch
http://www.computerworld.com/s/article/9156038/Adobe_to_rush_out_another_critical_Reader_patch?source=rss_news

I think this one is in the >> Updates << topic also already.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: DavidR on February 13, 2010, 12:16:04 AM
Kaspersky defends false detection experiment
http://www.theregister.co.uk/2010/02/10/kaspersky_malware_detection_experiment/

Sounds like a lot of a**e covering going on at kasperski. They know that samples of undetected files are sent to all AVs in VT that didn't detect, part of the VT agreement I believe.

I would say they have shot themselves in the foot. At worse it is almost malicious and at best potentially damaging to their reputation.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on February 13, 2010, 12:36:34 AM
Kaspersky defends false detection experiment
http://www.theregister.co.uk/2010/02/10/kaspersky_malware_detection_experiment/

Sounds like a lot of a**e covering going on at kasperski. They know that samples of undetected files are sent to all AVs in VT that didn't detect, part of the VT agreement I believe.

I would say they have shot themselves in the foot. At worse it is almost malicious and at best potentially damaging to their reputation.
Didn't we go through something like that not to long ago ??? Not very pleasant for the customer or the Company.  :'(
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on February 13, 2010, 12:47:53 AM
Hi bob3160,

At the outset of such a policy then, aren't they thinking about the consequences? This is almost infantile behavior or just started on an impulse. But you can almost know for sure an issue like this will seriously backfire later, why then start it in the first place.? Unbelievable, the world is a surrealistic place sometimes,

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Jtaylor83 on February 16, 2010, 03:48:20 AM
Comodo and Chromium now blocks major sites with poor certification.

Chromium browser remixed as a security dragon (http://download.cnet.com/8301-2007_4-10453048-12.html?tag=mncol;title)

Source: The Download Blog


Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on February 17, 2010, 12:33:41 AM
Hi malware fighters,

Every day spammers will send two hundred billion spam messages, mainly through botnets. From numbers provided by M86 security 78% of all spam messages are coming from the top 5 botnets. The top two are Rustock and Pushdo botnets, together serving up 54% of total spam.

The number of malicious spam messages, email with a malicious attachment or with a link to a drive-by-download website, grew to three million a day. That means fivefold the number of the 600 million number seen during the first half of the year 2009. "It is important to make out the main spam mailers, so the industry can take action", according to Technical Strategy vice president Bradley Anstis.

Zero-day
The security researcher discovered in the second half of last year that 40% of attacks worked through zero-day security leaks. "One of the biggest problems with zero-days is the time developing between discovery and in the wild abuse and the launch of a patch by the software vendor."

This so-called "Window of Vulnerability" is getting smaller and smaller all the time, but even when a patch has been issued, users are slow to implement it. Take for instance the so-called MDAC-hole, patched during 2006, and still very popular with malcreants,

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Jtaylor83 on February 18, 2010, 05:50:09 AM
Zeus Trojan found on 74,000 PCs in global botnet (http://news.cnet.com/8301-27080_3-10455525-245.html?tag=newsEditorsPicksArea.0)

Source: CNET News
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Rumpel on February 18, 2010, 03:00:54 PM
Ads poisoning – JS:Prontexi (http://blog.avast.com/2010/02/18/ads-poisoning-%E2%80%93-jsprontexi/)
Directly from an Avast! blog entry...
Quote
The malware usually spreads through web infection placed on innocent, badly secured websites. The ad infiltration method is growing in popularity alongside with the website infections. Now we are facing probably the biggest ad poisoning ever made – all important ad services are affected. It means that computers might get infected just by reading your favorite newspaper or by doing search on famous web indexers.  We named the source of this attack JS:Prontexi – JavaScript code which initiates infection on victims computer using various vulnerabilities including latest PDF exploits.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on February 18, 2010, 09:55:02 PM
Zeus Trojan found on 74,000 PCs in global botnet
http://news.cnet.com/8301-27080_3-10455525-245.html

Mystery malware nuke's US city's Windows PCs
Malicious code wipes out Windows PCs
http://computerworld.co.nz/news.nsf/security/windows-nuked-by-malware-at-city-of-norfolk
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on February 19, 2010, 08:23:24 PM
Conficker  is alive and well......

Another NHS hospital stricken with Conficker virus
http://www.theregister.co.uk/2010/02/18/conficker_nhs/

Kneber: An Old Botnet Dressed Up in New Clothes
http://www.pcmag.com/article2/0,2817,2360032,00.asp

Google attacks traced back to Chinese schools
http://www.v3.co.uk/v3/news/2258188/google-attacks-traced-back
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on February 19, 2010, 09:01:41 PM
Almost a year later, Conficker still lurking

http://www.sophos.com/security/threat-spotlight/index.html#threat1
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on February 19, 2010, 10:12:06 PM
(http://i.zdnet.com/blogs/chinagoog.jpg)
Google cyber attacks traced to Chinese schools. (http://blogs.zdnet.com/BTL/?p=30997&tag=nl.e589)
Sorry Pondus,
Didn't see your post.   :-[
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: CharleyO on February 20, 2010, 07:57:53 PM
***

Mis-placed botnet warning :

http://forum.avast.com/index.php?topic=55913.msg472331#msg472331


***
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on February 20, 2010, 10:55:21 PM
Not to downplay the Kneber botnet threat in any way.

http://www.sophos.com/blogs/gc/g/2010/02/19/zeus-kneber-botnet-unmasked/

http://www.krebsonsecurity.com/2010/02/zeus-a-virus-known-as-botnet/

Perhaps underlines even more - never go to the internet without adequate protection against malware. The botnets are families that will continue to grow and mutate and grow and on and on and on...
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on February 20, 2010, 11:01:53 PM
Hi mkis,

Part of a solution to the growing problem: http://www.malwaredomains.com/wordpress/?p=671

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on February 20, 2010, 11:28:10 PM
Thanks Pol.

I've bookmarked the site for my personal reference - ideally placed link for security warnings and notices.

I also found the following under Defense in Depth: IP and Netblock Blocking (in right-hand column)
- anecdotal example but revealing story I thought

http://blog.washingtonpost.com/securityfix/2007/10/taking_on_the_russian_business.html

What a dilemma, I would expect the option to block would be first choice but I suppose they didn't want to lose the business - and then things got out of hand. I wonder how common such situations are in the US.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on February 21, 2010, 12:24:09 AM
Hi mkis,

Part of a solution to the growing problem: http://www.malwaredomains.com/wordpress/?p=671
Why not use the latest?
aurora, zeus, phishing, pushdo,rogue domains to block
http://www.malwaredomains.com/wordpress/?p=851

Archives
■ February 2010 (9)
http://www.malwaredomains.com/wordpress/?m=201002
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on February 21, 2010, 12:48:37 AM
Thanks YoKenny. You always are up to date, aren't you? I guess Polonus was just posting an instance.

Here is my bookmark  http://www.malwaredomains.com/wordpress/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on February 21, 2010, 02:20:41 AM
Polonus here with a European threat, because of the regulations that made MS come up with an aternative browser screen, which initiative can be grossly abused by malcreants:
http://www.sophos.com/blogs/gc/g/2010/02/19/european-internet-explorer-users-invited-choose-browser/

D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Justin_22 on February 21, 2010, 07:29:57 AM
Quote
Just made a topic about this, but thought I would post here too anyway.

Modern Warfare 2 servers hacked, Trojan's inserted.
http://www.infinityward.com/forum/viewtopic.php?f=24&t=181646

Oh, now thats just plain evil grr.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on February 21, 2010, 02:45:37 PM
Polonus here with a European threat, because of the regulations that made MS come up with an aternative browser screen, which initiative can be grossly abused by malcreants:
http://www.sophos.com/blogs/gc/g/2010/02/19/european-internet-explorer-users-invited-choose-browser/

D
Quote
I do worry, however, whether cybercriminals might attempt to take advantage of this initiative by creating bogus browser choice screens that could pop up on innocent users' PCs and potentially lead them to a malicious download.
Polonus,
It's not a current threat, it's a blog post and someones opinion of a possibility of a potential problem.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on February 22, 2010, 01:51:30 PM
Hi bob3160,

If a benevolent blogger can think this up, why cannot a malcreant? There are also smart cyber criminals, you know. The man in the nicest suit often has the.. eh... most evil mind, often that is....So threats come from where you least expect them. f you want to keep them at bay, prepare yourself,

polonus

Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on February 22, 2010, 02:08:49 PM
Hi malware fighters,

A so-called "Chuck Norris"(name mentioned inside the malware code) botnet cracks routers and modems: http://praguemonitor.com/2010/02/16/czech-experts-uncover-global-virus-network
Czech Defense Malware Researchers found the botnet and servers in South-America, Europe and China.
A good advice to you all - change that modem or router standard password to be protected, according to Jan Vykopal of the Masaryk University

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on February 22, 2010, 09:17:58 PM
Devil Mountain Software a product to avoid (http://blogs.zdnet.com/BTL/?p=31024&tag=nl.e539)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nmb on February 26, 2010, 07:15:58 PM
NOT the real VirusTotal.com

Quote
Julio Canto (of VirusTotal fame) has noticed that somebody decided to cash in  on the good name of the site with the following domain:

virus-total(dot)in

here (http://sunbeltblog.blogspot.com/2010/02/not-real-virustotalcom.html)

nmb
Title: Microsoft warns over rogue Security Essentials
Post by: logos on March 01, 2010, 10:27:10 AM
Quote
Microsoft has warned Windows users to be on their guard against a piece of rogue antivirus software passing itself off as Microsoft Security Essentials.

Security essentials 2010 is a piece of software Microsoft said installs a fake virus scanner on your machine and]monitors and blocks processes it doesn't like.

http://www.theregister.co.uk/2010/02/26/microsoft_security_essentials_rogue/
http://blogs.technet.com/mmpc/archive/2010/02/24/if-it-calls-itself-security-essentials-2010-then-it-s-possibly-fake-innit.aspx
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nmb on March 01, 2010, 05:16:43 PM
Microsoft investigating new IE browser vulnerability

Quote
The company warned that an attacker could host a maliciously crafted web page and run arbitrary code if they could convince a user to visit the web page and then get them to press the F1 key in response to a pop up dialog box.

http://blogs.zdnet.com/security/?p=5560

IE users, thou be warned.

Dont know whether this is posted any where, but according to me, its brand new  ;)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on March 01, 2010, 05:53:53 PM
New IE security issue exposed in Windows XP

Quote
A new security issue in Internet Explorer has been exposed by a Polish technical research group.

http://www.pcpro.co.uk/news/security/355945/new-ie-security-issue-exposed-in-windows-xp
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nmb on March 01, 2010, 06:49:30 PM
New IE security issue exposed in Windows XP
Please read the previous post.  ;)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: CharleyO on March 02, 2010, 09:38:21 AM
***

Warning of a DOS vulnerability :

http://forum.avast.com/index.php?topic=56422.msg476097#msg476097


***
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nmb on March 02, 2010, 05:30:33 PM
Spam disguised as spam notification

Quote
In their constant battle against anti-spam filters, spammers have recently started to camouflage their messages as spam quarantine notifications

http://www.net-security.org/secworld.php?id=8947

nmb
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: DavidR on March 02, 2010, 06:17:24 PM
That is hardly a new method, they have been doing this and similar for ages, usually disguised as undeliverable email. The user wants to know what and why and opens stupidly it to find out.

I can't believe this is any real benefit as using ant means of deception should turn the recipient off rather than encourage them to read it. I guess there is more than one born every minute.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on March 02, 2010, 08:13:25 PM
Hi malware fighters,

Recent zero-days in the framework of the recent zero day initiative (because software vendors and developers do not take the reported leaks not seriously enough): http://www.zerodayinitiative.com/advisories/upcoming/

So keep an eye on this list,

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on March 03, 2010, 01:34:18 PM
Hi malware fighters,

Using the monoculture Google search-engine becomes more and more dangerous, because the potential of the Google market-share attracts cyber-criminals (malicious search-results, Fake-av etc. etc.) according to F-Secure's Sean Sullivan. Bing has far less potential malicious search results.
Use Fx with No-Script to be secure, and use another search-engine (Ixquick for instance),
Link: http://www.f-secure.com/weblog/

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on March 03, 2010, 03:14:44 PM
Spain busts global "botnet" masterminds
http://uk.reuters.com/article/idUKTRE6214ST20100303?pageNumber=1&virtualBrandChannel=11700

3 arrested with takedown of huge 'botnet' infecting millions of PCs
http://www.mercurynews.com/business/ci_14498591?source=rss&nclick_check=1
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on March 03, 2010, 04:08:25 PM
Spain busts global "botnet" masterminds
http://uk.reuters.com/article/idUKTRE6214ST20100303?pageNumber=1&virtualBrandChannel=11700

3 arrested with takedown of huge 'botnet' infecting millions of PCs
http://www.mercurynews.com/business/ci_14498591?source=rss&nclick_check=1

very good news  ;)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on March 03, 2010, 05:15:18 PM
Yes   :)  That easy huh?  Incredible
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on March 03, 2010, 05:17:35 PM
Hi malware fighters,

Using the monoculture Google search-engine becomes more and more dangerous, because the potential of the Google market-share attracts cyber-criminals (malicious search-results, Fake-av etc. etc.) according to F-Secure's Sean Sullivan. Bing has far less potential malicious search results.
Use Fx with No-Script to be secure, and use another search-engine (Ixquick for instance),
Link: http://www.f-secure.com/weblog/

polonus
That is the same as saying don't use Windows, use Linux because it's safer.
The actual truth is that Google Search is used far more widely than Bing and therefor is the ideal target for attacks.
Google search itself certainly isn't any less safe than Bing or any other search engine.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on March 03, 2010, 05:53:21 PM
I will exceptionally agree with Bob, sticking to Google search engine here. Why? it's the best search engine - and by far - and it's rarely (?) mentioned, because it's too obvious  ;D As to security, associated with Firefox, you get security alerts for bad sites (from Google).
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on March 04, 2010, 08:17:54 AM
Cant help but feel that google is just carrying too much now. And what they carry has become too diverse. An enormous pile of garbage in many ways, but saved always by the standout brilliance of the search box (okay and the engine that powers it). For how much longer can we expect google search to bear the haphazard weight of the sprawling behemoth? Sergey is often not happy, Schmidt is withdrawing from other responsibilities so he can attend better to the flagship, and where is the other guy got to nowdays? I'm kidding really, but just cos to be too real would be to look at the scale of the damage could arise if the search engine became compromised. Even just a little bit. And regardless of what anyone says, the team has fallen off the tracks just that bit. I think so anyway. But has to be said, nothing is unsurmountable to the genius that is the google team. I hope that still stands.     
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nmb on March 04, 2010, 09:38:31 AM
Confessions of a Windows 7 pirate

Really good read :

Quote
In the interest of research, I’ve been digging into message boards and forums run by unabashed Windows enthusiasts who are intent on breaking Microsoft’s activation technology. I’ve had these forums bookmarked for years and stop in every once in a while just to see what’s new. This time I decided to drop by and actually try some of tools and utilities to see if I could become a pirate, too.

here : http://blogs.zdnet.com/Bott/?p=1817

nmb
Title: Mariposa botnet
Post by: logos on March 04, 2010, 12:08:08 PM
How FBI, police busted massive botnet
http://www.theregister.co.uk/2010/03/03/mariposa_botnet_bust_analysis/

Mariposa botnet
http://pandalabs.pandasecurity.com/mariposa-botnet/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on March 04, 2010, 03:06:16 PM
Here is moore

Monster botnet held 800,000 people's details
Fourth zombie admin could be in South America
http://www.theregister.co.uk/2010/03/04/mariposa_police_hunt_more_botherders/

New exploit technique nullifies major Windows defense
Google engineer posts sample code to show how to bypass DEP in Windows
http://www.computerworld.com/s/article/9165378/New_exploit_technique_nullifies_major_Windows_defense?taxonomyId=17&pageNumber=1
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Marc57 on March 04, 2010, 08:55:03 PM
Microsoft Security Bulletin Advance Notification for March 2010


http://www.microsoft.com/technet/security/Bulletin/ms10-mar.mspx
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: psw on March 04, 2010, 09:20:21 PM
Opera 10.x Content-Length Buffer Overflow PoC
http://www.securitylab.ru/poc/391364.php

Sorry for link in Russian but probably it's important in any case due to exploit code is given.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on March 05, 2010, 01:34:29 AM
Hi malware fighters,

A major threat are the growing number of maliciously infected trusted and reputable websites, a new start-up in the security concerning this threat is Dasient Web Anti Malware:
http://wam.dasient.com/wam/whydasient_threat

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on March 05, 2010, 02:15:12 PM
Hi malware fighters,

A new variant of the BlackEnergy Trojan can destroy infested computers, as researchers have found: http://www.secureworks.com/research/threats/blackenergy2/
The first version of BlackEnergy was being used for Ddos-attacks onto Georgia in 2008.
After all versions that can be produced with the do-it-yourself-toolkit, version 1.9.2 is the latest official variant.

Researchers at SecureWorks found that BlackEnergy 2 has been under construction now for more than two years.
Apart from its predecessor, this version uses modern rootkit/process-injection techniques, strong encryption and modular architecture.
When the victim does not have full admin rights, the malware will use an exploit for a vulnerability from 2008, to get full rights.
In this way it is still possible for the rootkit to install.

Kill commando
BlackEnergy also has plug-in support, to add all sorts of code to the Trojan.
At the moment this is code is used to send spam and for stealing online-banking log-on data.
The "banking Trojan plug in" is similar to that in Zeus Trojan and has been developed to destroy victim computers files.
To do that an attacker can give a special "kill" command. The Trojan will then overwrite the first 4.096 clusters with random data, and then tries to delete "ntldr" and "boot.ini" files.

"This functionality will be uses after the log-on data has been stolen, to prevent victims notice money has disappeared from their accounts,
and victim will notice the bank." For the moment the Trojan just attacks Russian and Ukrainian banks.
And that is remarkable because previously Russian hackers left their countrymen alone.

Plugins
According to Joe Stewart BlackEnergy 2 is a big innovation compared to its predecessor.
"With the existing plugins it gives three access points for cybercrime."
The Trojan cannot be get as a toolkit, but when it is, it will be more popular than the previous version.
"Whatever there is more room for innovation of stealth and functionality in the coming BlackEnergy 2 versions."
For the crypto-lovers among us here is FireEye publication of the first version of the malware: http://blog.fireeye.com/research/2010/03/black-energy-crypto.html

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on March 06, 2010, 09:49:18 PM
Hi malware fighters,

Online ads spread a dangerous Trojan
and ad-sellers do not make it easy to intercept the malcode.
The ads in question have malicious JavaScript that will launch eight exploits onto visitors.
After an exploit has been successful a Trojan downloader is being installed,
that then will install Zeus or Bredolab Trojan.
Especially Zeus has made the news during recent months
because the malicious software is plundering bank accounts on a large scale.

Adblocker
By hacking ad-servers or posing as a legit advertiser,
cybercriminals can easily get their malcode on the machines of many Internet users.

"The problem is even larger because legitimate ads are often heavily obfuscated
to circumvent adblockers", according to Sophos's Fraser Howard.

Last weekend the av researcher saw loads of adservers where malcreants had
added malicious Javascript to ads.

"Quite a number of popular websites that load ads from these servers,
have been hit by these attacks," according to Fraser.
The malcode directs to the domain name googleanalitics.net,
that is posing as the legit Google Analytics website.

Links: http://www.sophos.com/blogs/sophoslabs/?p=8960

http://isc.sans.org/diary.html?storyid=8350

Your best protection is to use Firefox with ABP +, NoScript and RequestPolicy extensions installed,

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: DavidR on March 06, 2010, 10:03:07 PM
Sounds like a day late and a dollar short as this has been on the avast blog about the massive spread of malware through poisoned adverts, http://blog.avast.com/2010/02/18/ads-poisoning-%e2%80%93-jsprontexi/ (http://blog.avast.com/2010/02/18/ads-poisoning-%e2%80%93-jsprontexi/).
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on March 07, 2010, 11:03:28 PM
I dont think anyone has posted this advisory yet. It's about 2 weeks old.

http://secunia.com/advisories/38435

Quote
Tielei Wang has discovered a vulnerability in Google Picasa, which can be exploited by malicious people to potentially compromise a user's system.

The vulnerability is caused due to an integer overflow error in PicasaPhotoViewer.exe when processing JPEG files. This can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted JPEG file and e.g. zooming in.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in PicasaPhotoViewer.exe version 3.6.95.25, included in Google Picasa 3.6 build 95.25. Prior versions may also be affected.

Solution
Update to version 3.6 build 105.41.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on March 07, 2010, 11:13:10 PM
Oh add this too for Opera 10.x users

http://secunia.com/advisories/38820
 
I dont use Opera, so feel free to qualify my entry if you think necessary

Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on March 07, 2010, 11:19:01 PM
Hi folks,

Does not mind, only important thing is that we have them all nicely addressed here in this thread.
Users of the forums does not have to look elsewhere and have them all ready at hand to be forewarned, and so forearmed against the threats all sorts,

pol
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on March 07, 2010, 11:37:04 PM
OK, thanks for the good news guys, that means I can expect two warnings when I launch Secunia next time (I don't have it running constantly) >>> 1 for picasa, and a second for Opera 10.5  ;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on March 08, 2010, 01:05:44 AM
honestly havent run Secunia OSI for ages - only this time because I ran repair on XP being recondition after 2 years use.

really, for those who are having glitches upgrading to avast 5, running Secunia OSI should be a first stop.

http://secunia.com/vulnerability_scanning/online/  
click Start Scanner - choose display only insecure, click start - scanner runs, generates report at finish


Edit - my OSI test --> Macromedia sub-optimal
- so check Statistics in avast Summary and find there is no picture (graph)   ???

Follow Secunia advice download most recent Flashplayer and Flashplayer Macromed (wit uninstall) utility and run new Secunia scan
- report reads all good (optimal performance) - so check Statistics in avast Summary - hey, picture!!  :)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: CharleyO on March 08, 2010, 08:40:26 PM
***

Microsoft: Don't press F1 key in Windows XP and any earlier version back to W2000 including Server.
Ignore sites that nag to press the Help key, says zero-day bug advisory.

Quote
March 1, 2010 (Computerworld) Microsoft told Windows XP users today not to press the F1 key when prompted by a Web site, as part of its reaction to an unpatched vulnerability that hackers could exploit to hijack PCs running Internet Explorer (IE).

In a security advisory issued late Monday, Microsoft confirmed the unpatched bug in VBScript that Polish researcher Maurycy Prodeus had revealed Friday, offered more information on the flaw and provided some advice on how to protect PCs until a patch shipped.

"The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer," read the advisory. "If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user."


For the rest of the story:

http://www.computerworld.com/s/article/print/9164038/Microsoft_Don_t_press_F1_key_in_Windows_XP?taxonomyName=Spam%2C+Malware+and+Vulnerabilities&taxonomyId=85


***
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on March 09, 2010, 04:31:00 AM
hackers exploit oscars

http://www.sophos.com/blogs/gc/g/2010/03/08/hackers-exploit-oscar
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on March 09, 2010, 05:17:14 AM
Here's a couple more from latest Sophos E-news

John C Dvorak and hundreds of others hacked on Twitter
http://www.sophos.com/blogs/chetw/g/2010/03/06/john-dvorak-falls-victim-twitter

Bad Bunny! Energizer Battery USB charger blamed for backdoor Trojan
http://www.sophos.com/blogs/gc/g/2010/03/08/bad-bunny-energizer


Are we entering some phase where can expect an onslaught of malware exploits? ..a plague, no less
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on March 10, 2010, 01:00:55 AM
Secunia has updated the Secunia Online Software Inspector (OSI) with new
rules for detecting insecure software.

Run the Secunia OSI to make sure that your system is up-to-date:
http://secunia.com/vulnerability_scanning/online/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on March 10, 2010, 06:11:52 PM
Microsoft warns of new IE bug; attacks under way
Internet Explorer 6 and its 2006 successor, IE7, contain a vulnerability that can be used by attackers to inject malicious code into a Windows PC. The oldest and newest of Microsoft's supported browsers, IE 5.01 and IE8, respectively, are not vulnerable to such attacks.
http://www.computerworld.com/s/article/9168138/Microsoft_warns_of_new_IE_bug_attacks_under_way?source=rss_news
http://www.informationweek.com/news/software/showArticle.jhtml?articleID=223300150

Twitter takes action on spammers and scammers
http://www.pcw.co.uk/v3/news/2259231/twitter-takes-action-spammers
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on March 10, 2010, 06:27:16 PM
Quote
Twitter takes action on spammers and scammers
yeah, but what for if ???
Quote
Microsoft could still buy Twitter, says Ballmer
http://www.pcw.co.uk/v3/news/2258895/microsoft-twitter-ballmer

 ;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on March 10, 2010, 08:26:19 PM
100% free pr0n ::)
Quote
Pinball Publisher Network: Yet more blackhat SEO goodness
 
Going through the latest Google results for new malicious goodness, I stumbled upon a URL I was fully expecting to be serving me with a fake AV (the last 10 or so I'd checked had done), but alas no, not this time. This time I was to be served a page that led me to a fake search results page (PPC fraud);
http://hphosts.blogspot.com/2010/03/pinball-publisher-network-yet-more.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Chris Thomas on March 13, 2010, 02:05:06 PM
Microsoft races to plug IE hole after exploit code released

Microsoft said on Friday it is testing a patch to fix a new hole in Internet Explorer 6 and IE 7 following the release of exploit code on the Internet.

http://news.cnet.com/8301-27080_3-20000392-245.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on March 15, 2010, 05:06:44 PM
F-Secure with new security blog
http://safeandsavvy.f-secure.com/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Marc57 on March 15, 2010, 05:36:10 PM
Microsoft offers 'fix-it' workaround for IE zero-day

Microsoft has released a one-click “fix-it” workaround to help Web surfers block malware attacks against an unpatched vulnerability in its flagship Internet Explorer browser.

http://blogs.zdnet.com/security/?p=5726&tag=nl.e589


(Or you can just upgrade to IE8 )
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nmb on March 15, 2010, 06:44:45 PM
F-Secure with new security blog
http://safeandsavvy.f-secure.com/

http://www.f-secure.com/weblog/archives/00001906.html

Quote
You'll notice that the name is pink. That's part of our new brand but it also reflects the authorship. Safe and Savvy's contributors are the female employees of F-Secure (mostly).

nmb
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nmb on March 15, 2010, 06:48:59 PM
Looking for malware in all the wrong places?

Quote
Instead of looking for known patterns -- whether of instructions and data, or of actions -- wouldn't it be great if we could look for anything that is malicious? That may sound like a pipe dream.

Not to me.

nmb
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on March 16, 2010, 05:50:55 PM
Hackers lock Zeus crimeware kit with Windows-like anti-piracy tech
http://www.pcworld.idg.com.au/article/339670/hackers_lock_zeus_crimeware_kit_windows-like_anti-piracy_tech/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on March 17, 2010, 05:54:48 PM
Waledac botnet 'decimated' by MS takedown
http://www.theregister.co.uk/2010/03/16/waledac_takedown_success/

Anti-virus suites still can't block Google China attack
http://www.theregister.co.uk/2010/03/16/aurora_av_test_fail/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on March 19, 2010, 11:54:38 AM
Here we go again.......

New password-stealing virus targets Facebook
http://in.reuters.com/article/lifestyleMolt/idINTRE62G5A420100318
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: spg SCOTT on March 19, 2010, 12:24:01 PM
Here we go again.......

New password-stealing virus targets Facebook
http://in.reuters.com/article/lifestyleMolt/idINTRE62G5A420100318

Yep...

I got this one...(as well as the ups one again...)

Wanted to download it to see if it was detected or not, but hotmail wouldn't let me...can't even forward it to the VT service as MS trashes the attachment because it is malicious...at least MS is on the ball on this one...

Oddly though, my email address isn't spg_pentagram ???
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on March 20, 2010, 01:07:52 AM
Hi malware fighters,

In the last 48 hours the number of Koobface (anagram of Facebook) C&C servers has doubled:
http://www.infosecurity-magazine.com/view/8018/koobface-commandandcontrol-servers-double-in-48-hours/

*         Be careful not to open links of in suspicious messages, even if the sender is a known
           Facebook-   friend.

*          Use an up to date browser like: Google Chrome, Firefox 3.x, Internet Explorer 8, Opera 10, etc.

*         Hand out minimal personal data, never give real address, telephone number or other private data.

*         Keep your anti-malware software up-to-date to protect against new variants of the malware  
           attacking your machine. Users on XP can use System Restore to restore to a situation
           before the infection occurred.

polonus

Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on March 22, 2010, 02:55:15 AM
Secunia

Mozilla Confirms Critical Firefox Vulnerability
http://news.softpedia.com/news/Mozilla-Confirms-Critical-Firefox-Vulnerability-138014.shtml
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Chris Thomas on March 23, 2010, 12:46:48 PM
Chinese Academics' Paper on Cyberwar Sets Off Alarm in U.S

http://www.nytimes.com/2010/03/21/world/asia/21grid.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on March 24, 2010, 08:59:22 PM
Hi malware fighters,

Malware found to redirect 400 anti-malware sites back to google IP via changed hosts file:
http://sunbeltblog.blogspot.com/2010/03/using-windows-hosts-file-to-cut-off.html

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: MikeBCda on March 24, 2010, 10:24:15 PM
I'm one of the (probably) very few who doesn't bother with a hosts file as part of my defense system, so all I've got is the default Win file with just the single localhost entry.  I do take a quick look at it as part of my weekly cleanup routine, but obviously it's very easy to spot any changes that way.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on March 24, 2010, 11:15:37 PM
don't talk like that ;D Hostsfile utilities are still very useful for those running Internet Explorer ... on a more serious note, I don't bother with the hostsfile either, but I use Firefox ;)

ps: for those a bit lost here, IE has the ability to easily allow most site re-directions, while Firefox is protected against that.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: DavidR on March 24, 2010, 11:19:10 PM
I don't bother with the HOSTS file either ;D

There are a number of application that include Hosts file monitoring/locking/blocking, etc. I have WinPatrol Plus that monitors that in real time as one of its many monitoring functions, I think the free version only has monitoring at a set time period.

There are no doubt other such tools that do the same.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on March 24, 2010, 11:43:12 PM
I would have thought protected hosts file was a quick and easy fix against intrusion by parasites, as the advertising says. Don't tell me I've gone fallen for a juicy header, after my many, many tirades against the advertisers,
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on March 24, 2010, 11:49:29 PM
Symantec names riskiest U.S. cities for cybercrime
http://www.computerworld.com/s/article/9173928/Symantec_names_riskiest_U.S._cities_for_cybercrime?taxonomyId=82

Is your city a cybercrime center?
http://www.networkworld.com/news/2010/032310-cybercrime-cities.html?page=1

Cyber criminals getting specialized, FBI says
http://fcw.com/articles/2010/03/23/web-fose-chabinsky-cyber-threat.aspx

Proposed US law would single out cybercrime havens
http://www.networkworld.com/news/2010/032310-proposed-us-law-would-single.html?hpg1=bn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: CharleyO on March 25, 2010, 06:23:17 AM
***

Gmail starts warning users of suspicious account activity :

http://www.computerworld.com/s/article/9174044/Gmail_now_warns_users_of_suspicious_account_activity
http://gmailblog.blogspot.com/2010/03/detecting-suspicious-account-activity.html


***
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on March 25, 2010, 04:02:09 PM
Hacker Disables More Than 100 Cars Remotely
http://www.wired.com/threatlevel/2010/03/hacker-bricks-cars/

Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on March 25, 2010, 11:22:30 PM
Hi malware fighters,

The main countries from where directed attacks are being performed are China and Romania, USA is in third position. Most dangerous are those e-mails that come with an encrypted RAR.file attached: http://www.messagelabs.com/mlireport/MLI_2010_03_Mar_FINAL-EN.pdf

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on March 26, 2010, 12:33:15 PM
Hacker gets 20 years in credit card thefts ....... :D
http://www.msnbc.msn.com/id/36039784/ns/us_news-crime_and_courts/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on March 26, 2010, 02:46:50 PM
Hi malware fighters,

Apparent Detecting and Defeating Government Interception Attacks Against SSL, Certification authorities have provided government with false certifications so they need not break and can easily circumvent encryption: http://files.cloudprivacy.net/ssl-mitm.pdf
Involved is packet-forensics: http://www.wired.com/threatlevel/2010/03/packet-forensics
Now we understand why a lot of browsers trust a lot of certificates:
http://www.eff.org/deeplinks/2010/03/researchers-reveal-likelihood-governments-fake-ssl]

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on March 26, 2010, 06:08:19 PM
Hi malware fighters,

Apparent Detecting and Defeating Government Interception Attacks Against SSL, Certification authorities have provided government with false certifications so they need not break and can easily circumvent encryption: http://files.cloudprivacy.net/ssl-mitm.pdf
Involved is packet-forensics: http://www.wired.com/threatlevel/2010/03/packet-forensics
Now we understand why a lot of browsers trust a lot of certificates:
http://www.eff.org/deeplinks/2010/03/researchers-reveal-likelihood-governments-fake-ssl]

polonus


I hope that's not true ??? :o
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on March 27, 2010, 12:00:30 AM
@Logos,

More links: http://www.betanews.com/article/Has-SSL-become-pointless-Researchers-suspect-statesponsored-CA-forgery/1269551694
http://betabubble.com/?tag=intermediate-certificates
It was not developed with your security in mind....
It is all about endpoints, and it is all about trust to what is going over the "wire"......
DNSSEC has a similar attack against it,

polonus

Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on March 27, 2010, 01:17:14 AM
I trust the sources, that's not the problem, I was just a bit shocked to say the least. I posted that on Comodo forums to get some reactions (could be interesting as they're in ssl business) but no feedback so far...
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: crofty59 on March 27, 2010, 04:34:23 AM
Trojans masquerading as updates for popular applications such as Adobe, Java or Windows.

I read this on Sunbelt blog
http://sunbeltblog.blogspot.com/2010/03/fake-updates-install-backdoors.html (http://sunbeltblog.blogspot.com/2010/03/fake-updates-install-backdoors.html)

Also more info on Softpedia
http://news.softpedia.com/news/Trojan-Masquerades-as-Adobe-Reader-Updater-Component-138453.shtml (http://news.softpedia.com/news/Trojan-Masquerades-as-Adobe-Reader-Updater-Component-138453.shtml)

Edited wrong Link
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on March 30, 2010, 01:30:11 PM
Hi malware fighters,

Security researcher D. Stevens has published a hole in PDF that cannot be patched!
POC: http://blog.didierstevens.com/2010/03/29/escape-from-pdf/
Forewarned is forearmed. Adobe is putting everyone in danger,

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on March 30, 2010, 03:37:03 PM
I now use Foxit - regardless that is less supported PDF platform
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nmb on March 30, 2010, 03:44:41 PM
I use sumatra pdf. recommended by scott, its awesome. Thanks scott. No problems whatsoever.

nmb
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on March 30, 2010, 06:55:53 PM
okay I give it a go. no doubt still recommended by Scott.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: spg SCOTT on March 30, 2010, 07:06:37 PM
I use both foxit and Sumatra as they both come in portable versions (portableapps.com)
 

Simple, small, lightweight, and crucially not targeted as much as adobe ;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on March 30, 2010, 09:27:08 PM
Thats what I'll do Scott. And the portable on my flash drive as well. Cheers, buddy.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on March 30, 2010, 09:33:11 PM
Hi malware fighters Scott and mkis,

Thanks for the additional info, forum friends,  Adobe has been under malware flak too long now and their patch cycle cannot keep up with what is uncoming, as this cannot be patched as Didier Stevens mentions then it is better to shun Adobe's PDF software until they really will clean up their act,

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on March 30, 2010, 10:03:37 PM
OK this is all interesting, and I (seriously) don't doubt a second about the existence of Adobe Reader or Flash vulnerabilities. This said, I'm still waiting for my first Adobe related infection ;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: MikeBCda on March 30, 2010, 10:04:23 PM
My personal third-party choice is Tracker's PDF-XChange Viewer (freeware, at least the version I've got).

If I understand correctly, the vulnerability is in Adobe's reader itself, rather than anything inherent in PDF coding, so 3rd party viewers should be OK.

I suspect Adobe has a general attitude problem about proper security.  Maybe my sense of what happened when is a little fuzzy, but didn't all the problems with Flash start more or less when Adobe took that (and Shockwave generally) over?
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on March 30, 2010, 10:08:19 PM
Hi Logos,

The case is worse than the responders thought, it is not only Adobe PDF that is holed, it is all PDF, in Foxit it is even worse that you get no warning and still the POC works. Use this to test: http://didierstevens.com/files/data/launch-action-cmd.zip   If cmd.exe is started well  :'(
It is broken, folks, it is broken, they are going for broke!!! This is the POC for Foxit Reader: http://twitter.com/riotz/status/11281340909
But PDF-XChange Viewer still standing, nothing being executed only thing you get is an error after the warning....

polonus

Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on March 30, 2010, 10:28:49 PM
yeah, sounds like it's the pdf (native structure) itself responsible for this possible threat >>> embedded virus contained in the document, not even using a security flaw. There's nothing Adobe can do against that. It's normally up to the user to be careful and avoid clicking, as long as a dialog box is displayed... but this can be controlled too according to the author of that article... I guess many other types of documents could be infected in a similar way. That's life, that's where you browse and how you browse. Legit sites don't spread such stuff, unless a site has been hacked...and I guess this sort of malware is absolutely undetectable by any AV...(may be if full file scan is selected, not sure...)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on March 30, 2010, 11:29:58 PM
Hi Logos,

It won't work in FoxitReader when you will patch it, by taking support for url, launch, movie en sound out of the Reader,

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on March 30, 2010, 11:48:06 PM
Hi forum members,

Did you install the emergency patch for IE?; re: http://www.dshield.org/diary.html?storyid=8533
I did,

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on March 31, 2010, 12:00:50 AM
Hi forum members,

Did you install the emergency patch for IE?; re: http://www.dshield.org/diary.html?storyid=8533
I did,

polonus
Isn't this covered in the various updates that have already been installed with auto update by MS ???
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on March 31, 2010, 10:02:43 AM
Hi forum members,

Did you install the emergency patch for IE?; re: http://www.dshield.org/diary.html?storyid=8533
I did,

polonus
Isn't this covered in the various updates that have already been installed with auto update by MS ???

yep, it's just that ;)
http://www.microsoft.com/technet/security/bulletin/ms10-018.mspx
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on March 31, 2010, 01:29:10 PM
Hi forum members,

Did you install the emergency patch for IE?; re: http://www.dshield.org/diary.html?storyid=8533
I did,

polonus
Isn't this covered in the various updates that have already been installed with auto update by MS ???

yep, it's just that ;)
http://www.microsoft.com/technet/security/bulletin/ms10-018.mspx
Mine updated this morning with a greeting to reboot now or in 15 min. :)
More info here (http://blogs.zdnet.com/security/?p=5921&tag=nl.e539)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on March 31, 2010, 02:48:28 PM
Here's mine - come through yesterday when I powered on the computer

http://www.microsoft.com/security/updates/bulletins/201003_oob.aspx


The other entry for 31 /3 /10 is an optional Compatibility View tweak with market by market functionality
I ran a check through the optional updates after the auto updates had downloaded and before I restarted.
I install a lot of the optional updates - this time I also loaded the .NET optionals, since I have .NET on my system  
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on March 31, 2010, 02:50:56 PM
Quote
Mine updated this morning with a greeting to reboot now or in 15 min.  :)

My XP Pro system installed Cumulative Security Update for Internet Explorer 8 for Windows XP (KB980182) when I powered it off about midnight and my Windows 7 system updated just now when I went to Windows Update and it indicated an Important update was available.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on March 31, 2010, 07:19:54 PM
Hi YoKenny,

Because they had experienced the exploit being abused in the wild and they could not wait any longer with a patch. There was a Fix-It for it already, but that now has been turned into a general patch for the various IE versions,

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on March 31, 2010, 07:25:42 PM
Hi malware fighters,

Foxit Reader will patch the unpatchable hole next week: http://forums.foxitsoftware.com/showthread.php?p=41323
Good news,

pol
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on March 31, 2010, 10:46:17 PM
Hi malware fighters,

The Torpig aka Sinowal, malware will put obfuscated malicious JavaScript into a website's pages and/or JavaScript files. The malcode on the website's pages and JavaScript files is being changed from time to time and might be removed completely as well. The malware gets onto the website through FTP compromised credentials through malware located on a nachine that has accessed the site throughFTP. To prevent the website from being reinfected change the FTP password ^remove the malware  from the infected machines before it will be use over and over again to access the website through FTP

FTP. Re: http://www.sophos.com/security/analyses/viruses-and-spyware/trojtorpigbl.html

The most recent script format is attached as a screendump (source: WhiteFirDesign)
Click to make more visable - pol
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: llariel on April 02, 2010, 05:44:50 AM
Firefox 3.6.3 fixes a critical security issue that could potentially allow remote code execution... More info here:

http://www.mozilla.org/security/announce/2010/mfsa2010-25.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Chris Thomas on April 06, 2010, 03:57:51 PM
Exploits not needed to attack via PDF files


http://news.cnet.com/8301-27080_3-20001792-245.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on April 06, 2010, 04:42:06 PM
DHS studying global response to Conficker botnet

The Conficker Working Group report could provide a template for future cyber attack responses, security experts say
http://www.infoworld.com/d/security-central/dhs-studying-global-response-conficker-botnet-127
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on April 06, 2010, 08:42:12 PM
Hi malware fighters,

PONDUS can you give this in English?
New JAVA malware misleads av scanners: http://www.idg.no/computerworld/tema/sikkerhet/article163040.ece

Also: http://www.woodmann.com/forum/archive/index.php/t-13454.html

pol
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on April 07, 2010, 04:26:56 AM
Hackers spam out malware disguised as "account notification" warning

http://www.sophos.com/blogs/gc/g/2010/04/06/account-notification-email

Quote
Emails claiming that recipient's accounts have been temporarily suspended are being seen around the world today, attempting to trick users into believing that their email account has been accessed by somebody else. Ensure that your computer systems are protected and find out more now.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: DavidR on April 07, 2010, 04:56:00 AM
No change here other than perhaps Sophos trying to gain some kudos for something that has been going on for ages, not just happened/happening today.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on April 07, 2010, 06:44:00 AM
They do say that it is a 'tried and trusted social engineering trick', and I think the point of the article is that the ruse targets those returning from the Easter break. Perhaps the same scam went down in previous Easter breaks. I cannot recall. I guess they have to report it anyway.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on April 07, 2010, 04:57:36 PM
Mozilla warns of unknown root certificate authority in Firefox (http://blogs.zdnet.com/security/?p=6016&tag=nl.e589)
Quote
“…I have not been able to find the current owner of this root. Both RSA and VeriSign have stated in email that they do not own this root.

Therefore, to my knowledge this root has no current owner and no current audit, and should be removed from NSS.”
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on April 07, 2010, 05:45:46 PM
Mozilla warns of unknown root certificate authority in Firefox (http://blogs.zdnet.com/security/?p=6016&tag=nl.e589)
Quote
“…I have not been able to find the current owner of this root. Both RSA and VeriSign have stated in email that they do not own this root.

Therefore, to my knowledge this root has no current owner and no current audit, and should be removed from NSS.”


thanks for this warning; that's been updated, RSA is the owner but acknowledges that the certificate isn't in use anymore >>> so, it should be removed. It's this one: RSA Security 1024 V3. http://blog.mozilla.com/security/2010/04/06/removing-the-rsa-security-1024-v3-root/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on April 07, 2010, 08:51:24 PM
Adobe suggests workaround for PDF embedded executable hack
http://blogs.zdnet.com/security/?p=6028&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+zdnet/security+(ZDNet+Zero+Day)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on April 08, 2010, 02:20:06 AM
Report: Windows 7 holes eased by axing admin rights
http://news.cnet.com/8301-27080_3-20001359-245.html?tag=content;col1
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on April 09, 2010, 03:03:09 PM
Subscription to malware testing

The title may imply that this article is about subscription services for email checking ?

Rather not! This time we shall examine yet another way that criminal activity imitates legitimate business.

http://www.norman.com/security_center/security_center_archive/2010/79170/en-uk
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Marc57 on April 09, 2010, 06:44:18 PM
MS Patch Tuesday heads-up: 25 holes in Windows, Office

Microsoft plans to release 11 security bulletins on Tuesday April 13, 2010 to fix 25 documented vulnerabilities that expose Windows users to remote code execution attacks.

http://blogs.zdnet.com/security/?p=6070&tag=nl.e540
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on April 09, 2010, 07:27:57 PM
1-in-10 Windows PCs still vulnerable to Conficker worm
http://www.computerworld.com/s/article/9174998/1_in_10_Windows_PCs_still_vulnerable_to_Conficker_worm?source=rss_news


Romanian police, FBI break up 70-strong eBay fraud ring
http://www.scmagazineus.com/romanian-police-fbi-break-up-70-strong-ebay-fraud-ring/article/167554/
http://garwarner.blogspot.com/2010/04/70-romanian-phishers-fraudsters.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: wisteria on April 10, 2010, 12:21:01 PM
Hello everyone!

I'm new to this forum and to Avast.  I'm not sure if I'm posting my query in the right thread, but here goes.  I'd be grateful if someone could advise me on how to report a possible 'false positive' to Avast?   I've been trying to enter a furniture website here in the UK, but I keep receiving a message from Avast telling me there is a Trojan horse file attached to the shopping cart, thus I always have to abort the connection.

I've telephoned and emailed the furniture company and they admit there was a problem, but they say they've now fixed it.  Yet Avast continues to warn me not to enter the site.

Should I put the website url here for someone to check?  I won't do this if it's against protocol on this forum.  In short, I just need to know how to request a human being at Avast to check whether I'm receiving a false positive?

Thanks in advance for your advice  :D       
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: DavidR on April 10, 2010, 02:39:59 PM
Reports related to detections, etc. should go in a new topic in the viruses and worms forum, http://forum.avast.com/index.php?board=4.0 (http://forum.avast.com/index.php?board=4.0). There you can post this information and the URL, change the URL from http to hXXp or www to wXw, to break the link and avoid accidental exposure to suspect sites, thanks.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: wisteria on April 11, 2010, 04:03:22 PM
Thanks, will do that. I've now reported the Trojan horse problem to Avast Technical support and  hope they won't take too long to reply.   
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: DavidR on April 11, 2010, 04:06:35 PM
I would still go ahead with the new topic as the forums are very active.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on April 11, 2010, 08:15:14 PM
Hi malware fighters,

More and more malware with destructive payload leave users with a non-functioning PC:
http://blog.webroot.com/2010/04/08/this-pc-will-self-destruct-in-ten-seconds/

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on April 12, 2010, 08:33:17 AM
sorry Logos, spammer was here but mod must have deleted them- next time I leave it to the mods  :)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on April 12, 2010, 11:47:38 AM
hmm...is yr biznus desperate or someting...surely better place to advertise than here?

???
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on April 12, 2010, 11:58:18 AM
Hi malware fighters,

WordPress bloggers being hacked with shared hosting from Network Solutions: http://wordpress.org/support/topic/385477/page/2#post-1470935
Here it is called a plug-in prob: http://krebsonsecurity.com/2010/04/hundreds-of-wordpress-blogs-hit-by-networkads-net-hack/

pol
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on April 12, 2010, 12:39:51 PM
I have an account at netsol so I will go in tonight and see if I can find anything amiss. I have the Wordpress options active (I think), but have never used them from what I can recall - why would, when I can have Wordpress as a standalone with sufficient options to link back to netsol, that is links that keep source at arm's length from destination. There have been a lot of problems with Wordpress recently. Cannot say people haven't had sufficient warnings. And Wordpress bundled into netsol...hmm...tonight I stop any active connect for good.

Netsol are unashamedly hard sell, even though they do provide me services at a tenth of the price what they would cost here in New Zealand (I'm not kidding - $NZ14 per annum spent at netsol for what I'm paying approx $NZ170 per annum here just to own a .co.nz domain, and that's not to use the domain, that's just to own it). But point is netsol are unashamedly hard sell, they exude business, and you have to watch yr *ss for yrself, cos they not going to do it for you. That said, their network shield is good, very solid so far, and I feel terribly let down that I haven't received an email notification about this issue. They do crank out emails very regular, hard sell emails that is, and there really is no excuse for the delay. A warning about the threats at least, should be mandatory. As a netsol customer I am terribly let down, and feel the negligence reflects on myself as well as one of their clients. (And just checked - still no email).

Edit - screenshot show Wordpress / mysql database - now removed

maybe I yapped my mouth a bit early ??? but I just know - I knew back then - at least the forum finally got something to talk about, usual its just a vehicle to advertise, better go add my piece of nonsense to the rabble   ;D

Edit - I was wrong there was an alert - alerted that I've got a bill needs to be paid within 30 days   ???
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on April 12, 2010, 12:47:39 PM
sorry Logos, spammer was here but mod must have deleted them- next time I leave it to the mods  :)

oh OK ;)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: spg SCOTT on April 12, 2010, 01:21:24 PM
More: http://blog.unmaskparasites.com/2010/04/11/network-solutions-and-wordpress-security-flaw/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on April 12, 2010, 01:46:58 PM
thanks Scott, I feel vindicated. I've always felt that Wordpress / mysql option was a risk. but must be tempting for some people.

I'm trying to get into the forum discussion at the moment through my standalone Wordpress.

oh its wordpress.org and my standalone is wordpress.com - they operate separately - has saved me wasting my time.

here's an update on this issue

http://blog.networksolutions.com/2010/update-word-press-issue-fixed/  - fixed (for now)

http://terrywhite.com/techblog/archives/5097  - is tough at the top, Terry (some good tips and tricks on this domain)

Thanks for post Polonus, I've decided to RSS Brian Krebs as a safe measure - no onsite alert from netsol as yet  ???
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on April 13, 2010, 12:33:05 AM
Scam Facebook page attracts 40,000 victims seeking Ikea gift card
http://www.computerworld.com/s/article/9175158/Scam_Facebook_page_attracts_40_000_victims_seeking_Ikea_gift_card?source=rss_news


Income tax season spawns Internet spammer scams
http://www.usatoday.com/money/industries/technology/2010-04-12-identitytheft12_ST_N.htm
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Chris Thomas on April 13, 2010, 10:01:36 AM
Microsoft to fix 25 holes

http://news.cnet.com/8301-27080_3-20002053-245.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on April 13, 2010, 01:32:47 PM
Malware Extorts Cash From BitTorrent Users

A new type of malware is riding the wave of file-sharing pre-settlement letters by infecting BitTorrent users’ machines and then demanding payments in order to make imaginary lawsuits go away. ICPP Foundation try to give the impression they are RIAA and MPAA affiliated but the whole thing is a scam to extort cash and obtain credit card details.

http://torrentfreak.com/malware-extort-cash-from-bittorrent-users-100411/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Alan Baxter on April 17, 2010, 06:48:39 PM
Mozilla has blocklisted all older versions of the Java Deployment Toolkit plugin.  I just noticed that the current version in my Java 6U20 installation is Java Deployment Toolkit 6.0.200.2, a version which is newer than those blocklisted, versions 6.0.200.0 and older.

Add-ons Blocklist | Mozilla (https://www.mozilla.com/en-US/blocklist/)
Quote
This page lists blocklisted add-ons that should no longer be used with Mozilla products.
...
    * Java Deployment Toolkit, versions 6.0.200.0 and older. Reason: security vulnerabilities (see bug 558584 (https://bugzilla.mozilla.org/show_bug.cgi?id=558584)).

This note seems to say a problem is caused by the Java update process, rather than the 1.6.0_20 version of the plugin.  I don't see any evidence that the 1.6.0_20 version is problematic.
US-CERT Vulnerability Note VU#886582 (http://www.kb.cert.org/vuls/id/886582)
Quote
Note: The installer for Java 1.6.0_20 may not correctly update all instances of the Java Deployment Toolkit plugin. In some cases, the plugin that resides in the \bin\new_plugin directory may not be updated to the fixed 6.0.200.2 version of npdeployJava1.dll. If the new_plugin directory contains npdeploytk.dll version 6.0.190.4 or earlier, then browsers that use plug-ins, such as Mozilla Firefox or Google Chrome, may still be vulnerable. To correct this situation, delete the vulnerable npdeploytk.dll from the new_plugin directory and replace it with the npdeployJava1.dll version from the bin directory.

Please note that the Java Development Toolkit can be installed in multiple browsers, therefore workarounds need to be applied to all browsers with the Java Development Toolkit.

Edit: Updated with US-CERT info.
Mozilla's Add-ons Blocklist page seems to have some incorrect info.
Current version is not blocklisted.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on April 17, 2010, 09:28:40 PM
There may have been some problems Java update process, perhaps in updating to 1.6.0_20 version.

Chrome Java version

Where I found there was an issue - Vista SP2, Chrome - Secunia found the version to be out of date
- would not update from the Java module in Control Panel
- downloaded 1.6.20 version from Secunia but would not install
- repeat attempt bought up dialog box inform the elevation was necessary to update - special case

Also repeated attempts to change rule from Ask before downloading to Ask before installing was not successful after the rule had been Apply - always went back to initial setting - this is still the case.
- currently Ask before downloading is the only setting that will Apply

The owner of the computer is not computer literate so I did not pursue what was the brief history
- last attempt to update was 4/4/2010 and that was from 1.6.18 version....so? I'm not sure.

What I did was download the latest version and uninstall the existing version
- then I did an install of 1.6.20 and this was successful
- ran a manual update and process was successful returning message that Java already up to date

Still couldn't change update rule to Ask before install - may need to first change some other setting.

Edit - one of my own computers - XP Pro, Firefox - alerts that most recent update of Java console 1.6.18 in browser had not shed previous version, so I deleted previous version and tried manual update of Java in Control Panel - two corrupt downloads before successful install of 1.6.20 and checked browser to find that all was now good - will check all my machines, if any problems will open new post.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: spg SCOTT on April 17, 2010, 09:32:06 PM
Infected XP owners left unpatched

Quote
Some of the latest security updates for Windows XP will not be installed on machines infected with a rootkit virus.
...
The latest updates can spot if a system is compromised by the Alureon rootkit and halt installation.

http://news.bbc.co.uk/1/hi/technology/8624560.stm

Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nmb on April 18, 2010, 04:55:12 PM
Network Solutions hacked again

More sites hacked : http://bit.ly/9a8nP2

nmb
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Alan Baxter on April 18, 2010, 05:20:01 PM
More sites hacked : http://bit.ly/9a8nP2

Could you provide the full URL?  In general, I'm not comfortable clicking on shortened ones because they give me no indication of where I'm supposed to wind up.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nmb on April 18, 2010, 05:21:09 PM
Sorry, that was from twitter.

Here it is : http://blog.sucuri.net/2010/04/network-solutions-hacked-again.html

nmb
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Alan Baxter on April 18, 2010, 05:33:06 PM
Thank you for the link, nmb.  Interesting stuff.  Thank goodness for NoScript and Avast 5 -- and automatic browser and OS updates.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nmb on April 18, 2010, 05:40:10 PM
Yes I feel very good that I know about noscript and avast. Both are very efficient in blocking such hacks. Huge thanks to both of 'em.

nmb
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on April 18, 2010, 07:09:28 PM
More sites hacked : http://bit.ly/9a8nP2

Could you provide the full URL?  In general, I'm not comfortable clicking on shortened ones because they give me no indication of where I'm supposed to wind up.
Maybe you need this little Firefox add-on:
http://www.lockergnome.com/bob3160/2010/04/14/the-long-and-short-of-urls/ (http://www.lockergnome.com/bob3160/2010/04/14/the-long-and-short-of-urls/)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on April 18, 2010, 08:58:13 PM
 :)  google Chrome bookmark
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: DavidR on April 18, 2010, 09:38:11 PM
More sites hacked : http://bit.ly/9a8nP2

Could you provide the full URL?  In general, I'm not comfortable clicking on shortened ones because they give me no indication of where I'm supposed to wind up.
Maybe you need this little Firefox add-on:
http://www.lockergnome.com/bob3160/2010/04/14/the-long-and-short-of-urls/ (http://www.lockergnome.com/bob3160/2010/04/14/the-long-and-short-of-urls/)

That little add-on is reported as only for old versions of firefox when you get to Mozilla's add-ons section and no link to download the .xpi file. It hasn't been updated for some time and not offered for firefox 3.6.3.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on April 19, 2010, 08:38:47 PM
Hi malware fighters,

Well Trojan now posing as a GoogleChrome extension:
http://www.malwarecity.com/blog/trojan-as-fake-google-chrome-extension-797.html

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on April 20, 2010, 11:23:34 AM
Network Solutions customers hit by mass hack attack
http://www.theregister.co.uk/2010/04/19/network_solutions_mass_hack/

Quote
Network Solutions' security team is battling a mysterious attack that has silently infected a "huge" number of the websites it hosts with malicious code.

The mass compromise affects sites running WordPress, Joomla, and plain-vanilla HTML, according to reports here and here from Securi Security and Stop Malvertising. Many of the infected sites include encoded javascript that secretly attempts to install malware on visitors' computers.

>>> Firefox + NS ;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on April 22, 2010, 04:25:31 PM
Hi malware fighters,

A solution for the XSS filter problem in IE8 will be launched next patch round:
http://blogs.technet.com/msrc/archive/2010/04/19/guidance-on-internet-explorer-xss-filter.aspx

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on April 23, 2010, 01:12:40 PM
Quote
1.5M stolen Facebook IDs up for sale
http://www.computerworld.com/s/article/9175936/1.5M_stolen_Facebook_IDs_up_for_sale?source=rss_internet

Quote
IDG News Service - A hacker named Kirllos has a rare deal for anyone who wants to spam, steal or scam on Facebook: an unprecedented number of user accounts offered at rock-bottom prices.

Researchers at VeriSign's iDefense group recently spotted Kirllos selling Facebook user names and passwords in an underground hacker forum, but what really caught their attention was the volume of credentials he had for sale: 1.5 million accounts.

IDefense doesn't know if Kirllos' accounts are legitimate, and Facebook didn't respond to messages Thursday seeking comment. If they are legitimate, he has the account information of about one in every 300 Facebook users. His asking price varies from $25 to $45 per 1,000 accounts, depending on the number of contacts each user has.

To date, Kirllos seems to have sold close to 700,000 accounts, according to VeriSign Director of Cyber Intelligence Rick Howard.

social networks ::)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on April 23, 2010, 01:30:14 PM
Hi malware fighters,

Now also Fx is vulnerable to the newest Zeus version via HTML injection: http://www.scmagazineus.com/new-zeus-version-targeting-firefox-users-for-bank-fraud/article/168455/


polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on April 23, 2010, 03:27:34 PM
Emerging threat reported by Symantec UK:

1100 UK Health Service machines infected with Qakbot:
http://www.symantec.com/connect/de/blogs/qakbot-steals-2gb-confidential-data-week

pol

P.S. Manual removal instructions:
1. Temporarily Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Reboot computer in SafeMode
4. Run a full system scan and clean/delete all infected files
5. Delete/Modify any values added to the registry.

Navigate to and delete the following registry entry:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrent VersionRun”[LEGITIMATE APPLICATION NAME]” = “”C:Documents And SettingsAll Users_qbothome_qbotinj.exe” “C:Documents And SettingsAll Users_qbothome_qbot.dll” /c [PATH TO LEGITIMATE APPLICATION]”

6. Exit registry editor and restart the computer.
7. In order to make sure that threat is completely eliminated from your computer, carry out a full scan of your computer using Avast AntiVirus and Antispyware Software like MBAM and SAS,

Damian
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on April 23, 2010, 04:00:57 PM
This could be an extensive threat:
http://www.enterprise-security-today.com/story.xhtml?story_id=112003V2043K&page=1&full_skip=1

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: JuninhoSlo on April 23, 2010, 04:42:13 PM
Hi :)

Mcafee update shutting down Xp machines.- http://www.engadget.com/2010/04/21/mcafee-update--shutting-down-xp-machines/


Have a nice day. :)

Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Jtaylor83 on April 24, 2010, 02:42:44 AM
Blippy users' credit card info exposed on Google - http://news.cnet.com/8301-27080_3-20003283-245.html?tag=mncol;title
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Alan Baxter on April 24, 2010, 06:36:28 AM
Now also Fx is vulnerable to the newest Zeus version via HTML injection: http://www.scmagazineus.com/new-zeus-version-targeting-firefox-users-for-bank-fraud/article/168455/

It's good to know that Zeus isn't transmitted by a Firefox vulnerability. But once you've got it, even Firefox won't save you. Will Avast 5 block this new variant of Zeus?

http://www.scmagazineus.com/new-zeus-version-targeting-firefox-users-for-bank-fraud/article/168455/
Quote
In an email sent to SCMagazineUS.com on Wednesday, a spokesperson at Mozilla said that Zeus is not exploiting a vulnerability within Firefox, but is installed once a system has already been compromised.

"Once malware like Zeus is on a user's system, every application they use is at risk," the Mozilla spokesperson said.
Previous versions of Zeus had fairly limited capabilities for Firefox compared to those for Microsoft's Internet Explorer (IE) browser, Boodaei said. On Firefox, for example, the trojan previously was not capable of changing a bank's login page or altering a user's online transactions. As a result, most fraud incidents associated with Zeus have been sustained by users of IE.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on April 25, 2010, 06:08:18 PM
Hi malware fighters,

Ongoing Twitter Support spam campaign
http://news.softpedia.com/newsImage/Email-Spam-Run-Impersonates-Twitter-Support-Staff-3.jpg/

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on April 25, 2010, 09:00:08 PM
Not sure if this email was part of a spam campaign - profile of the sender was suspended a few hours later.

I did take the email as genuine, if perhaps a lttle bent -
did take me to Twitter, where the sender was following my tweets
sender only had three entries, one of which directed the viewer to 'meet the locals', most of whom were showing themselves off in various stages of undress, down to no dress at all. Including the sender I gather, but a girl was visiting at the time, and she informed me that this person - the sender - was not for me at all.  :)

And later, the sender's profile was suspended (does that mean withdrawn possibly?). But I think genuine Twitter

btw - I was on Firefox at the time, but the redirects to 'meet the locals' can still be found in my Chrome history (records all browsers), and they are still 'live', are they are showing the links to be local.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on April 25, 2010, 11:24:42 PM
Sunbelt Software and Malwarebytes Partner to Improve the Security of the Internet
http://www.sunbeltsoftware.com/Press/Releases/?id=346
http://vipre.malwarebytes.org/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on April 26, 2010, 09:26:05 AM
Symantec Global Internet Security Threat Report  (2009) pdf

http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_internet_security_threat_report_xv_04-2010.en-us.pdf
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on April 26, 2010, 09:53:11 PM
Hi malware fighters,

The blippy service leaked creditcard data to be found on Google: http://venturebeat.com/2010/04/23/blippy-credit-card-citibank/
Be aware with whom you share confidential data...

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on April 27, 2010, 06:42:17 AM
Not sure whether this has been posted yet. But here goes -

Virus Bulletin - Latest Reactive and Proactive (RAP) test results
http://www.virusbtn.com/index

Efforts to perceptual map prevalence of virus and virus detection

http://docs.google.com/View?id=ah85g3kzb4tn_274cx84gggh

(I don't readily agree with their perception, but I do like Virus Bulletin)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on April 27, 2010, 11:13:53 AM
Users' passwords exposed by Splunk
http://www.theregister.co.uk/2010/04/26/splunk_passwords_revealed/

Quote
Splunk, a kind of Google for business technology that boasts it can help reinforce your security, has exposed the details of major customers to hackers following a web site slip up.

The passwords of customers on Splunk.com were revealed after some debug information leaked on to its production servers. The debug code exposed users passwords to Splunk.com as clear text, the company said. The site contained the emails and user names customers had used to register with Spluk.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on April 27, 2010, 11:32:46 PM
Bitdefender warns of malware targeting iPad
http://news.bitdefender.com/NW1497-en--BitDefender-Warns-of-Malware-Targeting-iPad-Users-via-iTunes-Update.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on April 28, 2010, 02:09:01 PM
Secunia - Vulnerabilities vs. attack vectors...

http://secunia.com/blog/97
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on April 28, 2010, 08:11:21 PM
Hi malware fighters,

First attempt to launch malcode from within PDF-file without the use of JS:
http://secshoggoth.blogspot.com/2010/04/launch-malicious-pdf.html
There is more to come, be aware...

pol

Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: spg SCOTT on April 29, 2010, 08:13:18 PM
ALL photocopied documents are stored on a hard drive within a hard drive in the photocopier...Potential Risk for information leaks...
 :o :o :o :o :o

http://www.cbsnews.com/stories/2010/04/19/eveningnews/main6412439.shtml

Wow, never even knew about this...
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on April 29, 2010, 08:35:30 PM
ALL photocopied documents are stored on a hard drive within a hard drive in the photocopier...Potential Risk for information leaks...
 :o :o :o :o :o

http://www.cbsnews.com/stories/2010/04/19/eveningnews/main6412439.shtml

Wow, never even knew about this...
The most important information there:
How Bullock Kept Her Baby Adoption Secret
http://www.cbsnews.com/stories/2010/04/29/earlyshow/leisure/celebspot/main6443520.shtml?tag=strip
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nmb on April 30, 2010, 11:48:53 AM
India now the primary producer of viruses

I feel bad : http://www.net-security.org/malware_news.php?id=1320  :( >:(

Avast! guys.. you got a bot in India?

nmb
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on May 02, 2010, 02:02:22 AM
From Windows Secrets - Upgrade to IE8 Now, or Face Consequences

http://www.infopackets.com/news/business/microsoft/2010/20100331_experts_urge_upgrade_to_ie8_now_or_face_consequences.htm
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on May 02, 2010, 04:10:46 PM
Hi malware fighters,

Underforge of Lack - R.I.P. Just security prevent everything!
Occasionally have a look here for recent threats: http://www.underforge.net/category/security/
example malicious site xorg*pl
for this threat (we had it in the mailcious websites in virus and worms): www3.workfree36-td.xorg★pl as 95.169.186.25
with Diagnostic pages like this: http://www.google.com/safebrowsing/diagnostic?site=AS:31103
and this http://www.robtex.com/route/95.169.160.0-19.html

Damian
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on May 03, 2010, 08:47:36 PM
Hi malware fighters,

Just to keep a quick check on infested websites via Norton Safe Web, Safety and Threats:
http://forum.avast.com/index.php?topic=59287.msg499672#msg499672

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on May 03, 2010, 09:28:32 PM
Hi malware fighters,

As this was issued, new zbot infects through PDF file, avast did not detect this:
http://securitylabs.websense.com/content/Alerts/3593.aspx

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on May 03, 2010, 10:02:03 PM
US Air Force phishing test transforms into a problem    ;D
http://www.computerworld.com/s/article/9176155/US_Air_Force_phishing_test_transforms_into_a_problem?taxonomyId=13&pageNumber=1
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on May 04, 2010, 12:26:54 AM
US Air Force phishing test transforms into a problem    ;D
http://www.computerworld.com/s/article/9176155/US_Air_Force_phishing_test_transforms_into_a_problem?taxonomyId=13&pageNumber=1
File this under:
military intelligence
http://www.oxymoronlist.com/military-intelligence
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Marc57 on May 04, 2010, 09:49:11 PM
'Extremely severe' flaw in Opera web browser


An “extremely severe” security vulnerability in the Opera browser could put web surfers at risk of remote code execution attacks, the software maker warned today.

http://blogs.zdnet.com/security/?p=6355&tag=nl.e589

The vulnerability, now patched with the new Opera 10.53, affects Opera for Windows and Mac.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on May 05, 2010, 05:00:29 PM
Hi malware fighters,

Current threats Malware Database - iFrames and Rogue AV hacks: http://malwaredatabase.net/blog/
Current malicious websites reported: http://safeweb.norton.com/safety

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on May 06, 2010, 05:33:20 PM
Facebook's New Features Secretly Add Apps to Your Profile
http://www.pcworld.com/businesscenter/article/195728/facebooks_new_features_secretly_add_apps_to_your_profile.html

Quote
When a piece of software is automatically installed on your computer without your knowledge, it's called malware. But what do you call it when Facebook apps are added to your profile without your knowledge? We discovered Wednesday that this is actually happening, and stopping it isn't as easy as checking a box in your privacy settings.
 If you visit certain sites while logged in to Facebook, an app for those sites will be quietly added to your Facebook profile. You don't have to have a Facebook window open, you don't need to be signed in to these sites for the apps to appear, there's no notification, and there doesn't appear to be an option to opt-out anywhere in Facebook's byzantine privacy settings.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: spg SCOTT on May 06, 2010, 08:57:39 PM
Fake HSBC emails...

OK, so I got one today that was supposedly from them.

It says that I need to verify some account details, and gives what looks to be a genuine link.

There are some things to note though...

1. It is addressed to my email account, not my name...'Dear abcd@abcd.com...' (not how it would be done if it was really HSBC)
2. I have NEVER banked with HSBC...

These things alone are indicative of a scam email...

Another tell tale sign that it is bad, is that the link doesn't actually go to where it says it goes...

The link looks like it goes to a secure (https) HSBC site, but when you look at it, it actually goes to a .ro website, which is romanian...so obviously not from HSBC...

This email was correctly caught by the hotmail spam filter, but I still thought it was a good idea to warn about it...

So please leave it in junk and do not open it...

I have also forwarded it to the real bank's phishing address...


EDIT: Another worrying thing is that this is (I think) the first piece of spam that has been sent directly to my exact email address...where did they get it (also the same with a lot of my friends...)

-Scott-
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on May 07, 2010, 04:21:51 PM
Hi malware fighters,

Warn your mother for Mothersday Card malware:
http://ftc.gov/bcp/edu/multimedia/ecards/mom/butterfly/index.html

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on May 08, 2010, 08:54:21 PM
Hi malware fighters,

The 2007 Storm worm has reappeared in various new variants that differ from the original in specific aspects:
https://www.honeynet.org/node/539
http://www.avertlabs.com/research/blog/index.php/2010/04/28/dark-and-stormy-comeback-of-a-botnet/
and easier to defy than the original Storm worm:
http://www.v3.co.uk/v3/news/2262211/storm-botnet-forming

pol
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nmb on May 09, 2010, 08:00:45 PM
New attack bypasses virtually all AV protection

Quote
Researchers say they've devised a way to bypass protections built in to dozens of the most popular desktop anti-virus products, including those offered by McAfee, Trend Micro, AVG, and BitDefender.

The Register (http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/)

Original research paper. (http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php)

nmb
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on May 09, 2010, 09:57:11 PM
Hi malware fighters,

Latest Malware Database alerts: http://malwaredatabase.net/blog/

pol
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on May 10, 2010, 11:09:18 PM
Hi malware fighters,

Win7 compatibility tool could be a trojan and malicious downloader:
http://www.net-security.org/malware_news.php?id=1335

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on May 11, 2010, 06:49:37 PM
U.S. May Face Cyber Attack, Says Richard Clarke
http://topnews.us/content/219583-us-may-face-cyber-attack-says-richard-clarke

Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: CharleyO on May 12, 2010, 01:43:35 PM
***

Hack done to phpnuke.org site :

http://forum.avast.com/index.php?topic=59535.msg501749#msg501749


***
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on May 12, 2010, 01:48:59 PM
***

Hack done to phpnuke.org site :

http://forum.avast.com/index.php?topic=59535.msg501749#msg501749


***

looks solved:
http://www.theregister.co.uk/2010/05/11/phpnuke_infection_purged/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on May 12, 2010, 08:37:49 PM
Windows 7 'compatibility Checker' Is a Trojan

http://www.pcworld.com/businesscenter/article/195991/windows_7_compatibility_checker_is_a_trojan.html

http://news.bitdefender.com/NW1535-en--Windows%C2%AE-7-Compatibility-Checker-Turns-Out-To-Be-a-Trojan.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: spg SCOTT on May 12, 2010, 08:47:06 PM
Fake HSBC emails...


Ok, since that is not working for them, they are trying another angle...pretending to warn users about erm...themselves...

Once again, these are NOT from HSBC, they are fake. The so called hsbc link actually points to:

hXXp://michael-shelton.com/images/uk-hsbc.co.uk/www/INTEGRATION-HSBC/CAM11;jession=14/

Which is obviously fake. (would be interesting to know whether avast! blocks this...)

Another thing is, that they have 'tagged' (right word?) it as high priority, as you can see in the image (the red exclaimation mark...)

Careful guys...

-Scott-
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on May 12, 2010, 09:06:56 PM
Quote
they are trying another angle...pretending to warn users about erm...themselves...

;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: spg SCOTT on May 12, 2010, 09:37:20 PM
Quote
they are trying another angle...pretending to warn users about erm...themselves...

;D


Yeah...although, I think that sentence needs rephrasing:

Ok, since that is not working very well for them, they are capitalising on it, and trying another angle...pretending to warn users about erm...themselves...

Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on May 14, 2010, 10:23:07 AM
Twitter-controlled botnets
http://www.theregister.co.uk/2010/05/13/diy_twitter_botnets/
http://sunbeltblog.blogspot.com/2010/05/diy-twitter-botnet-creator.html
http://www.wired.com/threatlevel/2009/08/botnet-tweets/

Quote
A security researcher has unearthed a tool that simplifies the process of building bot armies that take their marching orders from specially created Twitter accounts.

TwitterNet Builder offers script kiddies a point-type-and-click interface that forces infected PCs to take commands from a Twitter account under the control of attackers. Bot herders can then force the zombies to carry out denial-of-service attacks or silently download and install software with the ease of their Twitter-connected smartphones.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on May 14, 2010, 03:51:09 PM
Warning: http://stopmalvertising.com/malvertisements/alert-twcorpscom-replaces-grepadcom/page-2

pol
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on May 15, 2010, 10:47:35 PM
Hi malware fighters,

Loads of fake av silent download sites being found, example: http://safeweb.norton.com/report/show?name=syspro.edu.co

Discussion on recent website malware: http://evilcodecave.wordpress.com/
interesting linked, that I bookmarked...

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on May 16, 2010, 04:39:40 AM
Discussion on recent website malware: http://evilcodecave.wordpress.com/
interesting linked, that I bookmarked...

polonus
Sites that are at February 14, 2010 are about as current as an old newspaper.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on May 16, 2010, 05:45:43 PM
Top attacks here: http://atlas.arbor.net/

See what is on the malcode radar here: http://www.securitywizardry.com/radar.htm

pol
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on May 16, 2010, 08:31:33 PM
Top attacks here: http://atlas.arbor.net/

See what is on the malcode radar here: http://www.securitywizardry.com/radar.htm

pol
Goes to prove that Chinese with bogus Windows are the major contributors:
CHINANET-BACKBONE
http://atlas.arbor.net/asn/4134
http://atlas.arbor.net/cc/CN
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on May 16, 2010, 10:46:50 PM
Hi malware fighters,

For the latest wepawet Flash and JS reports, go here:
http://wepawet.iseclab.org/samples.php

pol
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on May 17, 2010, 10:11:44 PM
Hi malware fighters,

As you can read via the link given websites outside the normal Latin spelling, according tio the new Domain standards for instance in Cyrillic or Arabic can be easier abused by phishers now:
http://www.securelist.com/en/blog/2156/New_domain_standards_new_challenges_new_potential_problems

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on May 18, 2010, 10:10:52 PM
Hi malware fighters,

Biggest threat around USB worm: http://news.techworld.com/security/3223707/mcafee-usb-worm-is-biggest-pc-threat/

pol
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: llariel on May 19, 2010, 01:48:20 AM
Oracle Java SE and Java for Business are prone to a remote heap-based buffer-overflow vulnerability affecting the Java Runtime Environment (JRE).

Attackers can exploit this issue to execute arbitrary code within the context of the user invoking the JRE.

Versions prior to Java 5.0 Update 24 and Java 6.0 Update 19 are vulnerable.

http://url4.eu/3Xqok
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Chris Thomas on May 19, 2010, 05:48:39 PM
Microsoft Confirms x64 Windows 7 Aero Vulnerability

Vulnerability in Canonical Display Driver Could Allow Remote Code Executio

http://www.microsoft.com/technet/security/advisory/2028859.mspx

 :-X
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on May 20, 2010, 10:42:28 PM
Hi malware fighters,

Latetst threats: http://security.technosoftcorp.com/ss/ss_index.htm

pol
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on May 21, 2010, 11:52:07 PM
Hi malware fighters,

Already 44 PHP leaks found up: http://www.php-security.org/

pol
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on May 23, 2010, 12:35:31 AM
Hi malware fighters,

Notorious torrent site with malware: 3471018cfbd0f17899258e2b62a1dd61   2010-05-11   Eleonore Exploits pack   IE6   24/41 (58.54%)    TR/PSW.Zbot.185344.R    Blocked   UK   hxxp://91.216.3.108/ca1/index.php
See: http://support.clean-mx.de/clean-mx/viruses.php?domain=91.216.3.108&submit=query
Still malicious avast reports: hxtp://wepawet.cs.ucsb.edu/view.php?type=js&hash=3ebe99eb909fd7458dd245ccbc8c4615&t=1273536734 (do not click link, it is flagged for sign of JS:Pdfka-BT [Expl] has been found
Norton Safe Web gives it green, but that is false: This is a dangerous site,it is blocked on Blade,

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on May 24, 2010, 10:37:23 AM
not really a warning but worth noting:
Google turns on SSL encryption for search

http://www.theregister.co.uk/2010/05/21/google_search_ssl_encryption/

(http://regmedia.co.uk/2010/05/21/google_ssl_search_logo.png)

http://googleblog.blogspot.com/2010/05/search-more-securely-with-encrypted.html

Quote
A few notes to remember: Google will still maintain search data to improve your search quality and to provide better service. Searching over SSL doesn’t reduce the data sent to Google — it only hides that data from third parties who seek it.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on May 24, 2010, 10:54:02 AM
Fake joke worm wriggles through Facebook
http://www.theregister.co.uk/2010/05/21/fake_joke_worm_facebook/

Quote
The malware, for now at least, does nothing more malicious than posting a message on an infected user's Facebook wall that point to a site called fbhole.com. Nonetheless, the speed of its spread on the social networking site has net security experts worried.

The message that the worm posts takes the form
:
Code: [Select]
try not to laugh xD http://www.fbhole. com/omg/allow.php?s=a&r=[random number]
Facebook gives users' names to advertisers
Violates own privacy policy
http://www.theregister.co.uk/2010/05/21/facebook_ads/
http://online.wsj.com/article/SB10001424052748704513104575256701215465596.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nmb on May 24, 2010, 12:33:07 PM
Hi friends,

The fbhole.com attack ended in 15 seconds. Check out fsecure's weblog : http://www.f-secure.com/weblog/archives/00001955.html

nmb
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on May 24, 2010, 01:20:32 PM
Hi friends,

The fbhole.com attack ended in 15 seconds. Check out fsecure's weblog : http://www.f-secure.com/weblog/archives/00001955.html

nmb

LOL  ;D

Quote
Updated to add: Domain fbhole.com shared an IP address with ironbrain.net [82.208.32.99]. Ironbrain.net hosted a website with references to Facebook but no obvious illegal content. While fbhole.com was registered with privacy protection, ironbrain.net had contact information in the WHOIS database, complete with a Czech phone number.

So I called the number.

The call went roughly like this:

– Hello?
– Hi. This is Mikko Hypponen from F-Secure Labs.
– What is this about?
– I'm looking for a person related to ironbrain.net.
– ???
– We're investigating a Facebook worm on fbhole.com. That domain shares an IP address with ironbrain.net which is registered under your name.
– And you are?
– I'm from an antivirus company. Are you related to ironbrain.net?
– I'll have to check… maybe my company is…
– Please do.
– Bye…
[Click]

About 15 seconds later, both fbhole.com and ironbrain.net went offline. The attack is over
.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on May 24, 2010, 03:59:52 PM
Hi malware fighters,

New malware trend: http://blog.unmaskparasites.com/2010/05/22/malware-on-hijacked-subdomains-new-trend/

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on May 26, 2010, 12:52:48 AM
IBM hands out malware-stuffed USB at security conference
http://www.theregister.co.uk/2010/05/21/ibm_usb_malware_snafu/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Chris Thomas on May 26, 2010, 05:11:08 PM
First human 'infected with computer virus'
(http://www.siliconrepublic.com/fs/img/news/201005/378x/computer-virus-image.jpg)


A British scientist says he is the first man in the world to become infected with a computer virus

Is he a humanoid?

Not as terrible as I though

http://news.bbc.co.uk/2/hi/technology/10158517.stm
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: llariel on May 26, 2010, 07:14:40 PM
Facebook Apps hacked or exploited and is hosting HTML:Iframe-inf

Edit: I found this today and still active. Trying to connect twitter with Facebook via Facebook Apps. Google Chrome is giving alert, but the malware can be execute automatically by the server. avast is detecting & blocking it.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on May 26, 2010, 07:15:58 PM
Facebook Apps hacked or exploited and is hosting HTML:Iframe-inf

more details may be? ;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: llariel on May 26, 2010, 07:22:54 PM
Facebook Apps hacked or exploited and is hosting HTML:Iframe-inf

more details may be? ;D

No info is available in the web so far, but I be notified by Google Chrome & avast
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: llariel on May 26, 2010, 07:24:51 PM
I think this is recently
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on May 26, 2010, 07:26:55 PM
could you try to reproduce it and post a screen shot of the alert in the virus/worm section? thanks ;)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: llariel on May 26, 2010, 07:38:11 PM
could you try to reproduce it and post a screen shot of the alert in the virus/worm section? thanks ;)

I will try, but I no have any tool to capture screen shot. Because I not have my laptop in this moment. But want to install one.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: scythe944 on May 26, 2010, 07:41:02 PM
http://www.bhelpuri.net/Snippy/ (only works with XP or older versions of windows with GDI+ installed).

Vista should have a "snipping tool" already installed though.

http://windows.microsoft.com/en-us/windows-vista/Use-Snipping-Tool-to-capture-screen-shots
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on May 26, 2010, 07:42:13 PM
could you try to reproduce it and post a screen shot of the alert in the virus/worm section? thanks ;)

I will try, but I no have any tool to capture screen shot. Because I not have my laptop in this moment. But want to install one.

you got a tool in Vista, it's called "Snipping tool" :)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nmb on May 26, 2010, 08:15:21 PM
Or you guys should start a new thread, may be?

nmb
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on May 26, 2010, 08:24:07 PM
Or you guys should start a new thread, may be?

nmb

why ??? I just warned a user that his system was equipped with a "snipping tool"...and that's a warning thread or not ??? ;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: scythe944 on May 26, 2010, 08:26:01 PM
I already did it though...
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nmb on May 26, 2010, 08:40:57 PM
why ??? I just warned a user that his system was equipped with a "snipping tool"...and that's a warning thread or not ??? ;D

Buddy logos,

You got me wrong. Let's leave it here. Or else the topic gets hijacked.

cheers :)
nmb
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on May 26, 2010, 09:02:17 PM
I was just having fun :D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on May 26, 2010, 10:05:47 PM
Hi malware fighters,

@logos
Well back to business then, I mean get the latest threats from here: http://blog.scansafe.com/
Interesting read for the latest exploits online,

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on May 26, 2010, 10:06:42 PM
Hi malware fighters,

@logos
Well back to business then, I mean get the latest threats from here: http://blog.scansafe.com/
Interesting read for the latest exploits online,

polonus

 ::) well thanks for the head ups then :D (not really into malware stuff right now... :P )
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on May 26, 2010, 10:54:38 PM
Hi malware fighters,

What about this threat? http://lists.clean-mx.com/clean-mx/viruses.php?domain=v3p2*com&sort=first%20desc
About what this site is into: http://blog.scansafe.com/journal/2010/5/12/possible-root-compromise-of-greatandhracom.html
Unmasked parasites: http://www.UnmaskParasites.com/security-report/?page=v3p2.com

pol
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on May 28, 2010, 09:57:21 PM
Hi malware fighters,

Be aware of the top trend search words. These could lead to fake AV links: http://www.spamfighter.com/News-14469-Hackers-Poison-Google-Search-Results.htm
So watch your clicks, folks..stay clear of poisoned Google search results...260 000 during 2009
http://news.idg.no/cw/art.cfm?id=983DCD85-1A64-67EA-E4B9D36C6D646C40

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: llariel on May 28, 2010, 10:05:24 PM
@ scythe944, Logos & nmb

The new topic is now available at:

http://forum.avast.com/index.php?topic=60230.0
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on May 28, 2010, 10:52:24 PM
Llanziel
Actually, you should have posted in here rather than starting another thread.  :)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nmb on May 30, 2010, 09:08:27 PM
Perpetual Horizon's Mebroot analysis

Avast fails to detect..  :'(

Here you go : http://perpetualhorizon.blogspot.com/2010/05/trip-down-memory-lane-with-torpig-part.html

nmb
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: JuninhoSlo on May 30, 2010, 10:10:10 PM
Hi :)

What The Internet Know About You?


http://static.whattheinternetknowsaboutyou.com/results.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on May 30, 2010, 11:42:28 PM
A cunning new phishing technique - Tabnabbing
http://www.norman.com/security_center/security_center_archive/2010/80577/en-us

http://www.azarask.in/blog/post/a-new-type-of-phishing-attack/
http://krebsonsecurity.com/2010/05/devious-new-phishing-tactic-targets-tabs/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on May 30, 2010, 11:53:32 PM
Hi Pondus,

The latest version of the Fx NoScript extension has protection against TabNabbing,

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on May 31, 2010, 04:14:15 PM
Hi malware fighters,

Hackers are looking for older versions of Fx to hack them via specific exploit packs like Eleonore:
http://www.avertlabs.com/research/blog/index.php/2010/05/28/an-overview-of-exploit-packs/
http://www.malwaredomainlist.com/forums/index.php?topic=3354.0
http://www.malwaredomainlist.com/mdl.php?search=Eleonore&colsearch=Description&quantity=50
http://evilfingers.blogspot.com/2009/08/eleonore-exp-v12-russian-exploits.html

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on June 01, 2010, 01:19:00 PM
Hi malware fighters,

A new scareware: A-fasta: http://malwareint.blogspot.com/2010/05/recent-tour-of-scareware-xxii.html

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on June 01, 2010, 02:46:19 PM
Hi malware fighters,

A new scareware: A-fasta: http://malwareint.blogspot.com/2010/05/recent-tour-of-scareware-xxii.html

polonus
See:
What is A-Fast Antivirus?
http://forums.malwarebytes.org/index.php?showtopic=49893
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on June 01, 2010, 03:09:15 PM
Critical updates for Adobe Photoshop CS4
http://www.norman.com/security_center/security_center_archive/2010/80709/en-us
http://www.adobe.com/support/security/bulletins/apsb10-13.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on June 01, 2010, 08:53:20 PM
Hi malware fighters,

Keep an eye out for these malcode sites:
http://rss.uribl.com/nic/XIN_NET_TECHNOLOGY_CORPORATION.html

Knownsec give some as confirmed clean or 其他机构评判结果
: https://webmon.knownsec.com/report?id=1948293

Some detected as Trojan horse serving site: 检测到被挂马的网站

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: PTRPRO on June 01, 2010, 10:16:43 PM
Mac Attack: see> http://www.theregister.co.uk/2010/06/01/mac_spyware/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Lisandro on June 02, 2010, 02:37:34 AM
Mac Attack: see> http://www.theregister.co.uk/2010/06/01/mac_spyware/
I share his opinion posted there:

Quote
Mac's most ardent supporters have long claimed the platform is more inherently secure than Windows, a perception Apple marketers have been happy to perpetuate. But a more plausible explanation, advanced by Charlie Miller and other white-hat hackers who regularly exploit Apple security bugs, is that the platform isn't sufficiently big enough to justify the investment of hardened crime gangs.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: CharleyO on June 02, 2010, 04:13:51 AM
***

Mac Attack: see> http://www.theregister.co.uk/2010/06/01/mac_spyware/
I share his opinion posted there:

Quote
Mac's most ardent supporters have long claimed the platform is more inherently secure than Windows, a perception Apple marketers have been happy to perpetuate. But a more plausible explanation, advanced by Charlie Miller and other white-hat hackers who regularly exploit Apple security bugs, is that the platform isn't sufficiently big enough to justify the investment of hardened crime gangs.

This is the same that I have been saying for the past 10 years and this idea includes browsers as well as other less popular computer applications.


***
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on June 03, 2010, 12:19:27 AM
Hi malware fighters,

Facebook worm threat: http://www.sophos.com/blogs/gc/g/2010/05/31/viral-clickjacking-like-worm-hits-facebook-users/

Moslim jihad against facebook blasphemy groups: http://www.virtualjihad.net/

pol
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on June 03, 2010, 02:17:32 PM
Free Mac OS X screensavers bundled with spyware (http://www.zdnet.com/blog/security/malware-watch-free-mac-os-x-screensavers-bundled-with-spyware/6560?tag=nl.e589)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on June 03, 2010, 02:39:44 PM


Moslim jihad against facebook blasphemy groups: http://www.virtualjihad.net/



interesting...
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on June 03, 2010, 08:19:02 PM
Hi malware fighters,

Sasfis trojan tricks Windows with new technique: http://blog.trendmicro.com/sasfis-malware-uses-a-new-trick/

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on June 03, 2010, 09:05:33 PM
Hi malware fighters,

Look for these fake-AV threats from blog sites: http://blog.trendmicro.com/doorway-pages-and-other-fakeav-stealth-tactics/
Recently spotted a couple in the virus and worms reported there...

pol
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on June 05, 2010, 05:55:42 AM
Not sure if this has already been posted

Removal instructions for Sysinternals Antivirus
http://forums.malwarebytes.org/index.php?showtopic=52821
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: ozzieguy on June 05, 2010, 06:22:37 AM
I get this warning daily - and really do not know where it is coming from.

http://www.shemel.co.cc/le.php\{gzip}
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Alan Baxter on June 05, 2010, 06:31:48 AM
Security Advisory for Flash Player, Adobe Reader and Acrobat
http://blogs.adobe.com/psirt/2010/06/security_advisory_for_adobe_re.html
Quote
A Security Advisory has been posted in regards to a new Adobe Reader, Acrobat and Flash Player issue (CVE-2010-1297). A critical  vulnerability exists in Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems. This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat.

The Flash Player 10.1 Release Candidate available on http://labs.adobe.com/technologies/flashplayer10/ does not appear to be vulnerable.

Adobe Reader and Acrobat 8.x are confirmed not vulnerable. Mitigations for Adobe Reader and Acrobat 9.x are included in the Security Advisory.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on June 05, 2010, 10:16:36 PM
Hi Alan Baxter,

With a penetration rate of 97% this is a gaping vulnerability risk and could affect millions and millions of computers, so go here to update: http://labs.adobe.com/downloads/flashplayer10.html#android

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on June 05, 2010, 10:23:18 PM
Hi Alan Baxter,

With a penetration rate of 97% this is a gaping vulnerability risk and could affect millions and millions of computers, so go here to update: http://labs.adobe.com/downloads/flashplayer10.html#android

polonus

Hi D.,
is this a stable release..??
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on June 05, 2010, 10:26:23 PM
Hi Asyn,

While waiting for a security update, users are advised to go and download the release candidate from
http://labs.adobe.com/technologies/flashplayer10 found here: http://labs.adobe.com/downloads/flashplayer10.html
It is stable enough,

pol
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on June 05, 2010, 10:36:05 PM
Hi Alan Baxter,

With a penetration rate of 97% this is a gaping vulnerability risk and could affect millions and millions of computers, so go here to update: http://labs.adobe.com/downloads/flashplayer10.html#android

polonus

Hi D.,
is this a stable release..??
asyn


yep, been using several successive beta and RCs of it for many weeks, no problem.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on June 05, 2010, 10:50:21 PM
Hi Logos,

Thanks for confirming this, for our users. Secunia PSI cannot solve all our patching/upgrading problems.
And now has three bugs: http://www.theregister.co.uk/2010/06/02/secunia_bug_check_tool/
(only form a problem when you feed up wrongly yourself...)

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on June 05, 2010, 10:54:21 PM
Thanks guys..!! :)
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nmb on June 06, 2010, 07:28:19 AM
Virtualjihad.net has been suspended. They served a ddos tool.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Chris Thomas on June 06, 2010, 04:05:50 PM
I have been using Flash RC from the day one when it was released....

I was just hoping if my statistics that they wean from my PC can be of some use to make flash better....

HTML 5 is the future...
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on June 07, 2010, 02:06:05 PM
More adobe........

Critical vulnerability in Adobe Flash Player, Adobe Reader and Acrobat
http://www.norman.com/security_center/security_center_archive/2010/83636/en

quote:
As of this writing no updates are available. There are reports that this vulnerability is being actively exploited.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Alan Baxter on June 07, 2010, 02:57:43 PM
Thank you, Pondus, but all that was reported here three days ago. In case you missed it, that report included information that the Flash Player 10.1 Release Candidate does not appear to be vulnerable and its immediate installation is recommended.

http://forum.avast.com/index.php?topic=52252.msg509931#msg509931
Security Advisory for Flash Player, Adobe Reader and Acrobat
http://blogs.adobe.com/psirt/2010/06/security_advisory_for_adobe_re.html
Quote
A Security Advisory has been posted in regards to a new Adobe Reader, Acrobat and Flash Player issue (CVE-2010-1297). A critical  vulnerability exists in Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems. This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat.

The Flash Player 10.1 Release Candidate available on http://labs.adobe.com/technologies/flashplayer10/ does not appear to be vulnerable.

Adobe Reader and Acrobat 8.x are confirmed not vulnerable. Mitigations for Adobe Reader and Acrobat 9.x are included in the Security Advisory.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on June 07, 2010, 03:10:46 PM
Hi Logos,

Thanks for confirming this, for our users. Secunia PSI cannot solve all our patching/upgrading problems.
And now has three bugs: http://www.theregister.co.uk/2010/06/02/secunia_bug_check_tool/
(only form a problem when you feed up wrongly yourself...)

polonus
Make sure you have Secunia PSI V1.5.0.2
http://secunia.com/vulnerability_scanning/personal
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on June 08, 2010, 01:30:04 AM
Hi malware fighters,

Targeted attack in an Exel document: http://www.symantec.com/connect/blogs/fifa-world-cup-used-lure-victims-targeted-attack

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on June 10, 2010, 11:24:47 AM
Quote
Hackers expose 114,000 iPad users through AT&T site
http://www.zdnet.co.uk/news/security-threats/2010/06/10/hackers-expose-114000-ipad-users-through-atandt-site-40089189/

Quote
A group of hackers exploited a hole in an AT&T website to get email addresses of about 114,000 iPad users, including what appears to be top officials in government, finance, media, technology and military
.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on June 10, 2010, 08:31:46 PM
Hi malware fighters,

To be protected against the facebook link invaders: http://forums.informaction.com/viewtopic.php?f=8&t=4454

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on June 10, 2010, 08:36:58 PM
Google finds serious hole in Windows XP: http://seclists.org/fulldisclosure/2010/Jun/205

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on June 10, 2010, 10:24:12 PM
Hi malware fighters,

SQL-mass infection reported - http://blog.sucuri.net/2010/06/mass-infection-of-iisasp-sites-robint-us.html

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on June 11, 2010, 10:58:59 AM
http://forum.avast.com/index.php?topic=52252.msg509931#msg509931
http://forum.avast.com/index.php?topic=52252.msg510668#msg510668


Critical vulnerability in Adobe Flash Player, Adobe Reader and Acrobat - UPDATED
http://www.norman.com/security_center/security_center_archive/2010/83636/en
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on June 11, 2010, 01:56:09 PM

Critical vulnerability in Adobe Flash Player, Adobe Reader and Acrobat - UPDATED
http://www.norman.com/security_center/security_center_archive/2010/83636/en

From the Flash Player site
Quote
Adobe recommends all users of Adobe Flash Player 10.0.45.2 and earlier versions upgrade to the newest version 10.1.53.64
I would remove all versions of Flash Player by using the Flash Player uninstaller:
http://kb2.adobe.com/cps/141/tn_14157.html

Make sure to have all browsers sessions closed when running the uninstaller and do a reboot to permit locked files to be removed.

http://get.adobe.com/flashplayer <== make sure that you un-select the Free Google Toolbar if you do not want it.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Jtaylor83 on June 11, 2010, 04:54:27 PM

Critical vulnerability in Adobe Flash Player, Adobe Reader and Acrobat - UPDATED
http://www.norman.com/security_center/security_center_archive/2010/83636/en

From the Flash Player site
Quote
Adobe recommends all users of Adobe Flash Player 10.0.45.2 and earlier versions upgrade to the newest version 10.1.53.64
I would remove all versions of Flash Player by using the Flash Player uninstaller:
http://kb2.adobe.com/cps/141/tn_14157.html

Make sure to have all browsers sessions closed when running the uninstaller and do a reboot to permit locked files to be removed.

http://get.adobe.com/flashplayer <== make sure that you un-select the Free Google Toolbar if you do not want it.

Google toolbar no longer included in the installer, I think. I had problems last night of installing the new Flash plugin. Instead, I downloaded the Active X flash player which is for IE.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on June 11, 2010, 08:08:22 PM

Google toolbar no longer included in the installer, I think. I had problems last night of installing the new Flash plugin. Instead, I downloaded the Active X flash player which is for IE.
It sure is.

I sure would modify my profile if I advertise that I am Granddadsgiant (at) aol.com
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on June 12, 2010, 02:59:35 AM
Vulnerability in Windows Help and Support Center Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/2219475.mspx
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on June 12, 2010, 04:40:16 PM
Hi malware fighters,

Install the Fix it for this issue: http://support.microsoft.com/kb/2219475
Certainly soon there will be malware seen to exploit this for Windows XP SP2 & 3,

pol
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on June 12, 2010, 06:58:01 PM
Before using the fixit solution, make sure your System is vulnerable.

Vista and Win7 certainly aren't.  :)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nmb on June 12, 2010, 07:57:53 PM
Before using the fixit solution, make sure your System is vulnerable.
How would someone do that?

Quote
Vista and Win7 certainly aren't.  :)

Certainly soon there will be malware seen to exploit this for Windows XP SP2 & 3,
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on June 12, 2010, 08:26:51 PM
This should answer your question nmb
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on June 12, 2010, 10:59:07 PM
This should answer your question nmb

Sorry, Bob..!
But polonus' post did already refer to this... ;)
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on June 12, 2010, 11:53:50 PM
Hi Asyn,

Here is the MS page: http://www.microsoft.com/technet/security/advisory/2219475.mspx
There was some controversy over Google publishing this exploit,

pol
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on June 13, 2010, 12:13:54 AM
Hi Asyn,

Here is the MS page: http://www.microsoft.com/technet/security/advisory/2219475.mspx
There was some controversy over Google publishing this exploit,

pol
Run the FixIt. :)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on June 13, 2010, 12:16:18 AM
Hi Asyn,
Here is the MS page: http://www.microsoft.com/technet/security/advisory/2219475.mspx
There was some controversy over Google publishing this exploit,
pol

Thanks D, already been there..! ;)
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on June 13, 2010, 12:18:33 AM
Run the FixIt. :)

Whom do you mean..?
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on June 13, 2010, 01:24:35 AM
Run the FixIt. :)

Whom do you mean..? asyn
Run it on your XP SP3 system and maybe your Comodo will even pemit it.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on June 13, 2010, 02:17:38 AM
Run it on your XP SP3 system and maybe your Comodo will even pemit it.

No need, as
1. I don't need/run it
2. Block it anyway with comodo..! ;D
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on June 14, 2010, 11:29:10 PM
Hi malware fighters,

A new kind malcoded adware, rather malware, may transform your laptop into a Wifi router to function as a laptop access point, the victim does not see the launched ads on every HTML page and also on YouTube. It is too easy to call this a normal "man in the middle attack, we certainly will hear more about "Typhoid adware"....http://pages.cpsc.ucalgary.ca/~aycock/papers/eicar10.pdf

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nmb on June 15, 2010, 05:09:31 AM
SumatraPDF v1.1 Denial of Service PoC

http://www.exploit-db.com/exploits/13872/

nmb
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on June 15, 2010, 03:17:01 PM
Hi malware fighters,

A new trojan does not work under Windows XP, but will infect Vista: http://blog.webroot.com/2010/06/14/spammed-trojan-wont-run-under-windows-xp/

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on June 15, 2010, 03:33:22 PM
Hi malware fighters,

Google Analytics harbours new malicious script!

On a number of hacked websites eSoft found Google Analytics abused to harbour malicious scripts. Used JavaScript code normally used the Google domain, bur during decoding of the script a non-functioning 'sr tag' is being used, directing to a functioning 'sr tag' with a malicious script on another domain. Analyzing these websites critically look at theGoogle Analytics code, please....http://threatcenter.blogspot.com/2010/06/alert-to-web-security-researchers.html

pol

Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on June 15, 2010, 06:11:25 PM
Linux trojan raises malware concerns
A backdoor Trojan discovered in a popular Linux download illustrates that the OS is not impervious.
http://pcworld.co.nz/pcworld/pcw.nsf/feature/1461D73DC2B51F96CC25774100750C6B
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on June 16, 2010, 12:29:30 AM
Quote
Linux trojan raises malware concerns
A backdoor Trojan discovered in a popular Linux download illustrates that the OS is not impervious.
Welcome to the club. :'(
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on June 16, 2010, 07:53:51 PM
Hi malware fighters,

The XP hole found up by Google is now actively being abused, so apply the FixIt:
http://www.sophos.com/blogs/sophoslabs/?p=10045

pol
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Alan Baxter on June 17, 2010, 05:50:09 AM
The XP hole found up by Google is now actively being abused, so apply the FixIt:
http://www.sophos.com/blogs/sophoslabs/?p=10045

Done just now.  Thank for for the update.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on June 18, 2010, 10:11:19 AM
Disclose information about vulnerabilities? Yes/No/When?

http://www.norman.com/security_center/security_center_archive/2010/83782/en
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on June 18, 2010, 03:49:07 PM
dont put your money here

Eastern European banks under attack by next-gen crime app
http://www.theregister.co.uk/2010/06/16/blackenergy2_ddos_attacks/



Researcher shows how to strike back at web assailants
Exploiting the exploiters
http://www.theregister.co.uk/2010/06/17/exploiting_online_attackers/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on June 18, 2010, 04:01:27 PM
Hi Pondus,

On the disclosure discussion front, i.m.o. the best remedy is to educate users to be fully protected against possible 0-days. That is to make use of appropriate in-browser protection like NS and RP (so code can not run and malicious requests are not being performed), use a normal user account so an exploit can not be maximized on the OS and in the registry. Use a combination of a fully upgraded resident AV solution together with some additional non-resident malware scanners (MBAM, SAS etc.) and check with Secunia's PSI for instance whether all third party software has been fully updated and patched.
As long as users are not educated into these precautionary practices the discussion between full, semi or responsible disclosure is a non-issue because the average user will still be a sitting duck for malcreants and cybercriminals alike,

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on June 19, 2010, 04:17:31 AM
Hi Pondus,

On the disclosure discussion front, i.m.o. the best remedy is to educate users to be fully protected against possible 0-days. That is to make use of appropriate in-browser protection like NS and RP (so code can not run and malicious requests are not being performed), use a normal user account so an exploit can not be maximized on the OS and in the registry. Use a combination of a fully upgraded resident AV solution together with some additional non-resident malware scanners (MBAM, SAS etc.) and check with Secunia's PSI for instance whether all third party software has been fully updated and patched.
As long as users are not educated into these precautionary practices the discussion between full, semi or responsible disclosure is a non-issue because the average user will still be a sitting duck for malcreants and cybercriminals alike,

polonus

+1 (100% agree..!!!)
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on June 19, 2010, 01:10:14 PM
guys stop dreaming, the average user will never ever use NS or similar, never. The average user wants his box to run like a TV, turn on, zap, turn off...browse the web, check hotmail, and basta. It's already hard to make them undertsand that they need an anti-virus at all (most of them running nothing, because the Norton trial expired ;D )....there's no such thing as educating the masses about computer and internet security. The masses are purely and simply rejecting the ideas: that 1st the web is not secure, and second that they need to be educated for their own sake. It's a dead end. Show user lambda that his system is infected, he'll still wonder why there's a need to clean it...not a joke ;)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on June 19, 2010, 04:46:54 PM
guys stop dreaming, ... <snip>

Never stop dreaming..!! ;)
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on June 19, 2010, 05:04:48 PM
Hi Logos,

Still we have to go on educating, just for the guys and gals and kids that will pick this up, weren't we a bit like average users when we started out here. How may computers do you need that have been turned into a state of "no better than a door stopper" by malcoded script to finally glimpse at the idea that it is a PEBKAC problem mainly, and you can do something fundamentally about it. If I can get 100 users to further use NS and RP combined I feel a better human being for doing so,

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on June 22, 2010, 11:05:35 AM
From Omids`s Blog

A little note to the guys at ESET  http://boelectronic.blogspot.com/search/label/Fun
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on June 22, 2010, 01:29:55 PM
Go Omid! I liked the Windows updates thing in those earlier posts. I'm planning on 2012 ending for XP network followed by upgrade to whatever is best option then. Whenever the security updates cannot be kept up to cover potential or real vunerabilities. I've got two years avast! Pro on an XP Pro 32bit so I'll take my XP that far.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on June 22, 2010, 02:12:40 PM
also from Omid`s blog

Watch out for this dangerous hacker.....he may erase your hard drive.......... ;D ;D ;D
http://whatthehell.eu/hacker-story
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on June 22, 2010, 03:34:58 PM
Hi Pondus,

And what would you think of this, malcreants signing their malcode with MS Authenticode, certified malware, who would believe this?
http://www.f-secure.com/weblog/archives/00001973.html

So look out, you good people, it is a nightmare out there or soon to be,

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: spg SCOTT on June 22, 2010, 05:25:16 PM
also from Omid`s blog

Watch out for this dangerous hacker.....he may erase your hard drive.......... ;D ;D ;D
http://whatthehell.eu/hacker-story

Must be DST... ;D ;D ;D ;D ;D...


(http://www.stophiphop.com/modules/marketplace/images/TS-black-IHacked127001-02.jpg)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on June 24, 2010, 12:53:33 AM
Testing Reveals Security Software Often Misses New Malware
http://www.cio.com/article/597263/Testing_Reveals_Security_Software_Often_Misses_New_Malware?taxonomyId=3089
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on June 24, 2010, 01:17:45 AM
Testing Reveals Security Software Often Misses New Malware
http://www.cio.com/article/597263/Testing_Reveals_Security_Software_Often_Misses_New_Malware?taxonomyId=3089
Then there are those that feel the sky is falling ::)

There needs to be a sanity check! ???
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: CharleyO on June 28, 2010, 11:05:33 AM
***

Misplaced warning at this link :

http://forum.avast.com/index.php?topic=61138.msg516039#msg516039


***
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: CharleyO on June 30, 2010, 09:57:28 AM
***

Misplaced notice at this link :

http://forum.avast.com/index.php?topic=61279.msg517655#msg517655


***
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on June 30, 2010, 12:11:48 PM
Critical udates for Adobe Acrobat and Reader
http://www.norman.com/security_center/security_center_archive/2010/84420/en
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on June 30, 2010, 01:08:44 PM
Hi malware fighters,

In Amsterdam a couple of important HTTP-protocol flaws will be revealed: the vulnerabilities are for all programs and services that make use of the HTTP-protocol, e.g. Internet Explorer, Firefox, Microsoft Office, buts also Twitter, Hotmail, Facebook and iPhone Apps. MS and Facebook could mend these flaws in their code, but closing the holes for the HTML-protocol itself won't be that easy and swift a task...
So that is why I use HTTPS-everywhere extension inside the Mozilla browser for now, NoScript will protect the user as well, so all my search queries go via encrypted.google.com, my good friends,

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on June 30, 2010, 04:41:09 PM
Using HTTPS stops avast from being able to scan your web activity.
At this point, I'd rather depend on avast! to protect me. :)  (This is my opinion)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: DavidR on June 30, 2010, 05:08:46 PM
Using HTTPS stops avast from being able to scan your web activity.
At this point, I'd rather depend on avast! to protect me. :)  (This is my opinion)

Couldn't agree more, why use the web shield if you are going to cripple it by using an add-on to use https.

Not to mention a point polonus makes that NoScript also protects you to a degree in firefox, by switching to https you are actually reducing that effectiveness as the rules in NS by default are different for https (active content in https connection, see image). So not only are you blocking avast you are also reducing the effectiveness of noscript, a poor swap in my opinion.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on June 30, 2010, 05:53:56 PM
DavidR,

The avast shields keeps working I guessed, the https everywhere is only for a couple of sites that give this additional service (alas google via encrypted.google, because of the school filter circumvention issue), it would be a sad thing indeed that we weren't protected on/via https connections. Is that so? I have the extension now disabled for the mo, but like to hear a bit more on the issue why https is not protected by avast via their port 12080 shield connection,

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: DavidR on June 30, 2010, 06:28:02 PM
It isn't only for a couple of sites and they are looking at adding other sites, not to mention some of the sites they do include notably facebook (I believe, or some such social networking site/s), which are large targets for malware.

It is a simple fact https is encrypted and the web shield can't monitor/scan encrypted traffic so it doesn't even try. So you loose that level of protection on https pages, it may well be picked up by the file system shield, but that isn't assured and certainly not any hacked site, redirect, exploit issues.

You only need monitor the web shield whilst browsing an https site and you will see zero scanning of https pages/content. Why do you think I have been banging on about it every time you mention this add-on.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on June 30, 2010, 09:20:25 PM


The avast shields keeps working I guessed...

polonus

I'm surprised to hear that from you Pol...how do you want to scan encrypted traffic :) remains that the file shield will interact at disk level...but hey that's not the same level of protection anymore ;) This said there's no risk surfing on https on a few sites (allowing it), I do that myself, on twitter for instance, where there's nothing hosted >>> if malware is linked there it's out of twitter, so the webshield will interact again. I'd be more careful with Facebook (that I hate anyway), because stuff is hosted there, so yes there are definitely some sites where ssl is not advised at all.
 The main point of using ssl is to get the privacy that you can't get on http in the case that bad guys would be eavesdropping the network...but the downside is that "malwarewise", you're almost on your own there.

ps: but again, I think switching to ssl is fine on a very restricted number of sites, like Google docs (on your account) and as a rule on nothing shared from another account.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Llanziel on June 30, 2010, 11:46:48 PM
Hi guys!

One question,

Is Google search exploited, or is a FP from avast!?

my avast! found in many occasions a JS-ScripIP-inf trojan trying to download to my computer when I make searches through Google.   



iRanzel

attach: report file from Web Shield
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on June 30, 2010, 11:55:45 PM
Hi iRanzel,

It is w\Xw.google.com.pr that has been hacked: t's the Peace Crew, formerly known as Terrorist Crew, a group of politically motivated hackers supporting the Palestinian cause, who recently defaced the Microsoft New Zealand sites. Earlier this year, they attacked a number of Nato and US military websites.

The principal Peace Crew character is a hacker known as Agd_Scorp, allegedly of Turkish origin. Others prominent members are rx5 and Cr@zy_King.

I don't know just how exactly did they go about this hack, but it seems to have something to do with modifying the DNS records of the hacked domains, which in effect re-directs prospect visitors to a site designed by the hackers. This particular exploit is known as "SQL Injection vulnerability".
source(s):
Microsoft NZ Hack:
http://w0rm.us/tag/peace-crew
http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=1...

NATO Hack:
http://news.softpedia.com/news/Palestinian-Supporters-Hack-NATO-and-U-S-Arm...

DNS Record Types:
http://en.wikipedia.org/wiki/List_of_DNS_record_types

SQL Injection:
http://en.wikipedia.org/wiki/SQL_injection

Use for searches the encrypted.google.com serviced, that is https and not that easy to hack or do your searches at
Ixquick, they also do not retain your search queries, http://ixquick.com/do/metasearch.pl

But looking for keygens is the royal route into your computer for malcode, because it often comes bundled with it..


polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on July 01, 2010, 12:50:58 AM
Hi malware fighters,

A FOOBAR by GoogleChrome as some take it - Flash Player installed a la default with their latest update of the browser, a security nightmare, Google says:  you, the user, do not have to install anything and maintain anything, we'll do that for you. The option to fall back on a player you installed yourself is still there in the browser, but for that you have to opt out, but even as Flash Player comes sandboxed in GoogleChrome, isn't it better to go on with HTML5 and let Flash die a silent death, it is and was a security nightmare, folks?

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Llanziel on July 01, 2010, 03:51:33 AM
Quote
But looking for keygens is the royal route into your computer for malcode, because it often comes bundled with it..


polonus

Exactly, is the best way to find new malwares and send to avast! labs. I hate piracy.... is one of the causes of the recessions and crisis. Including lost jobs.  

Edit: Thanks for your info polonus.  
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Avastfan1 on July 01, 2010, 02:49:12 PM
Not sure if the Beeb was a little late reporting this... http://news.bbc.co.uk/2/hi/technology/10473495.stm (http://news.bbc.co.uk/2/hi/technology/10473495.stm)

Has anybody used the workaround? http://support.microsoft.com/kb/2219475 (http://support.microsoft.com/kb/2219475)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on July 01, 2010, 02:57:10 PM

Has anybody used the workaround? http://support.microsoft.com/kb/2219475 (http://support.microsoft.com/kb/2219475)
Installed ages ago on my XP Pro system when it was released June 14, 2010
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Avastfan1 on July 01, 2010, 03:04:05 PM
You 'installed' a work around? Or did you simply execute it?
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on July 01, 2010, 03:08:58 PM
You 'installed' a work around? Or did you simply execute it?
I excuted the Fix it
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on July 01, 2010, 10:02:58 PM
Hi malware fighters,

Adobe should do something for security = disable javascript by default: http://www.sophos.com/blogs/gc/g/2010/06/30/adobe-disable-javascript-default/

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on July 01, 2010, 10:17:55 PM
Hi malware fighters,

How the MS help-and-support-hole is now actively being exploited: http://blogs.technet.com/b/mmpc/archive/2010/06/30/attacks-on-the-windows-help-and-support-center-vulnerability-cve-2010-1885.aspx

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on July 03, 2010, 02:49:07 PM
Most dangerous sites for trojan, watch here regularly: http://blog.urlvoid.com/dangerous-websites-used-to-spread-trojans/
Also visit this site for this week's top threats online: http://wam.dasient.com/wam/infection_library_index

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on July 03, 2010, 03:59:46 PM
Hi malware fighters,

How the MS help-and-support-hole is now actively being exploited: http://blogs.technet.com/b/mmpc/archive/2010/06/30/attacks-on-the-windows-help-and-support-center-vulnerability-cve-2010-1885.aspx

polonus

I'm not convinced Microsoft Help and Support is altogether secure in any regard at the moment. For XP anyway.

I posted a while ago - 'And partly because for the first time  I am having update problems with IE (the kb979909 issue, which is .NET downloads), if I don't solve soon and with easy method (no uninstall) then I will probably post the problem to the forum'.

Well still having a few problems on one of my systems. I have opened a new topic to outline the isuue.

http://forum.avast.com/index.php?topic=61431.0
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Alan Baxter on July 03, 2010, 05:27:20 PM
I'm not convinced Microsoft Help and Support is altogether secure in any regard at the moment. For XP anyway.

Attacks on the Windows Help and Support Center Vulnerability (CVE-2010-1885) (http://blogs.technet.com/b/mmpc/archive/2010/06/30/attacks-on-the-windows-help-and-support-center-vulnerability-cve-2010-1885.aspx) convinces me the protocol isn't secure.  The protocol can be exploited by any malicious or hacked website.

If you're using XP or Server 2003, enable the FixIt (http://support.microsoft.com/kb/2219475), NOW.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on July 04, 2010, 09:15:30 AM

Has anybody used the workaround? http://support.microsoft.com/kb/2219475 (http://support.microsoft.com/kb/2219475)
Installed ages ago on my XP Pro system when it was released June 14, 2010

I am making some progress -

Quote
Technical Information (Analysis)
Trojan:Win32/Orsam!rts is a name used for trojan detections that have been added to our signatures after advanced automated analysis.
 
The generic nature of this detection means that the malicious behaviors exhibited by files detected as Trojan:Win32/Orsam!rts are highly variable and may vary from once instance of this detection to the next.
 
No further information is currently available on this threat. However, should we receive a significant number of reports, then a specific detection will be added to our signatures and a detailed analysis will be added to the encyclopedia.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Avastfan1 on July 04, 2010, 11:13:39 AM
Thanks for all the replies.

I decided to install the FixIt!

Best wishes,

Avastfan1
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on July 04, 2010, 11:24:23 PM
Hi malware fighters,

Watch out for the most aggressive malware attackers: http://mtc.sri.com/live_data/attackers/

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on July 05, 2010, 05:31:19 AM
I seem to have solved my issue concerning updates to .NET Framework.

I'm sorry but I cannot inform whether had anything to do with 'Attacks on the Windows Help and Support Center Vulnerability (CVE-2010-1885)', despite my suspicion that something had gone amiss in Microsoft Update routine. Ultimately, I reinstall / upgrade Windows Installer using the following link -

http://www.microsoft.com/downloads/details.aspx?familyid=5A58B56F-60B6-4412-95B9-54D056D6F9F4&displaylang=en

Then I installed the remaining .NET downloads. The install process seemed labored but did complete with KB974417 being the final install. I was informed by Microsoft Update that I had hidden this install for the time being, something which I cannot recall doing, or in fact do not know how to do. (but in the heat of a moment I may have been presented with an option and followed the recommendation).

Now for Trojan:Win32/Orsam!rts -
figuring I had an MS issue and so could be solved by MS itself, I downloaded and ran Microsoft Security Essentials, which generated the orsam detection when I chose to run the Internet Explorer browser at one stage. As far as I can tell - but almost certainly - the orsam detection was a False Positive generated by having both MSE and avast!antivirus running as resident on the same system.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: CharleyO on July 05, 2010, 02:11:10 PM
***

Mis-placed notice :

http://forum.avast.com/index.php?topic=50356.msg426510#msg426510

It had to happen sooner or later ... and it has been later than I thought it would be.
These have always been insecure applications.


***
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on July 07, 2010, 07:34:33 PM
Hi malware fighters,

New 0-day in IE8: http://reversemode.com/index.php?option=com_content&task=view&id=68&Itemid=1
A design error in the browser: http://www.securityfocus.com/bid/41247/info
POC: http://reversemode.com/index.php?option=com_content&task=view&id=68&Itemid=1

pol
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on July 10, 2010, 05:48:20 PM
Hi malware fighters,

Microsoft to end security support for Windows XP Service Pack 2 · Hackers' nirvana on horizon as Microsoft ends security fixes for XP SP2: http://lastwatchdog.com/hackers-nirvana-horizon-microsofts-ends-patching/

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on July 10, 2010, 06:36:52 PM
Hi malware fighters,

Microsoft to end security support for Windows XP Service Pack 2 · Hackers' nirvana on horizon as Microsoft ends security fixes for XP SP2: http://lastwatchdog.com/hackers-nirvana-horizon-microsofts-ends-patching

See this
Quote
Hundreds of millions of vulnerable PCs

A service pack is a collection of updates, feature enhancements and security fixes delivered in a single download. Microsoft released SP2 in August 2004 mainly to beef up security. Then in April 2008, the company released SP3 with less fanfare, recommending that all XP units  be updated. Yet more than two years later, thousands of companies worldwide have not yet done so.
http://lastwatchdog.com/hackers-nirvana-horizon-microsofts-ends-patching

The USA is quite high on the most vulnerable list of infected systems.  :o
 
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on July 10, 2010, 06:48:09 PM
Hi YoKenny,

Yep, and what if there is a console with "embedded Windows XP2", and someone plays an encoding smart card
trick there; how irresponsible can admins and security staff be, "infantilisized" by society around them and brainwashed alike to accept such insecure systems and not upgrade,

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on July 10, 2010, 07:46:42 PM
Hi YoKenny,

Yep, and what if there is a console with "embedded Windows XP2", and someone plays an encoding smart card
trick there; how irresponsible can admins and security staff be, "infantilisized" by society around them and brainwashed alike to accept such insecure systems and not upgrade
I know
Quote
Insanity: doing the same thing over and over again and expecting different results.
Learn from yesterday, live for today, hope for tomorrow. The important thing is not to stop questioning.
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.
Albert Einstein
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on July 10, 2010, 10:02:48 PM
Hi Kenny & polonus,
nice info, nice map, nice quote...! ;)
I stumbled over admins with no knowledge at all, just doing the same what the 'learned' years before... ::)
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nmb on July 12, 2010, 04:14:14 PM
Week in review: YouTube, iTunes, The Pirate bay hacked, Facebook scams and Twitter kits

Quote
Here's an overview of some of last week's most interesting news, interviews and articles

http://www.net-security.org/secworld.php?id=9558

nmb
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Jtaylor83 on July 12, 2010, 05:51:06 PM
Yeah, all the Jason Bieber videos were hacked through cross-scripting (XSS) vulnerability, replacing comments with big red words.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on July 12, 2010, 07:20:53 PM
Hi malware fighters,

What banks are being attacked by zeus 3 and what countries are targeted?
http://community.ca.com/blogs/securityadvisor/archive/2010/07/12/zeus-version-3-target-spain-germany-uk-and-usa-banks.aspx
See: http://www.malwaredomains.com/wordpress/?p=1081
http://www.malwaredomainlist.com/mdl.php?search=zeus&colsearch=All&quantity=100

Remarkable the zeus3 trojan only targets Spain, Germany, United States and the U.K.,

pol
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: CharleyO on July 14, 2010, 07:34:58 PM
***

Secunia Half Year Report for 2010 shows interesting trends

Quote
The report does a good job of discussing the current trends and statistics and highlights what they are seeing for vulnerabilities.

http://isc.sans.edu/diary.html


***
Title: "Mozilla snuffs password pilfering Firefox add-on"
Post by: logos on July 15, 2010, 02:02:01 PM
Mozilla snuffs password pilfering Firefox add-on
http://www.theregister.co.uk/2010/07/15/mozilla_blocklists_malicious_addon/
http://blog.mozilla.com/addons/2010/07/13/add-on-security-announcement/

Quote
Issue
An add-on called “Mozilla Sniffer” was uploaded on June 6th to addons.mozilla.org. It was discovered that this add-on contains code that intercepts login data submitted to any website, and sends this data to a remote location. Upon discovery on July 12th, the add-on was disabled and added to the blocklist, which will prompt the add-on to be uninstalled for all current users.

Impact to users
If a user installs this add-on and submits a login form with a password field, all form data will be submitted to a remote location. Uninstalling the add-on stops this behavior. Anybody who has installed this add-on should change their passwords as soon as possible.

Status
Mozilla Sniffer has been downloaded approximately 1,800 times since its submission and currently reports 334 active daily users. All current users should receive an uninstall notification within a day or so. The site this add-on sends data to seems to be down at the moment, so it is unknown if data is still being collected.

Mozilla Sniffer was not developed by Mozilla, and it was not reviewed by Mozilla. The add-on was in an experimental state, and all users that installed it should have seen a warning indicating it is unreviewed. Unreviewed add-ons are scanned for known viruses, trojans, and other malware, but some types of malicious behavior can only be detected in a code review.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on July 15, 2010, 07:13:21 PM
Hi malware fighters,

Disabling autorun is not enough, new virus vector found -windows-shortcut-flaw (no it is no feature!): "The virus is able to infect the OS in a complete new way and fashion, via a hole in the way lnk-files are being processesd, without using an autorun.info file (so nothing can be detected on the malicious USB stick", this according to an advisory on VirusBlokAda. Re analysis: http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf  &
http://www.securelist.com/en/blog/269/Myrtus_and_Guava_Episode_1

So be aware handling these Flash drives/USB-sticks .....opening any file manager or IE is enough to place two Realtek signed drivers there to inject malicious code into System Processes in order to hide malcode there...
Seems this malware was specifically developed for spying on corporations - i.e. looking for Siemens WinCC SCADA systems & similar big distributed systems for energy management etc., re: http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw - the malware can get epidemic proportions, so use a good USB av solution:
http://www.mxone.net/en/  or   http://download.cnet.com/Panda-USB-Vaccine/3000-2239_4-11040112.html

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on July 15, 2010, 08:44:03 PM
Hi malware fighters,

Disabling autorun is not enough, new virus vector found -windows-shortcut-flaw (no it is no feature!): "The virus is able to infect the OS in a complete new way and fashion, via a hole in the way lnk-files are being processesd, without using an autorun.info file (so nothing can be detected on the malicious USB stick", this according to an advisory on VirusBlokAda. Re analysis: http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf  &
http://www.securelist.com/en/blog/269/Myrtus_and_Guava_Episode_1

So be aware handling these Flash drives/USB-sticks .....opening any file manager or IE is enough to place two Realtek signed drivers there to inject malicious code into System Processes in order to hide malcode there...
Seems this malware was specifically developed for spying on corporations - i.e. looking for Siemens WinCC SCADA systems & similar big distributed systems for energy management etc., re: http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw - the malware can get epidemic proportions, so use a good USB av solution:
http://www.mxone.net/en/  or   http://download.cnet.com/Panda-USB-Vaccine/3000-2239_4-11040112.html

polonus
mxone.net blocked by hpHosts:
http://hosts-file.net/default.asp?s=mxone.net+
http://hosts-file.net/?s=www.mxone.net&x=29&y=6
Quote
• EMD - sites engaged in malware distribution
This classification is assigned to website's engaged in the distribution of malware (e.g. adware, spyware, trojans and viruses etc).

Sites with this classification typically either contain files (e.g. cracks, keygens, adware, spyware, trojans, viruses et al) or lead to such via (for example) "fake scanners" or other social engineering and misleading tactics.


Panda-USB-Vaccine/3000-2239_4-11040112.html  looks like an advertisement for Panda Cloud Antivirus ???

The only one I trust is Flash_Disinfector.exe by sUBs 8)
http://www.bleepingcomputer.com/forums/lofiversion/index.php/t229158.html

Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on July 15, 2010, 09:07:33 PM
Hi YoKenny,

Clean here: Report    2010-07-15 21:03:59 (GMT 1)
Website    _mxone.net
Domain Hash    c6cfdae769f9e964e905ab272c77cc6b
IP Address    N/A [SCAN]
IP Hostname    N/A
IP Country    -- (--)
AS Number    N/A
AS Name    N/A
Detections    0 / 17 (0 %)
Status    CLEAN
      
Scanning site with:    AMaDa    CLEAN
Scanning site with:    BrowserDefender    CLEAN
Scanning site with:    Finjan    CLEAN
Scanning site with:    Google Diagnostic    CLEAN
Scanning site with:    hpHosts    CLEAN
Scanning site with:    Malware Patrol    CLEAN
Scanning site with:    MalwareDomainList    CLEAN
Scanning site with:    MyWOT    UNRATED
Scanning site with:    Norton SafeWeb    UNRATED
Scanning site with:    ParetoLogic URL Clearing House    CLEAN
Scanning site with:    PhishTank    CLEAN
Scanning site with:    SURBL    CLEAN
Scanning site with:    Threat Log    CLEAN
Scanning site with:    TrendMicro Web Reputation    CLEAN
Scanning site with:    URIBL    CLEAN
Scanning site with:    Web Security Guard    UNRATED
Scanning site with:    ZeuS Tracker    CLEAN

SiteTruth say's: This site is safe.
Google Safe Browsing say's: This site is safe.
Threat Name: No Threat FOUND
Threat Definitions: 806935
Engine Version: 0.96.1
Host IP: 174.132.148.58
Link Status: Clean
File Size: 14.87 KB
Time Finished: 5.01 secs
Overall result: This site is secure,

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on July 15, 2010, 09:18:04 PM
New infections are not reported quickly enough ::)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on July 15, 2010, 09:31:53 PM
Hi YoKenny,

Look here: http://www.wilderssecurity.com/showthread.php?t=236298
http://site-press.com/antivirus/antivirus-news/mx-one-usb-antivirus-tutorial-33-instalacion-en-usb/
This is from a scam site: http://www.articlesbase.com/security-articles/how-to-remove-mx-one-automatically-mx-one-removal-instructions-1910840.html
Re: http://www.remove-malware.com/forums/viewtopic.php?f=22&t=6070
Only if you try to download illegally you will be confronted with: htxp://filespump.com/index.html
which was seized by US govmnt: http://mybroadband.co.za/vb/showthread.php/246753-Filespump.com-siezed-by-US-goverment

polonus

Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on July 15, 2010, 09:44:29 PM
Hi YoKenny,

Look here: http://www.wilderssecurity.com/showthread.php?t=236298
March 16th, 2009, 03:06 PM  :o

http://site-press.com/antivirus/antivirus-news/mx-one-usb-antivirus-tutorial-33-instalacion-en-usb/
This is from a scam site: http://www.articlesbase.com/security-articles/how-to-remove-mx-one-automatically-mx-one-removal-instructions-1910840.html
Re: http://www.remove-malware.com/forums/viewtopic.php?f=22&t=6070
Only if you try to download illegally you will be confronted with: htxp://filespump.com/index.html
which was seized by US govmnt: http://mybroadband.co.za/vb/showthread.php/246753-Filespump.com-siezed-by-US-goverment

polonus

You are quoting old references.
Its now July and those references are as old as sour milk or moldy cheese
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on July 17, 2010, 01:36:03 AM
Hi YoKenny,

But what can protect us then from this new USB stick root kit malware?
MS is studying it, it has already infected over 16.000 computers worldwide...staring from India,
were it was created with 2 Realtek certified drivers...so nothing shows up on the malcoded stick,
does not need autorun to infect, shortcut link and hoopla...
and we have malware here with a certificate (not valid anymore but it is not checked for that),
what is next MS certified malware?

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on July 19, 2010, 10:18:04 AM
Backgrounds of the current Twitter Spam mails increase
http://www.emsisoft.com/en/kb/articles/tec100714/
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nmb on July 19, 2010, 04:33:27 PM
Week in review: New ZeuS version and multi-stage attacks cyber attacks

(http://www.net-security.org/images/articles/weekinreview.jpg)

http://www.net-security.org/secworld.php?id=9594

nmb
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on July 19, 2010, 11:42:10 PM
Hi folks,

New Ariad hole will hunt Windows XP SP2 forever, so get SP3 or use this tool, from here:
http://blog.didierstevens.com/programs/ariad/

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on July 20, 2010, 10:07:05 AM
MS confirms Windows shortcut zero-day flaw
http://www.theregister.co.uk/2010/07/19/win_shortcut_vuln/

Quote
Microsoft has confirmed the presence of a zero-day vulnerability in Windows, following reports of sophisticated malware-based hacking attacks on industrial control systems that take advantage of the security flaw.

Security shortcomings in the Windows shortcut (.lnk files) are being exploited by the Stuxnet rootlet, an information stealing threat that targets industrial and power plant control systems. The malware - which has been detected in the wild - executes automatically if an infected USB stick is accessed in Windows Explorer.

The attack features rootkit components designed to hide the presence of the information-stealing payload on compromised systems. The digital certificate, assigned to legitimate firm Realtek Semiconductor, used to sign the rootkit components in the malware was revoked by VeriSign last week following discovery of the attack.

sounds like Panda USB vaccine is implicitly advised ;D

see here too:
http://www.microsoft.com/technet/security/advisory/2286198.mspx

MS workaround:
Quote
Disable the displaying of icons for shortcuts

...I think I'll wait for the hotfix instead :D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on July 20, 2010, 03:44:28 PM
Hi malware fighters,

This could become a big threat: http://blogs.forbes.com/firewall/2010/07/13/millions-of-home-routers-vulnerable-to-web-hack/

pol
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: PTRPRO on July 20, 2010, 09:25:08 PM
Stuxnet returns bigtime: http://blogs.technet.com/b/mmpc/archive/2010/07/16/the-stuxnet-sting.aspx
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on July 20, 2010, 10:44:48 PM
Stuxnet returns bigtime: http://blogs.technet.com/b/mmpc/archive/2010/07/16/the-stuxnet-sting.aspx

posted above ;)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on July 20, 2010, 10:58:52 PM
Hi Logos,

This is demonstrating what an enormous threat is formed by the collective Zeus zombie army, because that is how the driver certificates to make the stuxnet malware were initially compromised and could be further abused to design the new malware. Zeus/kneber botnet collectives etc. goes under the radar of normal av initially (see my postings in the virus and worms, last detection zero detection rate), and just alone in the USA 3.6 million computers are not any longer owned by the folks that sit between their keyboards and chairs, but machines are owned by malcreant bot herders, that even got a cybercriminal licence key to operate this menace machine herd (lowsec\local.ds.). Here is a message from someone who is not aware of that particular fact:
http://seclists.org/honeypots/2010/q2/3
Quote
A clean system by default should not have any unique ID made by the malware, so if you run the following:

REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network" /v UID
-- or --
REG QUERY "HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network" /v UID

an infected machine would return the following data in the following format:

<computer name>_<string id> (for example, COMP1_00038EB9)
TN security info

The net has become more and more broken now and the situation is not getting any better soon, my friends, and this is a very realistic statement not for the users that know how to Safe hex and be well protected but to the poor unaware clicking-on-everything-that-moves user.... and all we can do is preaching to the choir or as the desolate in the desert that was never heard, specifically by parties that do not want to change the security situation as we have it,

polonus

Link to wake you all up: http://www.symantec.com/connect/blogs/spyeye-bot-versus-zeus-bot
http://www.securelist.com/en/blog/2128/Will_the_real_Zeus_botnet_please_stand_up
analysis on the malware's complexity: http://blog.threatexpert.com/2009_09_01_archive.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nmb on July 21, 2010, 05:42:30 AM
Updated Microsoft advisory : http://blogs.technet.com/b/msrc/archive/2010/07/20/security-advisory.aspx

Fixit arrives : http://support.microsoft.com/kb/2286198

nmb

tags( ;)) : LNK exploit, Stuxnet.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nmb on July 21, 2010, 05:58:53 AM
I don't know whether this was posted.

GUI for metasploit now available : http://pauldotcom.com/2010/07/metasploit-new-gui.html

Warning! Only for people who know what they are doing - (advanced users).

nmb
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nmb on July 21, 2010, 04:19:26 PM
Black DDoS
                     - Analysis by Kaspersky labs.

Quote
Cybercriminals use a variety of bots to conduct DDoS attacks on Internet servers. One of the most popular tools is called Black Energy. To date, Kaspersky Lab has identified and implemented detection for over 4,000 modifications of this malicious program. In mid-2008 malware writers made significant modifications to the original version, creating Black Energy 2 (which Kaspersky Lab detects as Backdoor.Win32.Blakken). This malicious program is the subject of this article.

http://www.securelist.com/en/analysis/204792126/Black_DDoS

nmb
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nmb on July 21, 2010, 06:02:21 PM
Hi forum friends,

Researchers at F-Secure have written articles on stuxnet rootkit (Which makes use of the LNK Flaw). Here are a few links to their weblog[Latest last]:

1. Espionage Attack Uses LNK Shortcut Files (http://www.f-secure.com/weblog/archives/00001986.html).
2. More Analysis of Case LNK Exploit (http://www.f-secure.com/weblog/archives/00001987.html).
3. Zero-Day Vulnerability in Windows Shell (http://www.f-secure.com/weblog/archives/00001989.html).
4. Code for Shortcut Zero-Day Exploit is Public (http://www.f-secure.com/weblog/archives/00001991.html).
5. Update on Security Advisory 2286198 (http://www.f-secure.com/weblog/archives/00001992.html).
6. Another Signed Stuxnet Binary (http://www.f-secure.com/weblog/archives/00001993.html).
7. LNK Vulnerability: Embedded Shortcuts in Documents (http://www.f-secure.com/weblog/archives/00001994.html).

nmb
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on July 26, 2010, 01:22:07 PM
Quote
vBulletin vuln gifts admin credentials to unwashed masses
http://www.theregister.co.uk/2010/07/23/vbulletin_vuln/

Quote
Websites using software from vBulletin have been stung by a critical vulnerability that makes it trivial to steal credentials needed to administer site panels.

The flaw in version 3.8.6 of vBulletin makes it possible for anyone with a web browser to infiltrate a forum's back end, where sensitive data about users is often stored. The forumware giant issued a patch on Wednesday, but a simple Google search on Friday revealed that scores of users have yet to apply it, meaning their administrative user names and passwords are wide open.

Exploiting the bug is as easy as entering “database” (minus quotes) in the search box of a forum's FAQ page. Vulnerable sites respond by returning everything that's needed to view sensitive user information or make administrative changes.

The patch updates users to version 3.8.6 PL1. Users who want to make sure the fix has worked should check for the string “database_ingo,” which is removed once the new version has correctly been installed.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on July 26, 2010, 07:28:43 PM
Hi malware fighters,

Info found that the Stuxnet worm was specifically developed to be used as a spyware tool against Iran: http://www.cio.com.au/article/201801/designing_an_effective_web-based_analysis_tool_analyse_software_needs/

http://www.hackinthebox.org/modules.php?op=modload&name=News&file=article&sid=37173&mode=thread&order=0&thold=0

To cleanse the infection the sysclean tool used here comes from TrendMicro: http://downloadcenter.trendmicro.com/index.php?pattern_file=1

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on July 27, 2010, 08:27:49 PM
Hi malware fighters,

New LNK vulnerability using varieties of known malware: http://www.f-secure.com/weblog/archives/00001996.html

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on July 27, 2010, 09:12:35 PM
Hi malware fighters,

Stay alert of hidden iFrame injection attacks...
    * In the past, it was common for attackers to inject their malicious Iframes at the bottom / end of the webpage. Attackers are now injecting malicious Iframes anywhere in the webpage.
    * Many websites which were found to be infected in past months by malicious hidden Iframes appear to still be infected with them. Meaning most web site owners or hosting providers are not policing the content that they are serving on the web.

Our data shows many previously infected websites are still infected with hidden malicious Iframes today. Due to different obfuscation techniques detection by a majority of the Antivirus vendors remains poor, avast has very good detection with the shields, and webbrowser users can get protected with the use of extensions like NoScript abd RequestPolicy in thr Mozilla browser types (like Firefox and Flock etc.), see for the latest of these attacks http://twitter.com/dasient_new_mal

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on July 27, 2010, 10:30:43 PM
Critical vulnerability in QuickTime 7.6.6
http://www.h-online.com/security/news/item/Critical-vulnerability-in-QuickTime-7-6-6-1046499.html
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on July 27, 2010, 10:47:52 PM
WPA2 security hole discovered
http://www.infosecurity-us.com/blog/2010/7/23/wpa2-exposed-with-hole-196-vulnerability/189.aspx
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on July 27, 2010, 10:54:03 PM
WPA2 security hole discovered
http://www.infosecurity-us.com/blog/2010/7/23/wpa2-exposed-with-hole-196-vulnerability/189.aspx
asyn


well the thing is that all LAN communication is also encrypted in Win7, which already excludes the stealing of data, even if WPA2 was broken. edit after further reading: >>> Remains a possible access to the router, and the stealing of the connection...live examples and reports needed here ;D

edit: found other articles:
http://www.pcmag.com/article2/0,2817,2366994,00.asp
http://gizmodo.com/5596919/gulp-security-researcher-discovers-wpa2-vulnerability

okay: the attack is  "may be" only possible from an insider, someone on your LAN, not from the outside ;) ... waiting for a demo ;D

and now:

The vulnerability will be presented at BlackHat Arsenal by AirTight Networks senior wireless security researcher Md Sohail Ahmad........................................................

................................
Ahmad claims that this behavior is to spec (page 196 of the IEEE 802.11 standard, hence "Hole 196") and that there's nothing to fix in the implementation. The only way to protect your network is to monitor all wireless traffic for it. AirTight networks, incidentally, sells Wireless Intrusion Prevention Systems.
 ;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on July 27, 2010, 11:14:46 PM
live examples and reports needed here ;D

AirTight will present a public Webinar on August 4 at 11am Pacific.
http://www.airtightnetworks.com/home/airtight-media/webinars/wpa2-hole196-vulnerability.html
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on July 27, 2010, 11:29:43 PM
Hi Logos,

Just fire up Fiddler 2.0 in a browser and see what is being sent chunked, whenever that what is encrypted, with one click we will make it is unchunked and de-compressed and readable. If a machine can render something then someone somehow can show what is to be rendered for human eyes to be deciphered...just logical,Logos, just logical and you just need the rendering tool, sniffer whatever,

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on July 27, 2010, 11:40:38 PM
Hi Logos,

Just fire up Fiddler 2.0 in a browser and see what is being sent chunked, whenever that what is encrypted, with one click we will make it is unchunked and de-compressed and readable. If a machine can render something then someone somehow can show what is to be rendered for human eyes to be deciphered...just logical,Logos, just logical and you just need the rendering tool, sniffer whatever,

polonus

hmm...Polonus...seems a bit more complicated then that ::) ... as Fiddler2 will only allow you to decrypt your own traffic, the one that your browser already decrypts ;D
 back to topic...we already know from the article links I posted I that the potential flaw in WPA2 only affects the LAN if an insider is originating the procedure. And Asyn: read again the end of my last post :D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on July 27, 2010, 11:46:23 PM
Hi Logos,

It appears from these revelations that all comes pre-backdoored by design then, the uninformed to find out about this,
only after it has been revealed,

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on July 27, 2010, 11:55:36 PM
Hi Logos,

It appears from these revelations that all comes pre-backdoored by design then, the uninformed to find out about this,
only after it has been revealed,

polonus

the company who "reveals" the flaw, and is supposed to demonstrate it, is also a company selling wi-fi monitoring software, and they already advise to use that, saying that the protocol can't be patched anyway and the only way out is to acquire >>> full time monitoring software.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: luzagodo on July 28, 2010, 05:15:12 AM
Good read,thanks.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on July 28, 2010, 09:24:11 PM
Hi malware fighters,

Firefox warning abused by rogue av: http://www.f-secure.com/weblog/archives/00001997.html

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on July 28, 2010, 10:19:39 PM
Hi malware fighters,

Firefox warning abused by rogue av: http://www.f-secure.com/weblog/archives/00001997.html

polonus
I don't use Firefox ;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on July 29, 2010, 05:21:24 AM
Hi malware fighters,

Firefox warning abused by rogue av: http://www.f-secure.com/weblog/archives/00001997.html

polonus
I don't use Firefox ;D
Then I guess this message wasn't meant for you.  :o
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on July 29, 2010, 03:58:46 PM
Details of 100 million Facebook users published online

http://www.msnbc.msn.com/id/38463013/ns/technology_and_science-security/
http://www.bbc.co.uk/news/technology-10802730
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on July 29, 2010, 04:05:03 PM
Details of 100 million Facebook users published online

I posted a related link here:
http://forum.avast.com/index.php?topic=28748.msg526326#msg526326
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on July 29, 2010, 04:37:39 PM
Details of 100 million Facebook users published online

I posted a related link here:
http://forum.avast.com/index.php?topic=28748.msg526326#msg526326
asyn


oh, I see you found 70 millions more  ;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on July 29, 2010, 06:35:47 PM
Hi malware fighters,

Most online applications are full of holes and in the" virus and worms" section of the forums we will find the results in the form of number of sites reported to be hacked.

Using Blind Elephant to test - 100 % of phpBB forum software installations were found to be vulnerable to attacks. For other software the results were:  Mediawiki (95%), Joomla! (92%), MovableType (91%), phpMyAdmin (85%), Moodle (74%), Drupal (70%) en SPIP (65%), and these results are not much better than with first mentioned software. Only Wordpress has a by far cleaner slate with only 4% versions with holes in it. Reason for this success are easy updating routines.

Blind Elephant can be found here: http://blindelephant.sourceforge.net/

pol
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on July 30, 2010, 12:00:44 PM
Critical vulnerabilities in TYPO3
http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-012
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on August 02, 2010, 05:43:56 PM
Hi malware fighters,

OpenDNS improperty hole: http://archives.neohapsis.com/archives/fulldisclosure/2010-07/0412.html
Install NoScript to be better protected at the router level,

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on August 02, 2010, 06:07:03 PM
Android rootkit demonstrated
http://www.h-online.com/security/news/item/Android-rootkit-demonstrated-1049183.html
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on August 02, 2010, 06:19:46 PM
Blind Elephant can be found here: http://blindelephant.sourceforge.net/

Some more info on BE...
asyn

Blind Elephant paper here:
https://community.qualys.com/servlet/JiveServlet/downloadBody/1351-102-3-1577/BlindElephant_WebApp_Fingerprinting.pdf

Presentation @ BlackHat here:
https://community.qualys.com/servlet/JiveServlet/previewBody/1401-102-1-1629/BlindElephant%20-%20BlackHatUSA2010%20-%20Community.pdf
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on August 02, 2010, 07:53:12 PM
Hacker shows how he can intercept cell phone calls
http://mobile.venturebeat.com/2010/07/31/hacker-shows-how-he-can-intercept-cell-phone-calls-for-1500/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on August 02, 2010, 08:42:31 PM
Hacker shows how he can intercept cell phone calls
http://mobile.venturebeat.com/2010/07/31/hacker-shows-how-he-can-intercept-cell-phone-calls-for-1500/

Some info already posted here: ;)
http://forum.avast.com/index.php?topic=62445.0
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on August 05, 2010, 08:17:13 AM
Critical hole in Adobe Reader
http://www.h-online.com/security/news/item/Critical-hole-in-Adobe-Reader-and-nobody-wants-to-know-1050622.html
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on August 05, 2010, 05:17:15 PM
Cisco security products vulnerable to DoS
http://www.cisco.com/warp/public/707/cisco-sa-20100804-fwsm.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20100804-asa.shtml
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Marc57 on August 05, 2010, 09:46:51 PM
Microsoft Security Bulletin Advance Notification for August 2010


http://www.microsoft.com/technet/security/Bulletin/ms10-aug.mspx

Looks like there's going to be a bunch of updates.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on August 05, 2010, 10:57:29 PM
Hi malware fighters,

Keep an eye on this list of known attack list: http://site-scanner.com/News/kasl.php

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: DavidR on August 05, 2010, 11:25:46 PM
Microsoft Security Bulletin Advance Notification for August 2010

http://www.microsoft.com/technet/security/Bulletin/ms10-aug.mspx

Looks like there's going to be a bunch of updates.

Nah, only 7 Critical and 3 Important updates, nothing on dial-up, I should have those downloaded before the next patch Tuesday ;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on August 06, 2010, 01:17:23 AM
No patch for serious vulnerability in Windows XP SP2 - ever
http://www.norman.com/security_center/blog/per_olav_forland/91402/en
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Marc57 on August 06, 2010, 04:54:53 AM
Microsoft Security Bulletin Advance Notification for August 2010

http://www.microsoft.com/technet/security/Bulletin/ms10-aug.mspx

Looks like there's going to be a bunch of updates.

Nah, only 7 Critical and 3 Important updates, nothing on dial-up, I should have those downloaded before the next patch Tuesday ;D

Hey David, Maybe it would be faster for MS to mail you the patches on DVD.   :D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: SafeSurf on August 06, 2010, 10:11:16 AM
Don't feel bad David.  I had to do them on 2 PC's with dial-up.  Talk about having a very long night and day!
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on August 06, 2010, 11:19:40 AM
Critical hole in Adobe Reader
http://www.h-online.com/security/news/item/Critical-hole-in-Adobe-Reader-and-nobody-wants-to-know-1050622.html
asyn

Adobe expects to make these updates available during the week of August 16, 2010.
http://www.adobe.com/support/security/bulletins/apsb10-17.html
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: DavidR on August 06, 2010, 03:17:20 PM
Don't feel bad David.  I had to do them on 2 PC's with dial-up.  Talk about having a very long night and day!

I don't feel bad about it, if anything dial-up teaches you all about patience.

Or as the Vulture said, "Patience my ass I'm gonna kill something."
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: SafeSurf on August 07, 2010, 09:21:12 AM
I don't feel bad about it, if anything dial-up teaches you all about patience.

Or as the Vulture said, "Patience my ass I'm gonna kill something."
Patience...I pay my bills, I can write an story, clean, and yes...think about killing the machines on dial-up!   I'm glad we see eye to eye on this.   ;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on August 07, 2010, 06:56:17 PM
Shiny Old VxWorks Vulnerabilities
VxWorks flaws allow access to numerous network devices
http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on August 07, 2010, 07:09:57 PM
Critical....!! Or not..??
Decide for yourself... ;)
http://www.vupen.com/english/advisories/2010/2029
http://secunia.com/advisories/40870/
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on August 07, 2010, 08:11:35 PM
@ Asyn: got to find the link again, there are 14 patches coming up next week (from MS)

okay here: http://www.microsoft.com/technet/security/bulletin/ms10-aug.mspx
"expand" Executive Summaries, and see if what you posted is inside. I'll check too ;)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on August 07, 2010, 08:23:05 PM
@ Asyn: got to find the link again, there are 14 patches coming up next week (from MS)
"expand" Executive Summaries, and see if what you posted is inside. I'll check too ;)

Usually they aren't that fast in fixing... ;)
Did you find it there..? I didn't.
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on August 07, 2010, 08:25:01 PM
@ Asyn: got to find the link again, there are 14 patches coming up next week (from MS)
"expand" Executive Summaries, and see if what you posted is inside. I'll check too ;)

Usually they aren't that fast in fixing... ;)
Did you find it there..? I didn't.
asyn


nope ;D ...didn't see that you were referring to a just discovered flaw okay ;)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on August 07, 2010, 09:15:43 PM
Thunder from the cloud...!!!
http://www.darkreading.com/smb-security/security/perimeter/showArticle.jhtml?articleID=226500300
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on August 09, 2010, 01:05:30 PM
Apache CouchDB 1.0.0 suffers potential data loss bug
http://couchdb.apache.org/notice/1.0.1.html
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on August 09, 2010, 02:13:10 PM
Private-Browsing-Modes - Not that private at all
An analysis of private browsing modes in modern browsers (Chrome/Firefox/Internet Explorer/Safari)
http://crypto.stanford.edu/~dabo/pubs/abstracts/privatebrowsing.html
Full Paper here: (Nice read, don't miss it...)
http://crypto.stanford.edu/~dabo/pubs/papers/privatebrowsing.pdf
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: spg SCOTT on August 09, 2010, 03:11:15 PM
Private-Browsing-Modes - Not that private at all
More:
http://www.bbc.co.uk/news/technology-10891355

http://hphosts.blogspot.com/2010/06/internet-explorer-8-is-inprivate.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on August 10, 2010, 10:46:26 PM
Vulnerability in OpenSSL 1.0.x
http://www.h-online.com/security/news/item/Vulnerability-in-OpenSSL-1-0-x-1053147.html
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on August 10, 2010, 10:48:05 PM
First SMS trojan for Android detected
http://www.kaspersky.com/au/news?id=207576152
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on August 10, 2010, 11:29:53 PM
Microsoft Security Advisory (2264072)
Elevation of Privilege Using Windows Service Isolation Bypass
https://www.microsoft.com/technet/security/advisory/2264072.mspx
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on August 11, 2010, 03:09:00 AM
Microsoft Security Advisory (2264072)
Elevation of Privilege Using Windows Service Isolation Bypass
https://www.microsoft.com/technet/security/advisory/2264072.mspx
asyn

Read the Frequently Asked Questions
Quote
Is this a security vulnerability that requires Microsoft to issue a security update?
No. The Windows Service Isolation feature is an optional configuration that some customers may choose to deploy. This feature is not appropriate for all customers. Windows Service Isolation is a defense-in-depth feature and not a proper security boundary and should not be construed as such.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nmb on August 11, 2010, 05:00:13 PM
Indonesia blocks access to 4 million porn sites

Good move.

http://ibnlive.in.com/news/indonesia-blocks-access-to-4-million-porn-sites/128637-2.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on August 11, 2010, 11:26:20 PM
Online Virus Robs 3,000 UK Bank Accounts
http://news.sky.com/skynews/Home/Technology/Computer-Virus-Zeus-V3-Hits-Large-UK-Financial-Institution-And-Bank-Customers-Says-M28-Security-Labs/Article/201008215681025?lpos=Technology_First_Home_Article_Teaser_Region_8&lid=ARTICLE_15681025_Computer_Virus_Zeus_V3_Hits_Large_UK_Financial_Institution_And_Bank_Customers_Says_M28_Security_Labs
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: DavidR on August 12, 2010, 12:23:55 AM
Don't you just love short URLs ;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on August 12, 2010, 01:10:45 AM
Don't you just love short URLs ;D

+1  ;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on August 12, 2010, 11:30:09 PM
Botnet attacks SSH servers
http://isc.sans.edu/diary.html?storyid=9370
http://www.malwarecity.com/community/index.php?showtopic=1177
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on August 12, 2010, 11:38:50 PM
Hi Logos and bob3160,

Here is Pondus link again, now it is fun to click: http://tiny.cc/sd387

polonus

P.S. Check the link because tiny links can also be used for abuse..
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on August 12, 2010, 11:50:42 PM
Botnet attacks SSH servers
http://isc.sans.edu/diary.html?storyid=9370
http://www.malwarecity.com/community/index.php?showtopic=1177
asyn

VirusTotal - linux_sshscan.ex$ -  1/42
http://www.virustotal.com/file-scan/report.html?id=95dda5f750510e0d7d49512b425548d4cb400ddb129d331bdcfaae6f2424566c-1281641251
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on August 13, 2010, 12:01:39 AM
Hi Pondus,

That is frightening, my good friend, I have VTZilla now in the Flock browser, HackTool programs are used to create new users in the list of permitted system visitors, and to delete information from system logs in order to hide the malicious user’s presence on the system. These programs are also used to analyze and collect network packets to carry out specific malicious actions.

Malicious users employ HackTool programs when setting up attacks on local or remote computers. This ELF malware is a command line tool that utilizes the SSH (Secure Shell) exploit vulnerability in Linux. When executed successfully, it enables a remote user t o have full access to the affected system's functions. It can be used to download, and execute possibly-malicious files, upload the user's files, access user accounts and perform administrative commands.

Hope detection of it follows and all files can be scanned successfully,

Damian
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on August 13, 2010, 01:46:02 AM
Hi Logos and bob3160,

Here is Pondus link again, now it is fun to click: http://tiny.cc/sd387

polonus

P.S. Check the link because tiny links can also be used for abuse..
One of the reasons I avoid them like the plague.  ;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: FreewheelinFrank on August 13, 2010, 07:11:13 AM
Hi Logos and bob3160,

Here is Pondus link again, now it is fun to click: http://tiny.cc/sd387

polonus

P.S. Check the link because tiny links can also be used for abuse..

Hi Polonus,

Here (http://news.sky.com/skynews/Home/Technology/Computer-Virus-Zeus-V3-Hits-Large-UK-Financial-Institution-And-Bank-Customers-Says-M28-Security-Labs/Article/201008215681025?lpos=Technology_First_Home_Article_Teaser_Region_8&lid=ARTICLE_15681025_Computer_Virus_Zeus_V3_Hits_Large_UK_Financial_Institution_And_Bank_Customers_Says_M28_Security_Labs) is Pondus link again, now it is fun to click, and hovering over it, you can see where it goes.

Code: [Select]
[url=Internet address]Link text[/url]
Quote
Online security firm M86 Security Labs  said the customers were infected with a Trojan virus - which cannot be detected by traditional anti-virus software - while browsing the internet.

The Trojan, known as a Zeus v3, copies the passwords and usernames of customers' online details and transfers their funds to a different account.

It then gives the victim of the virus a false bank balance screen so they are unaware the cash has been taken.

M86 said the virus is potent because it has been carried on legitimate websites located in the UK and not confined to porn and gambling hubs.

Any of the old guard still going to tell us "keep away from dodgy sites and you'll be fine"?
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Chris Thomas on August 13, 2010, 01:16:15 PM
First SMS-sending Android Trojan

http://news.cnet.com/8301-27080_3-20013222-245.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on August 13, 2010, 01:49:18 PM
A plethora of malware for mobile phones to be expected soon ?
http://norman.com/security_center/security_center_archive/2010/91464/en


Security flaw creates Android, Palm Pre snoop risk
http://www.theregister.co.uk/2010/08/13/smartphone_security_bug/

Free Android antivirus clocks up 2.5m downloads
http://www.theregister.co.uk/2010/08/11/free_android_security_app/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on August 13, 2010, 02:35:28 PM
Code 9 for kids on the Internet reappears for social networks
http://press.pandasecurity.com/news/code-9-for-kids-on-the-internet-reappears-for-social-networks/

Cracking the code of teens' IM slang
http://news.cnet.com/Cracking-the-code-of-teens-IM-slang/2009-1025_3-6135457.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on August 13, 2010, 02:46:05 PM
Server-based botnet floods net with brutish SSH attacks
http://www.theregister.co.uk/2010/08/12/server_based_botnet/

also see reply #636 / #638
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on August 14, 2010, 09:43:35 AM
Details of vulnerabilities in the Palm Pre and Android published
http://www.pcpro.co.uk/news/interviews/360256/q-a-how-we-sliced-open-palm-and-android-security
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on August 14, 2010, 09:47:23 AM
First SMS-sending Android Trojan
http://news.cnet.com/8301-27080_3-20013222-245.html

Also see Reply #629... ;)
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on August 14, 2010, 01:43:39 PM
Call to improve password security
http://www.bbc.co.uk/news/technology-10963967

quote:
The growing use of graphics cards as surrogate supercomputers could spell trouble for users of short passwords
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Chris Thomas on August 14, 2010, 01:46:57 PM
Stuxnet worm could hijack power plants, refineries

http://news.cnet.com/8301-27080_3-20013545-245.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on August 14, 2010, 01:52:02 PM
Well.....not security news but found this very important ...   :o ....statistic concerning smart phone
if you have one you may want to switch brand .....or get one if not  ;D


Sexual Activity by Smart Phone Brand ....... ;D ;D ;D
http://blog.okcupid.com/index.php/dont-be-ugly-by-accident/


hmmmm........ i wonder if there is a statistic by antivirus brand.....may have to switch if ....... ;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on August 14, 2010, 08:01:55 PM
Well.....not security news but found this very important ...   :o ....statistic concerning smart phone
if you have one you may want to switch brand .....or get one if not  ;D
I don't have a smart phone.  ;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on August 14, 2010, 11:05:32 PM
Well.....not security news but found this very important ...   :o ....statistic concerning smart phone
if you have one you may want to switch brand .....or get one if not  ;D
I don't have a smart phone.  ;D
in what end of the statistic does that place you......high or low...... ;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on August 16, 2010, 12:46:09 PM
don't use Canary (current version, must be 6.0.493) if you got LastPass

Quote
updating v8 from 5214 to 5242 causes LastPass SHA256 hashing code to fail
http://code.google.com/p/chromium/issues/detail?id=52096
http://forums.lastpass.com/viewtopic.php?f=14&t=41109&p=151719&sid=aaeed2c35d2af7abb644cee325a6392f

I have no idea if that bug implies a security flaw as well.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on August 16, 2010, 02:53:44 PM
Trivial forwarding attack on NTLMv2 authentication
http://extendedsubset.com/?p=36
http://www.zdnet.com/blog/security/security-flaws-haunt-ntlmv1-2-challenge-response-protocol/7136
http://www.theregister.co.uk/2010/08/12/ntlm_authentication_still_vulnerable/
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on August 16, 2010, 03:00:32 PM
Ruby update closes XSS vulnerability
http://www.ruby-lang.org/en/news/2010/08/16/ruby-1-9-1-p430-is-released/
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on August 16, 2010, 03:37:16 PM
RIM offers Indian government surveillance tools
http://online.wsj.com/article/SB10001424052748703960004575427312899373090.html?mod=WSJEUROPE_hpp_sections_tech
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on August 18, 2010, 11:23:13 AM
ColdFusion vulnerability more critical than first thought
http://h30507.www3.hp.com/t5/Following-the-White-Rabbit-A/Adobe-ColdFusion-s-Directory-Traversal-Disaster/ba-p/81964
http://www.exploit-db.com/exploits/14641/
http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on August 18, 2010, 11:29:46 AM
Android game secretly transmits GPS coordinates
http://www.symantec.com/connect/blogs/androidostapsnake-watching-your-every-move
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on August 18, 2010, 11:38:52 AM
The Facebook dislike button scam
http://www.h-online.com/security/news/item/The-Facebook-dislike-button-scam-1060712.html
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on August 18, 2010, 12:01:34 PM
Government Uses Social Networking Sites for More than Investigations
http://www.eff.org/deeplinks/2010/08/government-monitors-much-more-social-networks
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on August 18, 2010, 01:25:17 PM
Government Uses Social Networking Sites for More than Investigations
http://www.eff.org/deeplinks/2010/08/government-monitors-much-more-social-networks
asyn


yeah so what...there's nothing surprising, when people agree to disclose aspects of their private life on the net, without restricting access anyway, it is also expected that the cops etc...might get interested ;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on August 18, 2010, 03:48:29 PM
Skeletons Hidden in the Linux Closet: r00ting your Linux
http://theinvisiblethings.blogspot.com/2010/08/skeletons-hidden-in-linux-closet.html
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: 13thSlayer on August 19, 2010, 09:01:57 AM
Skeletons Hidden in the Linux Closet: r00ting your Linux
http://theinvisiblethings.blogspot.com/2010/08/skeletons-hidden-in-linux-closet.html
asyn

Quote from: that blog
The kernel-level "patch" has been implemented last week by Linus Torvalds, and pushed upstream into recent stable kernels. (http://youfail.org)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Lisandro on August 19, 2010, 01:43:41 PM
Due to fake digital signatures (stolen), other antivirus/suites are removing this option from their products.
For instance Comodo (for registered users: https://forums.comodo.com/beta-corner-cis/no-option-for-not-trusting-digitally-signed-applications-t60658.0.html;msg425806#msg425806).
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on August 19, 2010, 04:19:28 PM
Hi malware fighters,

A likewise big hole similar to the LNK-hole or even bigger has been found up for 40 Windows apps together with
the Windows shell and various dll's should be patched for this exploit vector, http://twitter.com/hdmoore/status/21510351207
The cat is out of the b*g, whether this is read like bug or bag!
For the time being one should block TCP ports 139 and 445 and en disable the WebDAV client.
To close the ports use WWDC = Windows Worms Doors Cleaner 1.4 from here:
http://www.dobreprogramy.pl/Windows-Worms-Doors-Cleaner,Program,Windows,11744.html
Windows-Worms-Doors-Cleaner is a very good small program to do this,

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on August 19, 2010, 05:14:08 PM
Skeletons Hidden in the Linux Closet: r00ting your Linux
http://theinvisiblethings.blogspot.com/2010/08/skeletons-hidden-in-linux-closet.html
asyn

Update #1 - In an email, Joanna Rutowska clarifies that Spengler's exploit targets "some unrelated vulnerability" and her reference to it was in relation to guesses made by Spengler noted in the source code comments.

Update #2 - As Marcus Meissner from the SUSE security team explained to heise Security, SUSE maintainer Andrea Arcangeli provided a fix for the problem in September 2004, but for unknown reasons this fix was not included in the Linux kernel. SUSE itself has the fix and SUSE Linux Enterprise 9, 10 and 11 as well as openSUSE 11.1 through 11.3 do not exhibit this vulnerability.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on August 19, 2010, 05:27:09 PM
Hi malware fighters,
A likewise big hole similar to the LNK-hole or even bigger has been found up for 40 Windows apps together with
the Windows shell and various dll's should be patched for this exploit vector, http://twitter.com/hdmoore/status/21510351207

Hi polonus,
more info here...
http://www.h-online.com/security/news/item/New-Windows-vulnerability-Applications-download-malicious-code-from-the-net-1062153.html
related info...
http://www.acrossecurity.com/aspr/ASPR-2010-08-18-1-PUB.txt
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on August 19, 2010, 07:52:07 PM
Hi Asyn,

The Metasploit exploit is ready made and waiting on desk, but has not been issued yet, because the exploit has not been revealed so far.
There are many more skeletons around in the MS cupboard. Mind you what vulnerabilities we will see because of the memory adjustments that were applied long way back as the NT 4.0 days,

polonus

Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on August 19, 2010, 08:02:25 PM
Hi Asyn,
The Metasploit exploit is ready made and waiting on desk, but has not been issued yet, because the exploit has not been revealed so far.

I'll post any news on that when available, asap.
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on August 19, 2010, 08:18:28 PM
Hi malware fighters,

A likewise big hole similar to the LNK-hole or even bigger has been found up for 40 Windows apps together with
the Windows shell and various dll's should be patched for this exploit vector, http://twitter.com/hdmoore/status/21510351207
The cat is out of the b*g, whether this is read like bug or bag!
For the time being one should block TCP ports 139 and 445 and en disable the WebDAV client.
To close the ports use WWDC = Windows Worms Doors Cleaner 1.4 from here:
http://www.dobreprogramy.pl/Windows-Worms-Doors-Cleaner,Program,Windows,11744.html
Windows-Worms-Doors-Cleaner is a very good small program to do this,

polonus

Does not work on Windows 7!
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Llanziel on August 20, 2010, 06:34:45 PM
Adobe releases emergency patches

http://www.theinquirer.net/inquirer/news/1728971/adobe-releases-emergency-patches
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on August 20, 2010, 09:47:40 PM
Hi forum friends,

The newly detected remote binary planting hole in Windows is much more severe than first thought, nearly all applications (220 were tested) are affected: http://news.idg.no/cw/art.cfm?id=8C1F74F0-1A64-67EA-E49A617FAC05584F
Moreover the hole can be exploited quite easily. Most Windows applications use the exploitable functionality so an MS patch will not be a very easy task, moreover patching or changing how the functionality works could break quite some applications. The exploit could have been around for 10 years, and was re-detected: http://www.securityfocus.com/bid/1699/discuss
At the time it was called: Microsoft Windows DLL Search Path Weakness.
http://msdn2.microsoft.com/en-us/library/ms972822.aspx.
The scope of the hole and abusing the exploit: https://deepsec.net/docs/speaker.html#PSLOT33

http://www.juniper.net/security/auto/vulnerabilities/vuln1699.html

A firewall blocking outbound WebDAV traffic (in addition to blocking all
Windows Networking protocols) could stop an Internet-based attack.

How many of these holes are still around in the dark corners of Microsoft's code?,

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on August 22, 2010, 02:07:23 PM
Scareware tries to trick marks into dropping defences
http://www.theregister.co.uk/2010/08/20/social_engineering_scareware/

and this is the bug

Rogue Turning Retrovirus
http://www.symantec.com/connect/blogs/rogue-turning-retrovirus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on August 24, 2010, 09:42:57 AM
phpMyAdmin updates close vulnerabilities
http://www.phpmyadmin.net/home_page/security/PMASA-2010-4.php
http://www.phpmyadmin.net/home_page/security/PMASA-2010-5.php
http://www.phpmyadmin.net/home_page/downloads.php
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on August 25, 2010, 11:30:39 PM
Microsoft warns of DLL vulnerability in applications [More info]
http://www.microsoft.com/technet/security/advisory/2269637.mspx
http://blog.zoller.lu/2010/08/cve-2010-xn-loadlibrarygetprocaddress.html
http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx
http://packetstormsecurity.org/NT/audit/NSAGuidePlus.PDF
http://msdn.microsoft.com/en-us/library/ff919712(VS.85).aspx

Scope of DLL security problem widens
http://www.h-online.com/security/news/item/Scope-of-DLL-security-problem-widens-1066444.html
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on August 25, 2010, 11:32:21 PM
Apple releases Security Update for Mac OS X
http://support.apple.com/kb/HT4312
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on August 25, 2010, 11:55:54 PM
Apple releases Security Update for Mac OS X
http://support.apple.com/kb/HT4312
asyn

well that's cool ??? ;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on August 26, 2010, 12:50:03 AM
Logos,

On the site that came after millw0rm there are already exploits presented for Windows Live Email, uTorrent, Foxit Reader, Microsoft Power Point & Wireshark via DLL-hijacking. Standard Vista and Windows 7 programs are vulnerable: https://twitter.com/avivra/statuses/21994799124 Social engineering became just a bit easier: http://twitter.com/avivra/status/22000389011 Metasploit does all this automatically: https://twitter.com/hdmoore/status/22003840688
MS yesterday presented a tool to prevent loading of libraries of shared network folders: : http://support.microsoft.com/kb/2264107 and a patch, here for Vista: http://www.microsoft.com/downloads/en/confirmation.aspx?familyId=86631d97-ebed-4346-be66-d6ba0f500cea&displayLang=en&pf=true
A good thing avast detects DLL-exploit,

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on August 26, 2010, 10:20:15 AM
@ Polonus: there was an article about that yesterday (dll hijacking), I got to find it again (I think that was an MS advisory), was mentioning that Firefox was vulnerable too. There's no possible fix with Windows, application developers are strongly advised (by MS) to change "something" in the way their app relates to Windows API, only way to get rid of the vulnerability.
 But MS will provide the tools to be used for each OS by third party devs.
http://www.infosecurity-us.com/view/12030/dll-hijacking-bug-hits-microsoft-windows-/
http://www.microsoft.com/technet/security/advisory/2269637.mspx

edit: Avast is or was vulnerable too (I think I read in the forums here that the issue was fixed)
http://vupen.com/english/searchengine.php?keyword=insecure+library+loading

Avast! Antivirus File Opening Insecure Library Loading Vulnerability
http://www.vupen.com/english/advisories/2010/2175

Mozilla Firefox File Opening Insecure Library Loading Vulnerability
http://www.vupen.com/english/advisories/2010/2169

   
Quote
25.08.2010 : Avast! Antivirus File Opening Insecure Library Loading Vulnerability

 25.08.2010 : TeamViewer File Opening Insecure Library Loading Vulnerability

 25.08.2010 : Microsoft Windows Live Mail Insecure Library Loading Vulnerability

 25.08.2010 : VLC Media Player File Opening Insecure Library Loading Vulnerability

 25.08.2010 : Adobe Dreamweaver File Opening Insecure Library Loading Vulnerability

 25.08.2010 : Adobe Photoshop File Opening Insecure Library Loading Vulnerability

 25.08.2010 : Mozilla Firefox File Opening Insecure Library Loading Vulnerability

 25.08.2010 : Microsoft Windows Address Book Insecure Library Loading Vulnerability

 25.08.2010 : Opera Browser File Opening Insecure Library Loading Vulnerability

 25.08.2010 : Microsoft Office PowerPoint Insecure Library Loading Vulnerability

 25.08.2010 : Wireshark File Opening Insecure Library Loading Vulnerability

 25.08.2010 : uTorrent File Opening Insecure Library Loading Vulnerability
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on August 26, 2010, 06:45:32 PM
the list is getting longer each hour it seems ;D
http://vupen.com/english/searchengine.php?keyword=insecure+library+loading
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on August 26, 2010, 07:38:28 PM
okay it's important to mention that Avast pre-release version is patched, I knew that a patch was mentioned by Vlk in his post about the pre-release:
http://forum.avast.com/index.php?topic=63151.msg533449#msg533449
... but I wasn't sure it was about the same vulnerability. Just got confirmation from Avast that it was actually just that.


Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on August 26, 2010, 08:56:45 PM
first rootkit targeting 64 bit Windows
http://forum.avast.com/index.php?topic=63220.msg534244#msg534244
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: gonzo416 on August 27, 2010, 05:40:18 PM
 I was on a IE tab on firefox and a page just showed up that said: 

                  STOCKPHOTO
you just have been hacked By tun hacker
hacked by Number 7. Tn.Spamer
contact; an.7@live.fr greetz: tun hackers~~underground people

I really need help because I don't know what to do. I unplugged the ethernet cable to the desktop. I hope this laptop is not affected.

HELP!!!!HELP!!!!!PLEASE,PLEASE,PLEASE!!!!!!!!!!!
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on August 27, 2010, 05:43:37 PM
I was on a IE tab on firefox and a page just showed up that said: 

                  STOCKPHOTO
you just have been hacked By tun hacker
hacked by Number 7. Tn.Spamer
contact; an.7@live.fr greetz: tun hackers~~underground people

I really need help because I don't know what to do. I unplugged the ethernet cable to the desktop. I hope this laptop is not affected.

HELP!!!!HELP!!!!!PLEASE,PLEASE,PLEASE!!!!!!!!!!!

this is not a help thread. Why did you post here ???
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on August 27, 2010, 06:21:42 PM
Hi malware fighters,

Autorun DLL Hijacker usb stick: http://www.attackvector.org/autorun-dll-hijacker-usb-stick/
One day attackers will also use malicious pop-ups, just wait and see,

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on August 27, 2010, 07:27:57 PM
Outbreak: Fake Fedex Tracking Number emails carry malware
http://origin-www.sophos.com/blogs/gc/g/2010/08/26/outbreak-fake-fedex-tracking-number-emails-carry-malware/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: spg SCOTT on August 27, 2010, 09:08:36 PM
Outbreak: Fake Fedex Tracking Number emails carry malware
http://origin-www.sophos.com/blogs/gc/g/2010/08/26/outbreak-fake-fedex-tracking-number-emails-carry-malware/

Not new at all.

I have had these in various guises for ages now...
(one thing I still don't get is that the email says it is to someone with a completely different email address and yet it still comes to me... ???)
http://forum.avast.com/index.php?topic=59388.msg500590#msg500590
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on August 28, 2010, 12:16:17 AM
@ spg SCOTT

See Bcc:
Quote
Blind carbon copy

In the context of correspondence, blind carbon copy (abbreviated Bcc:) refers to the practice of sending a message to multiple recipients in such a way that conceals individual email addresses (mentioned in "to" field of the mail) from the complete list of recipients.
http://en.wikipedia.org/wiki/Blind_carbon_copy
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: DavidR on August 28, 2010, 12:53:38 AM
<snip>
Not new at all.

I have had these in various guises for ages now...
(one thing I still don't get is that the email says it is to someone with a completely different email address and yet it still comes to me... ???)
<snip>

That should be the biggest clue of all that it is a fake as a legit copy would be directly addressed to the customer to whom the invoice/tracking number, etc. consignment is for.

But the spammers aren't going to send out spam to individual addresses but to groups of addresses.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on August 28, 2010, 05:16:28 PM
Attackers exploit DLL vulnerability in Office and other applications
http://isc.sans.edu/diary.html?storyid=9445
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on August 28, 2010, 05:45:09 PM
Hi malware fighters,

How tracking cookies are being preserved inside IE, while the user want to delete them at close down of the browser:
http://ha.ckers.org/blog/20100827/ie-cookies/
IE does not handle cookies always with the browser user in mind,

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on August 28, 2010, 06:15:44 PM
IE does not handle cookies always with the browser user in mind,
polonus

Yes D., true..!
That's just one of the reasons why I never would use it...
Btw., Ccleaner does a good job here. ;)
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on August 28, 2010, 06:26:11 PM
IE does not handle cookies always with the browser user in mind,
polonus

Yes D., true..!
That's just one of the reasons why I never would use it...
Btw., Ccleaner does a good job here. ;)
asyn
Also for Firefox.  ;)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on August 30, 2010, 06:25:07 AM
Once-prolific Pushdo botnet crippled
http://www.theregister.co.uk/2010/08/27/pushdo_botnet_crippled/

M86 security labs
http://labs.m86security.com/2010/08/pushdo-spambot-crippled/

Brian Krebs - Takedowns: The Shuns and Stuns That Take the Fight to the Enemy
http://www.mcafee.com/us/local_content/misc/threat_center/articles/summer2010/msj_article02_take_the_fight_to_the_enemy.pdf

 
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on August 30, 2010, 09:37:39 PM
Hi mkis,

Yes Pushbot was infiltrated, but it seems that the C&C servers are being specifically protected by Chinese and American hosting firms, so the perpetrators will keep a low profile for a while and then to continue their activities: http://blog.fireeye.com/research/2010/08/infiltrating-pushdo-part-2.html
So this time they were saved by their own back-up C&C-servers. Hard to understand why the various governments (USA, Europe, Russia, China) did not close down the hosting firms of aforementioned back-up C&C servers or they must have a serious interest not to take action?

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Gargamel360 on August 30, 2010, 09:57:15 PM
Hard to understand why the various governments (USA, Europe, Russia, China) did not close down the hosting firms of aforementioned back-up C&C servers or they must have a serious interest not to take action?

polonus
Big Gov's intelligence sectors love dipping fingers into black market.  They maybe (I say MAYBE ;))have vested interest/money in keeping them going. 

But it might just be good old bureaucratic "red tape" also.   Don't know about abroad, but in the states you could tell the Fed. Govt. their pants are on fire, they would have to fill out 20 different requisition forms to request first a fire extinguisher, then more forms for what type, weight, etc.   All the while with pants still burning.

Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on August 30, 2010, 10:04:44 PM
Hi malware fighters,

Just in a new DLL-Hijacking exploit, this time for Fx: http://www.exploit-db.com/exploits/14730/
They keep them coming,
Detect vulnerable Windows apps within 25 to 30 minutes with this free tool: https://www.metasploit.com/redmine/projects/framework/repository/raw/external/source/DLLHijackAuditKit.zip

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on August 31, 2010, 12:13:47 AM
Detect vulnerable Windows apps within 25 to 30 minutes with this free tool: https://www.metasploit.com/redmine/projects/framework/repository/raw/external/source/DLLHijackAuditKit.zip

polonus
What I see
Quote
Internet Explorer cannot display the webpage

I guess Fx is being exploited now.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: DavidR on August 31, 2010, 12:31:59 AM
It isn't a web page, but a zip file to be downloaded, so I rather doubt you could display it in any browser.

Most browsers would recognise it isn't a web page and download the file (depending on your settings) or pop-up a download window.

Mine recognised it as a zip file and downloaded it as per my settings.

So firefox isn't being exploited, rather IE can't seem to deal with a download link.

Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on August 31, 2010, 01:21:40 AM
Detect vulnerable Windows apps within 25 to 30 minutes with this free tool: https://www.metasploit.com/redmine/projects/framework/repository/raw/external/source/DLLHijackAuditKit.zip

polonus
What I see
Quote
Internet Explorer cannot display the webpage

I guess Fx is being exploited now.
The link actually crashed IE 8 so I guess it's IE8 that has a problem.
Copying the link opened Gigaget (download manager) which had no problems downloading the .zip file
Chrome also had no problems handling the link posted. :)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: RNfromTN on August 31, 2010, 02:23:31 AM
Detect vulnerable Windows apps within 25 to 30 minutes with this free tool: https://www.metasploit.com/redmine/projects/framework/repository/raw/external/source/DLLHijackAuditKit.zip

polonus
What I see
Quote
Internet Explorer cannot display the webpage

I guess Fx is being exploited now.
The link actually crashed IE 8 so I guess it's IE8 that has a problem.
Copying the link opened Gigaget (download manager) which had no problems downloading the .zip file
Chrome also had no problems handling the link posted. :)

 ???
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on August 31, 2010, 11:18:48 AM
Microsoft tool for DLL vulnerability interferes with some applications
http://www.h-online.com/open/news/item/Microsoft-tool-for-DLL-vulnerability-interferes-with-some-applications-1069540.html
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on August 31, 2010, 10:18:08 PM
Apple QuickTime backdoor creates code-execution peril / Getting punked by 9-year-old parameter
http://www.theregister.co.uk/2010/08/30/apple_quicktime_critical_vuln/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on September 01, 2010, 09:37:23 AM
Apple QuickTime backdoor creates code-execution peril / Getting punked by 9-year-old parameter
http://www.theregister.co.uk/2010/08/30/apple_quicktime_critical_vuln/

Detailed Info here:
http://reversemode.com/index.php?option=com_content&task=view&id=69&Itemid=1
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on September 01, 2010, 10:33:17 AM
Apple QuickTime backdoor creates code-execution peril / Getting punked by 9-year-old parameter
http://www.theregister.co.uk/2010/08/30/apple_quicktime_critical_vuln/

Detailed Info here:
http://reversemode.com/index.php?option=com_content&task=view&id=69&Itemid=1
asyn

my quicktime install just got an automatic update, so may be it fixed that...
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on September 01, 2010, 11:27:55 PM
Hi malware fighters,

0-days will be found here during all of this month: http://www.exploit-db.com/

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on September 02, 2010, 07:51:06 AM
Microsoft tool for DLL vulnerability interferes with some applications
http://www.h-online.com/open/news/item/Microsoft-tool-for-DLL-vulnerability-interferes-with-some-applications-1069540.html
asyn

Microsoft continues to workaround DLL vulnerability
http://blogs.technet.com/b/srd/archive/2010/08/31/an-update-on-the-dll-preloading-remote-attack-vector.aspx
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on September 03, 2010, 11:51:02 PM
Hackers blind quantum cryptographers
http://www.nature.com/news/2010/100829/full/news.2010.436.html

Hacking commercial quantum cryptography systems by tailored bright illumination
http://www.nature.com/nphoton/journal/vaop/ncurrent/full/nphoton.2010.214.html



Number of vulnerabilities on the rise
http://www.norman.com/security_center/security_center_archive/2010/91886/en
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on September 04, 2010, 09:15:18 PM
Thanks Pondus,

Google Code removed 50 malware after being alerted they were on their servers: http://threatpost.com/en_us/blogs/google-code-discovered-serving-malware-090110

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: DavidR on September 04, 2010, 09:40:26 PM
It would be nice if they took a pro-active response to this type of thing, rather than a reactive response waiting for someone to tell them.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on September 04, 2010, 09:47:09 PM
Hi DavidR,

A bit like a sort of Pontius Pilate comment by Google's, also seen from their official policy
Quote
"Google actively works to protect our users from malware. Using Google Code, or any of our products, for distribution or coordination of malware is a violation of our product policies, and we will remove any projects discovered to be used for these purposes," a Google spokesman responded in an e-mail message to Threatpost.com."

pol
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on September 07, 2010, 11:46:11 AM
MS probes mystery IE bug
http://www.theregister.co.uk/2010/09/06/mystery_ie_bug/

Quote
Microsoft is investigating reports of a new bug in Internet Explorer.

Redmond's Security Response Team (MSRT) said on Friday that it was aware of a "publicly disclosed issue involving Internet Explorer", and promised an investigation, without going into details.

Circumstantial evidence suggests Microsoft is referring to a post by security researcher Chris Evans, of Google, to a Full Disclosure mailing list on Friday, hours before MSRT's tweet.

"A nasty vulnerability exists in the latest Internet Explorer 8," Evans wrote. "I have been unsuccessful in persuading the vendor to issue a fix."

"The bug permits — for example — an arbitrary web site to force the victim to make tweets," he added.

http://twitter.com/msftsecresponse/status/22934606564

(see the article from the register to get the link to the full description, as I'd rather not post this link here)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Llanziel on September 09, 2010, 12:26:24 AM
1) Mozilla Patches Firefox DLL Load Hijacking Bug (http://threatpost.com/en_us/blogs/mozilla-patches-firefox-dll-load-hijacking-bug-090810?utm_source=Newsletter_090810&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=&CID=)
2) Apple Plugs Safari Drive-by Download Security Holes (http://threatpost.com/en_us/blogs/apple-plugs-safari-drive-download-security-holes-090810?utm_source=Newsletter_090810&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=&CID=)
3) Facebook Apps Pump Out Mobile "Entertainment" Spam (http://threatpost.com/en_us/blogs/facebook-apps-pump-out-mobile-entertainment-spam-090710?utm_source=Newsletter_090810&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=&CID=)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Llanziel on September 09, 2010, 12:30:32 AM
Updated Android Trojan Pushed in SEO Attacks


http://threatpost.com/en_us/blogs/updated-android-trojan-gets-mob-backing-090810?utm_source=Threatpost&utm_medium=Tabs&utm_campaign=Today's+Most+Popular
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Marc57 on September 10, 2010, 09:49:39 AM
Beware of Link: E-Mail Virus Plays Havoc With Internet

An e-mail virus swept through the Internet Thursday, snarling traffic and taking down servers at ABC, NASA, Comcast, and Google -- and possibly even affecting the Department of Homeland Security.


http://www.foxnews.com/scitech/2010/09/09/beware-link-e-mail-virus-plays-havoc-internet/?test=latestnews
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on September 14, 2010, 09:57:12 PM
Hi folks,

Hackers target and exploit Pirate bay's Adserver. Also big sites using OpenX were apparently being hacked: http://torrentfreak.com/hackers-target-and-exploit-pirate-bay-ad-server-100913/

pol
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on September 16, 2010, 11:20:46 AM
Old vulnerability in Apple's QuickTime Player allows remote code execution for Windows systems (UPDATED)
http://www.norman.com/security_center/security_center_archive/2010/91862/en

About the security content of QuickTime 7.6.8
http://support.apple.com/kb/HT4339
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on September 16, 2010, 03:17:30 PM
Old vulnerability in Apple's QuickTime Player allows remote code execution for Windows systems (UPDATED)
http://www.norman.com/security_center/security_center_archive/2010/91862/en

About the security content of QuickTime 7.6.8
http://support.apple.com/kb/HT4339

Key statement
Quote
Update 16 September 2010
Apple has published QuickTime version 7.6.8. This update fixes the vulnerability mentioned above as well as another vulnerability in previous QuickTime versions.
I have version 7.68.75.0
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on September 17, 2010, 09:40:58 AM
Update to Mozilla Firefox solves several critical vulnerabilities (UPDATED)
http://www.norman.com/security_center/security_center_archive/2010/91922/en
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on September 21, 2010, 09:29:43 AM
ZoneAlarm scares users with "virus alert"
http://www.h-online.com/security/news/item/ZoneAlarm-scares-users-with-virus-alert-1082474.html
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on September 21, 2010, 02:09:41 PM
I know you've been on vacation Asyn and we discussed that subject while you where enjoying yourself.  ;D
http://forum.avast.com/index.php?topic=64019.0 (http://forum.avast.com/index.php?topic=64019.0)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on September 21, 2010, 05:08:43 PM
I know you've been on vacation Asyn and we discussed that subject while you where enjoying yourself.  ;D

Thanks for the hint, Bob - sorry for being late..! ;)
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on September 21, 2010, 05:21:25 PM
ZoneAlarm slammed for scarewarey marketing ( Warning! Er, buy this anti-virus )
http://www.theregister.co.uk/2010/09/20/zonealarm_scareware_flap/

Check Point defends ZoneAlarm scareware-style warning ( 'We didn't want to scare anybody' )
http://www.theregister.co.uk/2010/09/21/zonealarm_defends_controversial_malware_warning/

Check Point kills scareware-style pop-up campaign ( Waves white flag )
http://www.theregister.co.uk/2010/09/21/check_point_pop_up_row_climb_down/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: DavidR on September 21, 2010, 05:31:40 PM
Nothing like shooting yourself in the (public relations) foot.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Lisandro on September 21, 2010, 05:36:45 PM
It's deeply lamentable the attitude of ZA.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on September 21, 2010, 06:09:47 PM
agreed, these are almost rogue-like methods ::)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Marc57 on September 21, 2010, 06:16:27 PM
Twitter Hack Activates Pop-Ups, Sends Some to Porn Sites

DEVELOPING: Hackers exploited a security flaw on the popular micro-blogging site Twitter, retweeting malicious code, activating pop-ups, and even exposing users to an unwanted sight: hard-core pornography.

As of 9:50 a.m. EST, a post to Twitter's status blog said that the security flaw had been fixed, simply stating "The exploit is fully patched." This confirms what a spokesperson for the company told popular tech news site Mashable ten minutes later: “It should now be fully patched and is no longer exploitable.”


http://www.foxnews.com/scitech/2010/09/21/twitter-mouseover-security-flaw-porn/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on September 21, 2010, 06:23:58 PM
yeah about this new twitter hack, use a twitter client until you are a hundred percent sure that the issue has been fixed, clients like tweetdeck etc...are not affected, ie hovering over a hacked tweet in a client won't have any effect, like in does from the web (original twitter in browser) interface.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on September 21, 2010, 06:55:37 PM
Twitter Hack Activates Pop-Ups, Sends Some to Porn Sites

Quote
Users wishing to protect themselves should either disable JavaScript or install an extension such as NoScript to selectively block JavaScript on a per site basis.

More info for the interested...:
http://www.securelist.com/en/blog/2297/Live_Twitter_XSS
http://www.sophos.com/blogs/gc/g/2010/09/21/twitter-onmouseover-security-flaw-widely-exploited/
http://status.twitter.com/post/1161435117/xss-attack-identified-and-patched
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: polonus on September 22, 2010, 12:03:17 AM
Hi Asyn,

Users of GoogleChrome can use NotScript extension for GoogleChrome to do something similar,

polonus
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on September 22, 2010, 01:18:05 AM
How to protect yourself from Facebook Places

http://www.sophos.com/blogs/gc/g/2010/09/17/protect-facebook-places/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: spg SCOTT on September 26, 2010, 08:49:36 PM
EMI Music servers hacked:
http://blog.unmaskparasites.com/2010/09/25/emi-server-hacked/

It would appear that avast! catches the redirect:
http://www.virustotal.com/file-scan/report.html?id=b361fdbff12cf314aea988161a5fa132516c06d5bf89a843e5aa74f43a427df1-1285526196
(txt.file with the iframe in it)

Would be nice to know if the network shield detects...

Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on September 27, 2010, 12:55:51 AM
they say the issue is "solved now", but still:

Quote
Malicious Links on Twitter

A malicious link is making the rounds that will post a tweet to your account when clicked on. Twitter has disabled the link, and is currently resolving the issue.

UPDATE Sun Sep 26 18:41:49 UTC 2010: We’ve fixed the exploit and are in the process of removing the offending Tweets.

http://status.twitter.com/post/1192873885/malicious-links-on-twitter

they need to take care of the exploit, not just disable links ;D ...but I guess they're on it.
http://twitter.com/twitter/statuses/25615345589
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Marc57 on September 27, 2010, 08:23:29 AM
Computer Worm Affects Computers at Iran's First Nuclear Power Station

TEHRAN, Iran -- A complex computer worm capable of seizing control of industrial plants has affected the personal computers of staff working at Iran's first nuclear power station weeks before the facility is to go online, the official news agency reported Sunday.


http://www.foxnews.com/world/2010/09/26/worm-affects-computers-irans-nuclear-power-station/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on September 27, 2010, 09:52:57 AM
Computer Worm Affects Computers at Iran's First Nuclear Power Station

It's Stuxnet..! ;)
More info here: http://forum.avast.com/index.php?topic=63221.msg544033#msg544033
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on September 27, 2010, 12:20:41 PM
not a warning, but a security tip (not sure if it fits in this thread):
Quote
'Rickroll' protection hits Firefox in add-on form
http://news.cnet.com/8301-27076_3-20017569-248.html

https://addons.mozilla.org/en-US/firefox/addon/230353/
("This add-on has not been reviewed by Mozilla.")
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on September 27, 2010, 02:32:26 PM
http://forum.avast.com/index.php?topic=28748.msg544394#msg544394 (http://forum.avast.com/index.php?topic=28748.msg544394#msg544394)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on September 27, 2010, 02:41:49 PM
http://forum.avast.com/index.php?topic=28748.msg544394#msg544394 (http://forum.avast.com/index.php?topic=28748.msg544394#msg544394)

thanks ;)

(just adding: this is about web places and security >>> a must read for many ;) )
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on September 28, 2010, 11:01:13 AM
Banking trojan ZeuS homes in on SMS-TAN process
http://securityblog.s21sec.com/2010/09/zeus-mitmo-man-in-mobile-i.html
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on September 28, 2010, 01:49:26 PM
Here is more on that

Zeus banking Trojan targets mobile phones too
http://news.cnet.com/8301-27080_3-20017762-245.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on September 28, 2010, 01:56:27 PM
DSL, Now Offering Speeds of 700 Mbps
http://gigaom.com/2010/09/22/huawei-takes-copper-to-the-limit-with-700-mbps-dsl/

So there is hope for you David ..... ;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: DavidR on September 28, 2010, 03:05:57 PM
Why You Should Use Ad Block Extensions, Even if You Don't Block Ads

Whilst not a warning, more of general security information, http://lifehacker.com/5649025/why-you-should-use-adblock-plus-even-if-you-dont-block-ads (http://lifehacker.com/5649025/why-you-should-use-adblock-plus-even-if-you-dont-block-ads)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on September 28, 2010, 06:56:32 PM
Why You Should Use Ad Block Extensions, Even if You Don't Block Ads

Well, that's not really new, but for sure a good reminder... ;)
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: spg SCOTT on September 28, 2010, 09:10:50 PM
Here's a new one ;D

How about an iphone 4B ;D ;D ;D

No thanks...

I had two of these...

So it appears to be from facebook, but is is from a random email address...
And the site is not what it seems...(plus malzilla detects LOADS of redirects...)
Not to mention that it is just wrong...

This just goes to show how careful you have to be with emails...


EDIT:
I win :)
http://www.virustotal.com/url-scan/report.html?id=8772a62f8c506df23373d46c0ba6ca6b-1285693742
http://www.virustotal.com/url-scan/report.html?id=306d0c140d84b573fa41af765a293fab-1285694494
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on September 28, 2010, 11:30:42 PM
Why You Should Use Ad Block Extensions, Even if You Don't Block Ads

Its simple to block Ads in IE
Quote
Adblock for Internet Explorer
 
Simple Adblock is an adblocker extension for Internet Explorer designed to make adblocking easy. Simple Adblock blocks all kinds of advertising from websites including flash ads, banner ads, rich media, slide-ins and fly-ins.
http://simple-adblock.com

Also use hpHosts HOSTS file for additional blocking.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on September 29, 2010, 01:04:04 AM
Out-of-band security update from Microsoft
http://www.norman.com/security_center/security_center_archive/2010/92367/en
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on September 29, 2010, 10:38:27 AM
Out-of-band security update from Microsoft
http://www.norman.com/security_center/security_center_archive/2010/92367/en

Related info here: http://forum.avast.com/index.php?topic=63221.msg542172#msg542172
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on September 29, 2010, 11:14:51 AM
More Zeus

Zeus botnets' Achilles' Heel makes infiltration easy
http://www.theregister.co.uk/2010/09/27/zeus_botnet_hijacking/

More Stuxnet

Stuxnet worm can reinfect PCs even after disinfection
http://www.theregister.co.uk/2010/09/28/stuxnet_resurrection_ability/

and something new

Researchers up evilness ante with GPU-assisted malware
http://www.theregister.co.uk/2010/09/28/gpu_assisted_malware/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on September 29, 2010, 11:20:50 AM
Watch out, someone may steal your internet line ..... :o

Copper prices push cable thefts to new high
http://www.theregister.co.uk/2010/09/28/rail_copper_thefts/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on September 29, 2010, 11:37:47 AM
Watch out, someone may steal your internet line ..... :o

Copper prices push cable thefts to new high
http://www.theregister.co.uk/2010/09/28/rail_copper_thefts/

No problem, I'm on fibre optics...  ;D
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on September 29, 2010, 03:46:43 PM
Watch out, someone may steal your internet line ..... :o

Copper prices push cable thefts to new high
http://www.theregister.co.uk/2010/09/28/rail_copper_thefts/
We had a bunch of guys that where stealing the batteries out of the relay boxes.  >:(
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Aethec on September 30, 2010, 10:42:21 PM
not a warning, but a security tip (not sure if it fits in this thread):
Quote
'Rickroll' protection hits Firefox in add-on form
http://news.cnet.com/8301-27076_3-20017569-248.html

https://addons.mozilla.org/en-US/firefox/addon/230353/
("This add-on has not been reviewed by Mozilla.")

avast! already protects against some "Rick Roll"s - they are detected as HTML:Agent-X[Joke]  ;)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on October 01, 2010, 09:49:04 AM
Out-of-band security update from Microsoft (UPDATED)
http://www.norman.com/security_center/security_center_archive/2010/92367/en


Quote
Update 1 October 2010

The security update is now available also as a Windows Update as announced above.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on October 01, 2010, 09:53:07 AM
Orkut Worm spreading through XSS loophole
http://www.norman.com/security_center/blog/nirmal_and_jyotinder/92415/en
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on October 01, 2010, 10:53:37 PM
Critical hole in Reader: Adobe accelerates patch day
http://www.adobe.com/support/security/bulletins/apsb10-21.html
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on October 04, 2010, 02:43:17 PM
Critical vulnerability in Adobe Flash Player, Adobe Reader and Acrobat (UPDATED)
http://www.norman.com/security_center/security_center_archive/2010/91954/en
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on October 04, 2010, 02:44:30 PM
Stuxnet worm slithers into China, heralds alien invasion
http://www.theregister.co.uk/2010/10/01/stuxnet_china_analysis/

Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on October 06, 2010, 08:32:55 AM
MySQL update addresses DoS vulnerability
http://secunia.com/advisories/41716/
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on October 06, 2010, 09:14:52 PM
Critical hole in Reader: Adobe accelerates patch day
http://www.adobe.com/support/security/bulletins/apsb10-21.html
asyn

Adobe patches 23 holes in Reader and Acrobat
http://www.h-online.com/security/news/item/Adobe-patches-23-holes-in-Reader-and-Acrobat-1102416.html
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: CloisterBlack on October 06, 2010, 10:34:48 PM
Hello community :D
I joined the forums because some minutes ago while downloading a book torrent a friend of mine suggested, this message appeared/appears, in an infinite loop.
After the first few times of it reappearing, I deleted everything that on first glance is related to the particular torrent and ended the process of utorrent, but I am afraid of it having managed to 'dig' deeper in the PC.
Anyway, I have 2 questions.
Should I worry, and why I cannot get rid of the message?
Cheers!
(http://www.imagehosting.gr/out.php/i1461276_utorrent.jpg)
(p.s. I have tried all actions except for 'ignore' and the message still reappears)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on October 06, 2010, 10:37:23 PM
posted the wrong place

start a new topic here if you have virus problems   http://forum.avast.com/index.php?board=4.0
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on October 06, 2010, 10:41:34 PM
Hello community :D
I joined the forums because some minutes ago while downloading a book torrent a friend of mine suggested, this message appeared/appears, in an infinite loop.
After the first few times of it reappearing, I deleted everything that on first glance is related to the particular torrent and ended the process of utorrent, but I am afraid of it having managed to 'dig' deeper in the PC.
Anyway, I have 2 questions.
Should I worry, and why I cannot get rid of the message?
Cheers!
(p.s. I have tried all actions except for 'ignore' and the message still reappears)
Most torrent files have malware!
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: CloisterBlack on October 06, 2010, 11:01:08 PM
posted the wrong place

start a new topic here if you have virus problems   http://forum.avast.com/index.php?board=4.0
is it? It's not the virus per se (for now) I have the problem with. It's the message that I cannot get rid off and don't know why.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on October 06, 2010, 11:08:50 PM
posted the wrong place

start a new topic here if you have virus problems   http://forum.avast.com/index.php?board=4.0
is it? It's not the virus per se (for now) I have the problem with. It's the message that I cannot get rid off and don't know why.

That is  because your system is infected with malware!  ::)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Avastfan1 on October 07, 2010, 12:13:42 AM
Critical hole in Reader: Adobe accelerates patch day
http://www.adobe.com/support/security/bulletins/apsb10-21.html
asyn

Adobe patches 23 holes in Reader and Acrobat
http://www.h-online.com/security/news/item/Adobe-patches-23-holes-in-Reader-and-Acrobat-1102416.html
asyn

Will there be an update for Foxit Reader? Does the problem also affect it?
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Alan Baxter on October 07, 2010, 06:02:32 AM
Will there be an update for Foxit Reader? Does the problem also affect it?

An update does not appear to be necessary.  According to Secunia, the current version, Foxit Reader 4.2.0.928, has no public, unpatched vulnerabilities.
http://secunia.com/advisories/product/30682/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on October 07, 2010, 12:20:49 PM
FTP-Server at risk
Multiple Vendors libc/glob(3) resource exhaustion (+0day remote ftpd-anon)
http://securityreason.com/securityalert/7822
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on October 08, 2010, 09:17:10 AM
SORBS.NET - email RBL issues
http://isc.sans.edu/diary.html?storyid=9685
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on October 08, 2010, 02:54:22 PM
Microsoft Security Bulletins advance notification
http://norman.com/security_center/security_center_archive/2010/80066/en
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on October 08, 2010, 02:59:34 PM
Spam blacklist snafu prompts global gnashing of teeth (Legit IPs blocked in SORBS cockup)
http://www.theregister.co.uk/2010/10/07/sorbs_cockup/


Quote
Many email users around the world have been unable to send messages because of ongoing technical problems with a popular service designed to prevent spam from reaching its intended destination.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on October 08, 2010, 03:13:15 PM
Sick PCs should be banned from the net says Microsoft
http://www.bbc.co.uk/news/technology-11483008
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: DavidR on October 08, 2010, 05:28:49 PM
Sick PCs should be banned from the net says Microsoft
http://www.bbc.co.uk/news/technology-11483008

What an absolute load of horse droppings, even if it is a justifiable statement. MS could/should have done more on OS security in the first place, as it is their holes in security that got most people into this mess in the first place.

How is this going top be achieved as the only real way of defining what is a sick PC is to do a test when they connect. Not that someone doing an unknown/unauthorised probe/scan of your system (privacy/morally/ethically) smacks of big brother and very dubious.

How would one site know not to do this test, etc. without a massive database, yet another privacy issue, or something held at system level that they access to block access, yet more privacy issues. Both of which would I'm sure be targets.

Having blocked so called sick PCs and who determines if the patient has a cold or a terminal illness; how are they to get clean without access to the internet (chicken and egg again). I sometimes if the people spouting this rubbish have too much so called intelligence and zero common sense.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Aethec on October 08, 2010, 08:07:11 PM
What an absolute load of horse droppings, even if it is a justifiable statement. MS could/should have done more on OS security in the first place, as it is their holes in security that got most people into this mess in the first place.

I wonder how much infections are actually MS's fault and not third-party software.
Adobe Reader 9, for example, has MORE vulnerabilities than Windows 7. Yes...a PDF reader has more vulnerabilities than an entire OS  ::)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on October 08, 2010, 08:21:40 PM
and the jerks developing malware don't matter I suppose, if the door is open, then come in ??? is that it?
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on October 09, 2010, 09:25:43 AM
Sick PCs should be banned from the net says Microsoft
http://www.bbc.co.uk/news/technology-11483008

Here's the link to the PDF called
"Collective Defense - Applying Public Health Models to the Internet"
http://go.microsoft.com/?linkid=9746317
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on October 11, 2010, 09:01:34 AM
Oracle Critical Patch Update Pre-Release Announcement
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html

Oracle Java SE and Java for Business Critical Patch Update Pre-Release Announcement
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on October 11, 2010, 10:02:30 PM
MS planning Patch Tuesday whopper: 16 bulletins, 49 vulnerabilities
http://www.zdnet.com/blog/security/ms-planning-patch-tuesday-whopper-16-bulletins-49-vulnerabilities/7433
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on October 12, 2010, 09:24:46 AM
Manipulated card terminals at US ALDI branches
http://www.aldifoods.com/us/media/company/company/Press_Release.pdf
http://www.computerworld.com/s/article/9189982/Aldi_data_breach_shows_payment_terminal_holes
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on October 12, 2010, 10:40:22 AM
Quote
Malware forces Firefox to save passwords
http://www.theregister.co.uk/2010/10/11/firefox_password_malware/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on October 12, 2010, 06:38:29 PM
WinPatrol blames McAfee for lost business ('False alarm scared off customers')
http://www.theregister.co.uk/2010/10/11/winpatrol_false_positive_mcafee/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on October 12, 2010, 06:41:53 PM
Die-hard bug bytes Linux kernel for second time (Get your root access here)
http://www.theregister.co.uk/2010/09/15/linux_kernel_regression_bug/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on October 12, 2010, 09:26:34 PM
WinPatrol blames McAfee for lost business ('False alarm scared off customers')
http://www.theregister.co.uk/2010/10/11/winpatrol_false_positive_mcafee/
Also in:
Interesting Software and System News on October 10, 2010, 11:27:38 AM  
http://forum.avast.com/index.php?topic=19387.msg548151#msg548151
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Lisandro on October 12, 2010, 10:50:03 PM
Most probably it was already posted. I have no patience of searching more than once in the forum ;D

Adobe will be released with an in-bound sandbox to avoid exploits.

Quote
The sandbox will be on by default. If an exploit -- which is a mechanism developed by an attacker in order to deliver malicious software to a computer -- attacks the application, it won't be able to get out of the sandbox, Arkin said.
http://www.infoworld.com/d/security-central/adobe-more-secure-version-reader-out-year-end-500?source=rss_applications
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on October 12, 2010, 10:59:39 PM
Most probably it was already posted. I have no patience of searching more than once in the forum ;D

Adobe will be released with an in-bound sandbox to avoid exploits.

Quote
The sandbox will be on by default. If an exploit -- which is a mechanism developed by an attacker in order to deliver malicious software to a computer -- attacks the application, it won't be able to get out of the sandbox, Arkin said.
http://www.infoworld.com/d/security-central/adobe-more-secure-version-reader-out-year-end-500?source=rss_applications

okay... hadn't heard about it yet, good that you posted it. They'll probably release a beta soon then... will check on Adobe labs.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on October 13, 2010, 08:08:59 AM
Most probably it was already posted. I have no patience of searching more than once in the forum ;D

Adobe will be released with an in-bound sandbox to avoid exploits.

Inside Adobe Reader Protected Mode ;)
http://forum.avast.com/index.php?topic=63221.msg547407#msg547407
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Lisandro on October 13, 2010, 01:33:20 PM
Thanks Asyn... Couldn't find at first.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on October 13, 2010, 04:25:31 PM
Thanks Asyn... Couldn't find at first.

No problem, Tech...
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on October 13, 2010, 04:41:10 PM
Oracle Critical Patch Update Pre-Release Announcement
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html

Oracle Java SE and Java for Business Critical Patch Update Pre-Release Announcement
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html
asyn

October 2010 and Java Critical Patch Updates Released
http://blogs.oracle.com/security/2010/10/october_2010_and_java_critical.html
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on October 13, 2010, 04:46:36 PM
Vulnerabilities in Xpdf affect several open source products
https://rhn.redhat.com/errata/RHSA-2010-0751.html
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on October 14, 2010, 08:44:43 AM
Microsoft's Security Intelligence Report (SIR) #9
http://www.microsoft.com/security/sir/default.aspx
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on October 15, 2010, 09:41:32 AM
Facebook introduces one time passwords for insecure computers
http://blog.facebook.com/blog.php?post=436800707130
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on October 15, 2010, 01:56:25 PM
Security update for BlackBerry server
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB24547
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on October 15, 2010, 02:06:10 PM
Google: Phishing URLs and XML Notifications
http://googleonlinesecurity.blogspot.com/2010/10/phishing-urls-and-xml-notifications.html
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nnoa110 on October 15, 2010, 02:14:08 PM
Microsoft turns on reputation check for IE9

http://www.itnews.com.au/News/235379,microsoft-turns-on-reputation-check-for-ie9.aspx
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nnoa110 on October 15, 2010, 02:34:41 PM
Ruby on Rails update closes vulnerability

http://www.h-online.com/security/news/item/Ruby-on-Rails-update-closes-vulnerability-1108621.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nnoa110 on October 15, 2010, 02:39:55 PM
Microsoft Removed 6.5 Million Bots From Windows Machines In Q2

http://www.darkreading.com/vulnerability_management/security/vulnerabilities/showArticle.jhtml?articleID=227701285
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on October 15, 2010, 10:31:22 PM
Microsoft confirms Russian pill-pusher attack on its network ( Is there a Linux admin in the house? )
http://www.theregister.co.uk/2010/10/14/microsoft_confirms_ip_hijack/

Ruskie gang hijacks Microsoft network to push penis pills ( Redmond abused as scammers' IP bitch )
http://www.theregister.co.uk/2010/10/12/microsoft_ips_hijacked/

Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on October 15, 2010, 10:32:14 PM
Espionage app updated for Windows phones ( Next destination: Android )
http://www.theregister.co.uk/2010/10/15/smartphone_espionage_suite/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on October 15, 2010, 10:33:22 PM
ZeuS baddies copy Conficker tactics ( Malware phone-home ploy gets recycled )
http://www.theregister.co.uk/2010/10/15/zeus_conficker_assault/

Look Out, Licat!
http://countermeasures.trendmicro.eu/look-out-licat/


VirusTotal
http://www.virustotal.com/file-scan/report.html?id=b3e3b3d389d48ae056845b8223402e1d27c8950eadaa7ffecaebeda93af73a03-1287136181

ThreatExpert
http://www.threatexpert.com/report.aspx?md5=1e940baeb962042a6628f81c93aaecd1
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nnoa110 on October 16, 2010, 07:00:10 AM
Stealth malware steals, imitates social behavior

http://www.msnbc.msn.com/id/39691794/ns/technology_and_science-security/

Also read,

Malware Aimed at Social Networks May Steal Your Reality

http://www.pcworld.com/article/207659/malware_aimed_at_social_networks_may_steal_your_reality.html?tk=hp_new
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nnoa110 on October 16, 2010, 07:12:14 AM
Fake Stuxnet removal tool will kill your PC

http://www.sync-blog.com/sync/2010/10/stuxnet-removal-tool-is-malware-too.html

It's shame that avast! is not listed under suggestions...
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nnoa110 on October 17, 2010, 12:29:09 PM
Apple Fixes Bugs in Remote App 2.0.1 Update

http://www.pcworld.com/businesscenter/article/207976/apple_fixes_bugs_in_remote_app_201_update.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: SafeSurf on October 17, 2010, 12:34:53 PM
Apple Fixes Bugs in Remote App 2.0.1 Update
http://www.pcworld.com/businesscenter/article/207976/apple_fixes_bugs_in_remote_app_201_update.html
Can you post this under the new Smart Phones Update thread: http://forum.avast.com/index.php?topic=65103.0 (http://forum.avast.com/index.php?topic=65103.0).  Thank you.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nnoa110 on October 17, 2010, 12:40:26 PM
Hi Safesurf,

I've just realised that you've created such a nice thread!
I'll post this right away ;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: SafeSurf on October 17, 2010, 12:46:27 PM
Hi Safesurf,

I've just realised that you've created such a nice thread!
I'll post this right away ;D
Thank you.  :)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: CharleyO on October 18, 2010, 02:38:27 PM
***

From the Wall Street Journal:

Report: Facebook apps transmitted personal info

"The Wall Street Journal is reporting that 10 popular Facebook applications have been transmitting users' personal identifying information to dozens of advertising and Internet tracking companies."


http://my.earthlink.net/article/top?guid=20101018/2b65b90d-a821-441e-939e-b119ebb89c03


***
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on October 19, 2010, 10:10:19 AM
Microsoft: ‘Unprecedented Wave of Java Exploitation’
http://krebsonsecurity.com/2010/10/microsoft-a-tidal-wave-of-java-exploitation/
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on October 19, 2010, 10:14:41 AM
Security problems in media players
http://www.h-online.com/security/news/item/Security-problems-in-media-players-1109782.html
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on October 19, 2010, 12:17:46 PM
The GNU C library dynamic linker expands $ORIGIN in setuid library search path
http://seclists.org/fulldisclosure/2010/Oct/257
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nnoa110 on October 19, 2010, 12:24:37 PM
New malware technique targets intrusion-prevention systems

http://www.networkworld.com/news/2010/101810-malware-targets-ips.html?t51hb
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nnoa110 on October 19, 2010, 12:57:59 PM
Fake Twitter homepages serving malware

http://www.net-security.org/malware_news.php?id=1498
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Marc57 on October 19, 2010, 08:40:04 PM
Microsoft nukes Zeus malware from 275,000 Windows machines

Microsoft is claiming major success at cleaning the notorious Zeus crimeware trojan from infected Windows machines.

One week after adding detections into its malicious software removal tool, Microsoft said it nuked Zeus (also called Zbot) 281,491 times from 274,873 computers.


http://www.zdnet.com/blog/security/microsoft-nukes-zeus-malware-from-275000-windows-machines/7481?tag=nl.e589

Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Omid Farhang on October 19, 2010, 10:21:07 PM
RealPlayer Security Updates Published (http://boelectronic.blogspot.com/2010/10/realplayer-security-updates-published.html)

Facebook Privacy Breach: Users' Info Leaked To Advertising, Tracking Firms (http://boelectronic.blogspot.com/2010/10/facebook-privacy-breach-users-info.html)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on October 20, 2010, 09:27:56 AM
Trojan trouble at Lenovo
http://www.h-online.com/security/news/item/Trojan-trouble-at-Lenovo-1110581.html
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on October 21, 2010, 09:32:14 AM
Hole in Linux kernel provides root rights
http://www.vsecurity.com/resources/advisory/20101019-1/
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on October 21, 2010, 11:22:00 AM
WoW Patch Brings Out the Malware Trolls
http://blog.webroot.com/2010/10/20/wow-patch-brings-out-the-malware-trolls
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nnoa110 on October 21, 2010, 12:03:46 PM
Hackers subvert Firefox security warnings to sling scareware

http://www.theregister.co.uk/2010/10/20/scareware_scumbags_subvert_firefox_security_warnings/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Avastfan1 on October 21, 2010, 08:12:11 PM
RealPlayer Security Updates Published (http://boelectronic.blogspot.com/2010/10/realplayer-security-updates-published.html)

Strange how there are no updates for the latest version 1.1.5 :S
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on October 22, 2010, 09:39:20 AM
Critical vulnerability in Adobe Shockwave Player - no update available
http://www.norman.com/security_center/security_center_archive/2010/128624/en

Quote
A critical vulnerability has been identified in Adobe Shockwave Player 11.5.8.612 and earlier versions. Details about the vulnerability has been published on the Internet, and malware that utilizes this may be expected to appear.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on October 22, 2010, 11:21:36 AM
Critical vulnerability in Adobe Shockwave Player - no update available
http://www.norman.com/security_center/security_center_archive/2010/128624/en

Quote
A critical vulnerability has been identified in Adobe Shockwave Player 11.5.8.612 and earlier versions. Details about the vulnerability has been published on the Internet, and malware that utilizes this may be expected to appear.

More on this:
http://www.exploit-db.com/exploits/15296/
http://blogs.adobe.com/psirt/2010/10/security-advisory-for-adobe-shockwave-player-apsa10-04.html
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on October 22, 2010, 11:24:09 AM
Apple releases Java security updates
http://www.h-online.com/security/news/item/Apple-releases-Java-security-updates-1122472.html
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on October 22, 2010, 11:26:31 AM
New malware technique targets intrusion-prevention systems

http://www.networkworld.com/news/2010/101810-malware-targets-ips.html?t51hb

Alarms for online networks largely useless
http://www.h-online.com/security/news/item/Alarms-for-online-networks-largely-useless-1123028.html
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on October 22, 2010, 11:30:42 AM
Pidgin 2.7.4 closes DoS vulnerability
http://pidgin.im/news/security/?id=48
http://developer.pidgin.im/wiki/ChangeLog
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on October 22, 2010, 11:32:56 AM
CompTIA - upcoming discussion on security culprits and costs

http://www.scmagazineus.com/costs-and-causes-of-data-loss-incidents-to-be-discussed/article/181252/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on October 22, 2010, 04:25:27 PM
Are security products losing the battle?
http://www.norman.com/security_center/security_center_archive/2010/128626/no
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Omid Farhang on October 22, 2010, 05:09:07 PM
Are security products losing the battle?
http://www.norman.com/security_center/security_center_archive/2010/128626/no

Can you please post a link to test result too? (from NSS), I followed the link posted in NSSLab and it open a blank page
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on October 22, 2010, 05:23:06 PM
Top right corner, click the " FREE REPORT " should give you a pdf.file

http://www.nsslabs.com/research/endpoint-security/anti-malware/consumer-anti-malware-products:-group-test-report-q3-2010.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Lisandro on October 22, 2010, 06:27:27 PM
Are security products losing the battle?
http://www.norman.com/security_center/security_center_archive/2010/128626/no
Being discussing at Wilders: http://www.wilderssecurity.com/showthread.php?t=284754
And Comodo: https://forums.comodo.com/empty-t63917.0.html;topicseen
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Omid Farhang on October 22, 2010, 07:18:34 PM
Top right corner, click the " FREE REPORT " should give you a pdf.file

http://www.nsslabs.com/research/endpoint-security/anti-malware/consumer-anti-malware-products:-group-test-report-q3-2010.html
This time link worked (http://forum.qip.ru/images/smilies/wink.gif)

I like AVG Result (http://forum.qip.ru/images/smilies/spiteful.gif)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on October 23, 2010, 08:34:52 AM
Siemens Stuxnet patch does not provide sufficient protection
http://www.h-online.com/security/news/item/Siemens-Stuxnet-patch-does-not-provide-sufficient-protection-1123815.html
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nnoa110 on October 23, 2010, 09:02:31 AM
Facebook proposes encryption to stop third party data thieves

http://www.theinquirer.net/inquirer/news/1810100/facebook-proposes-encryption-stop-party-theives
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on October 23, 2010, 04:28:11 PM
Are security products losing the battle?
http://www.norman.com/security_center/security_center_archive/2010/128626/no
Being discussing at Wilders: http://www.wilderssecurity.com/showthread.php?t=284754
And Comodo: https://forums.comodo.com/empty-t63917.0.html;topicseen

Round here everyone is not losing the battle primarily because they have security products  ;D

It wasn't always like this. infected computers still come in through the front door from the wild.
mostly avast users now, run a real-time antivirus as resident with other security products.
 
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on October 25, 2010, 04:56:04 PM
Kaspersky Anti-Virus cripples Servers
http://www.h-online.com/security/news/item/Kaspersky-Anti-Virus-cripples-Servers-1124659.html
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nnoa110 on October 26, 2010, 11:44:42 AM
Iranian Cyber Army Moves Into Botnets

http://www.pcworld.com/businesscenter/article/208670/iranian_cyber_army_moves_into_botnets.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nnoa110 on October 26, 2010, 11:48:13 AM
Reports: Click fraud, malware increasing

http://www.bizreport.com/2010/10/reports-click-fraud-malware-increasing.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on October 27, 2010, 08:31:16 AM
SpyEye v. ZeuS Rivalry Ends in Quiet Merger
http://krebsonsecurity.com/2010/10/spyeye-v-zeus-rivalry-ends-in-quiet-merger/
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on October 27, 2010, 11:35:45 AM
Critical vulnerability in Firefox 3.5 and Firefox 3.6
http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/
https://bugzilla.mozilla.org/show_bug.cgi?id=607222 [dev rights needed]
http://blog.trendmicro.com/firefox-zero-day-found-in-compromised-nobel-peace-prize-website/
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nnoa110 on October 27, 2010, 11:45:38 AM
What's the riskiest country to visit -- on the Web?

http://technolog.msnbc.msn.com/_news/2010/10/26/5355098-whats-the-riskiest-country-to-visit-on-the-web
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on October 27, 2010, 12:57:27 PM
The Rise of the Small Botnet
Smaller botnets are cheaper and easier to build out and operate, and criminals have already realized that large-scale botnets attract unwanted attention
http://www.securityweek.com/rise-small-botnet
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on October 28, 2010, 08:07:59 AM
Critical vulnerability in Firefox 3.5 and Firefox 3.6
http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/
https://bugzilla.mozilla.org/show_bug.cgi?id=607222 [dev rights needed]
http://blog.trendmicro.com/firefox-zero-day-found-in-compromised-nobel-peace-prize-website/
asyn

Updates available..!! That was fast...!! :)
https://developer.mozilla.org/devnews/index.php/2010/10/27/firefox-3-6-12-and-3-5-15-security-updates-now-available/
https://developer.mozilla.org/devnews/index.php/2010/10/27/thunderbird-3-1-6-and-3-0-10-security-updates-now-available/
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on October 28, 2010, 02:37:19 PM
Trojan Horse OSX/Koobface.A Affects Mac OS X
Koobface Variant Spreads via Facebook, Twitter and More
http://blog.intego.com/2010/10/27/intego-security-memo-trojan-horse-osxkoobface-a-affects-mac-os-x-mac-koobface-variant-spreads-via-facebook-twitter-and-more/
http://www.securemac.com/boonana-bulletin.php
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on October 28, 2010, 02:54:13 PM
Security problems in media players
http://www.h-online.com/security/news/item/Security-problems-in-media-players-1109782.html
asyn

Nullsoft closes holes in Winamp
http://forums.winamp.com/showthread.php?t=322995
http://secunia.com/secunia_research/2010-95/
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Onix on October 28, 2010, 05:03:38 PM
A new vulnerability in Adobe products:
http://www.adobe.com/support/security/advisories/apsa10-05.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on October 29, 2010, 08:34:52 AM
CiscoWorks Common Services Arbitrary Code Execution Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20101027-cs.shtml
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on October 29, 2010, 04:53:43 PM
"Your are infected with Bredolab" Message Problem
http://norman.com/security_center/blog/righard_zwienenberg/129332/en-us


Hey, your computer is infected!
http://norman.com/security_center/security_center_archive/2010/129405/en-us


Undead Bredolab zombie network lashes out from the grave (Someone's still pulling the strings)
http://www.theregister.co.uk/2010/10/29/bredolab_botnet_death_throes/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: CharleyO on November 01, 2010, 07:42:49 PM
***

Using Wi-Fi?  Firesheep may endanger your security

"Most internet users hear -- and dismiss -- warnings about security problems on open Wi-Fi networks. The advent of Firesheep, coupled with the booming popularity of account-based online services such as Twitter, means that no one can afford to continue to ignore online security."

http://edition.cnn.com/2010/TECH/mobile/11/01/firesheep.wifi.security/


***
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on November 03, 2010, 07:56:55 AM
Spontaneous worldwide reboot of Check Point appliances
http://yurisk.info/2010/10/31/the-d-day-for-checkpoint-utm-1-edge-appliances-happened-today-reboots-are-reported-all-over-the-world/
http://www.cpug.org/forums/check-point-utm-1-edge-appliances/14606-all-edge-firewalls-rebooted-10-30-2010-8-58-p-m.html
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nnoa110 on November 03, 2010, 09:04:39 AM
Hackers tap SCADA vuln search engine

http://www.theregister.co.uk/2010/11/02/scada_search_engine_warning/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on November 03, 2010, 02:09:51 PM
Firesheep, Idiocy, Ethics and the Law
http://blog.eset.com/2010/11/02/firesheep-idiocy-ethics-and-the-law
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on November 03, 2010, 03:01:28 PM
Sophos debuts freebie anti-virus scanner for Macs (Sweat trickles down fanboi foreheads)
http://www.theregister.co.uk/2010/11/02/sophos_mac_anti_virus/

Shopos Anti-Virus for Mac home edition
http://www.sophos.com/products/free-tools/free-mac-anti-virus/tech-specs.html
Forum
http://openforum.sophos.com/t5/Sophos-Anti-Virus-for-Mac-Home/bd-p/FTT_MAC_MAGNET


Sophos unveils free antivirus software for the Mac
http://news.cnet.com/8301-27080_3-20021424-245.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Llanziel on November 04, 2010, 04:02:41 PM
New multi-platform infector:

Trojan:Java/Boonana, is written in Java which gives it cross platform capability infecting Windows, Mac and Linux users.

http://blogs.technet.com/b/mmpc/archive/2010/11/03/its-not-koobface-new-multi-platform-infector.aspx

Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: scythe944 on November 04, 2010, 04:34:43 PM
***

Using Wi-Fi?  Firesheep may endanger your security

"Most internet users hear -- and dismiss -- warnings about security problems on open Wi-Fi networks. The advent of Firesheep, coupled with the booming popularity of account-based online services such as Twitter, means that no one can afford to continue to ignore online security."

http://edition.cnn.com/2010/TECH/mobile/11/01/firesheep.wifi.security/


***


Squash FireSheep with FireShepherd:

http://notendur.hi.is/~gas15/FireShepherd/
http://www.downloadsquad.com/2010/10/29/fight-firesheep-with-fireshepherd/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on November 05, 2010, 01:29:59 PM
Adobe, Adobe, Adobe... ::)
http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html
http://lists.grok.org.uk/pipermail/full-disclosure/2010-November/077255.html
http://secunia.com/advisories/42112/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Llanziel on November 05, 2010, 10:34:18 PM
Attackers Now Using Honeypots to Trap Researchers

http://threatpost.com/en_us/blogs/attackers-now-using-honeypots-trap-researchers-110410?utm_source=Newsletter_110510&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=&CID=
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on November 05, 2010, 10:37:46 PM
Attackers Now Using Honeypots to Trap Researchers

Also read here: http://forum.avast.com/index.php?topic=63221.msg556130#msg556130
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Llanziel on November 05, 2010, 11:00:43 PM
Attackers Now Using Honeypots to Trap Researchers

Also read here: http://forum.avast.com/index.php?topic=63221.msg556130#msg556130


Thanks, don't knew about it.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on November 05, 2010, 11:27:00 PM
Attackers Now Using Honeypots to Trap Researchers

Also read here: http://forum.avast.com/index.php?topic=63221.msg556130#msg556130

I always knew that Honeypots where sticky and hard to get out of.  ;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Dwarden on November 06, 2010, 07:17:58 AM
avast! 5 related one

http://secunia.com/advisories/42134/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on November 06, 2010, 11:17:39 AM
Viruses lead security concerns of small and midsize business

http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=228200171

(not sure if the report has already been posted)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: DavidR on November 06, 2010, 04:05:12 PM
avast! 5 related one

http://secunia.com/advisories/42134/

Well it is rated as Not Critical and more importantly, talks of 'malicious local users' so you have to have some responsibility over physical access to your system.

See image, click to expand.

It says this is in the avast! Internet Security product, so I don't know if "aswtdi.sys" is also across the 5.0.677 product range.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on November 06, 2010, 05:35:45 PM
Microsoft warns of zero-day hole in Internet Explorer
https://www.microsoft.com/technet/security/advisory/2458511.mspx
http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks
http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx
http://blogs.technet.com/b/srd/archive/2010/11/03/dep-emet-protect-against-attacks-on-the-latest-internet-explorer-vulnerability.aspx
http://support.microsoft.com/kb/2458511/en-us
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on November 06, 2010, 06:01:42 PM
Microsoft warns of zero-day hole in Internet Explorer

Internet Explorer 6, 7, 8 Memory Corruption 0day Exploit
http://www.exploit-db.com/exploits/15421/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on November 06, 2010, 06:32:55 PM
Microsoft warns of zero-day hole in Internet Explorer

Internet Explorer 6, 7, 8 Memory Corruption 0day Exploit
http://www.exploit-db.com/exploits/15421/

Firefox is not as safe as you assume: ;)
Mozilla patches 12 Firefox bugs
http://news.techworld.com/security/3244954/mozilla-patches-12-firefox-bugs
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: DavidR on November 06, 2010, 07:14:53 PM
Did anyone say that it was ???

I see no point in posting about a vulnerability that has been patched, when Asyn is posting about a 0day vulnerability/exploit in IE.

You really do get protective about IE when someone posts a vulnerability, strange considering that this is the SECURITY WARNINGS & Notices topic. Almost like you built it, when the whole idea of this topic is to alert about security warnings and notices wherever they might be.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on November 06, 2010, 07:36:02 PM
I guess those still running on XP need to be carefull.  ;D

Those running Windows 7 64bit and IE9 are a bit safer and have a better browser option:
IE9, FF4 Beta In Real-World Benchmark
http://www.lucidchart.com/blog/2010/09/16/ie9-ff4-beta-in-real-world-benchmark

Google Chrome on my XP Pro system is very good.  ;)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: DavidR on November 06, 2010, 07:50:44 PM
You are at it again, when are you going to learn, this has nothing to do with the original IE 0day post by Aysn you quoted and my follow up.

Vista is also effected, but I guess you didn't read all of the information Asyn posted or you would have done as I did and post the Mitigating Factors that limit the potential of this 0day exploit; rather than trying to deflect security notices on IE to other areas as is very common for you.

I don't really care if people are using win7 64bit (though some win7 users are vulnerable if they aren't using IE9 beta) and or IE 9 beta as they aren't mentioned in the 0day exploit that was posted.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on November 07, 2010, 05:47:24 PM
Burma hit by massive net attack ahead of election

An ongoing computer attack has knocked Burma off the internet, just days ahead of its first election in 20 years.
http://www.bbc.co.uk/news/technology-11693214
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on November 10, 2010, 07:51:27 AM
Microsoft warns of zero-day hole in Internet Explorer
https://www.microsoft.com/technet/security/advisory/2458511.mspx
http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks
http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx
http://blogs.technet.com/b/srd/archive/2010/11/03/dep-emet-protect-against-attacks-on-the-latest-internet-explorer-vulnerability.aspx
http://support.microsoft.com/kb/2458511/en-us

Heads up... 0-day in an exploit kit
http://thompson.blog.avg.com/2010/11/heads-up-0-day-in-an-exploit-kit.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on November 10, 2010, 04:52:57 PM
SSL for Hotmail blocks Windows Live connections
http://windowsteamblog.com/windows_live/b/windowslive/archive/2010/11/09/hotmail-security-improves-with-full-session-https-encryption.aspx
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on November 10, 2010, 05:06:27 PM
Critical Hole in Mac OS X 10.5.x
http://www.coresecurity.com/content/Apple-OSX-ATSServer-CharStrings-Sign-Mismatch
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on November 11, 2010, 11:18:02 PM
Hidden second Wi-Fi network with the Thomson TWG870U router
http://www.norman.com/security_center/blog/righard_zwienenberg/129786/en
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on November 12, 2010, 08:05:50 AM
Microsoft warns of zero-day hole in Internet Explorer
https://www.microsoft.com/technet/security/advisory/2458511.mspx
http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks
http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx
http://blogs.technet.com/b/srd/archive/2010/11/03/dep-emet-protect-against-attacks-on-the-latest-internet-explorer-vulnerability.aspx
http://support.microsoft.com/kb/2458511/en-us

Heads up... 0-day in an exploit kit
http://thompson.blog.avg.com/2010/11/heads-up-0-day-in-an-exploit-kit.html

Amnesty International Hong Kong Website Injected With Latest Internet Explorer 0-day
http://community.websense.com/blogs/securitylabs/archive/2010/11/10/Amnesty-International-Hong-Kong-Website-Injected-With-Latest-Internet-Explorer-0_2D00_day-.aspx
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nnoa110 on November 12, 2010, 09:06:48 AM
How do criminals use Facebook? Let us count the ways

http://www.sync-blog.com/sync/2010/11/how-do-criminals-use-facebook-let-us-count-the-ways.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on November 15, 2010, 09:49:25 AM
Stuxnet: A Breakthrough
http://www.symantec.com/connect/blogs/stuxnet-breakthrough
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nnoa110 on November 16, 2010, 09:17:19 AM
Global spam e-mail drops after hacker arrests

http://www.bbc.co.uk/news/technology-11757347
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on November 16, 2010, 02:35:57 PM
How the TLD4 rootkit gets around driver signing policy on a 64-bit machine
http://sunbeltblog.blogspot.com/2010/11/how-tld4-rootkit-gets-around-driver.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on November 17, 2010, 11:47:38 PM
Red Hat warns of hole in OpenSSL
http://rhn.redhat.com/errata/RHSA-2010-0888.html
http://openssl.org/news/secadv_20101116.txt
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on November 17, 2010, 11:50:19 PM
Adobe, Adobe, Adobe... ::)
http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html
http://lists.grok.org.uk/pipermail/full-disclosure/2010-November/077255.html
http://secunia.com/advisories/42112/

Update for Adobe Reader fixes 19 holes
http://www.adobe.com/support/security/bulletins/apsb10-28.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: scythe944 on November 18, 2010, 04:11:06 PM
Adobe, Adobe, Adobe... ::)
http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html
http://lists.grok.org.uk/pipermail/full-disclosure/2010-November/077255.html
http://secunia.com/advisories/42112/

Update for Adobe Reader fixes 19 holes
http://www.adobe.com/support/security/bulletins/apsb10-28.html


I don't want to sidetrack this thread, but this is something that really just drives me nuts.  I understand Adobe patches as soon as they can and I appreciate that, even if they take WAY too long to do so.  But it's very difficult to keep all of your computers up to date and patched when it requires admin rights in order to run the update.

In the schools that I manage, I don't allow my users to have admin rights, in fact, they pretty much don't have any rights at all, they can barely even open the task manager.

So when I have to go around the school and update adobe on every computer in the lab, the student classrooms, and the teacher computers, I just curse adobe's name.  Same goes for iTunes/Quicktime, same goes for shockwave (which asks for admin rights at least, so that's nice), same for Java.

I really wish they'd let standard users update the software somehow, or ask for permission when the install starts instead of just erroring out and quitting.  Why can't MS integrate third-party updates in WSUS!!!

Nope, can't do that, you just have to spend $4k on shavlik or something.  Ridiculous.

/rant.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Lisandro on November 18, 2010, 04:16:17 PM
scythe, the only thing we need, in this case, is a service installed and running or a Windows Task running with admin rights for all users.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: scythe944 on November 18, 2010, 04:35:15 PM
scythe, the only thing we need, in this case, is a service installed and running or a Windows Task running with admin rights for all users.

And that's not going to happen, since MS won't even let standard users run Windows Updates (unless enabled through group policy).  I understand their reasoning though. If it's a business environment, some IT Admins like to test the updates first before deploying them to see if they break applications.

It's frustrating, but there's no win-win situation.  You either have to go around to every computer manually and update all the third-party software, or give rights to users that they shouldn't have in order for them to do it themselves.

To me, there's only two ways to fix this.  Either the Third-parties need to allow admin creds be entered as the update runs (so we don't have to log off the current user, log in as admin, install the update, then log off and back on as the user), OR, MS needs to integrate at least common third-party software updates, so that admins can authorize them and push them out as needed.

Quote
service installed and running or a Windows Task running with admin rights for all users.
Sounds too scary, and if it were exploited, it could cause all kinds of problems.  It would work though.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Lisandro on November 18, 2010, 05:29:23 PM
Sounds too scary, and if it were exploited, it could cause all kinds of problems.  It would work though.
Life is scaring :)
Google already does it. Secunia PSI does it. Some defragmentation tools do it...
avast does it (service) :)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on November 19, 2010, 01:24:55 AM
Google Chrome tops 'Dirty Dozen' vulnerable apps list
http://www.networkworld.com/news/2010/111510-google-chrome-dirty-dozen.html?t51hb
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on November 19, 2010, 09:28:17 PM
Free ClamWin virus scanner moves most of Windows into quarantine
http://www.h-online.com/open/news/item/Free-ClamWin-virus-scanner-moves-most-of-Windows-into-quarantine-1139430.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Lisandro on November 19, 2010, 09:37:48 PM
Free ClamWin virus scanner moves most of Windows into quarantine
http://www.h-online.com/open/news/item/Free-ClamWin-virus-scanner-moves-most-of-Windows-into-quarantine-1139430.html
Wow... What a nightmare! 25.000 files sent to Chest!
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on November 19, 2010, 09:56:12 PM
Wow... What a nightmare! 25.000 files sent to Chest!

Well, it sure is a nightmare...!!
We don't like that to happen with avast, do we..!!?? ;)
asyn

Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nnoa110 on November 22, 2010, 09:44:25 AM
Quiet Merger, Gang Warfare, or Mere Deception?

http://blogs.mcafee.com/mcafee-labs/quiet-merger-gang-warfare-or-mere-deception
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on November 22, 2010, 12:13:57 PM
Whoa, Google, That’s A Pretty Big Security Hole
http://techcrunch.com/2010/11/20/whoa-google-thats-a-pretty-big-security-hole/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on November 22, 2010, 12:32:30 PM
Whoa, Google, That’s A Pretty Big Security Hole
http://techcrunch.com/2010/11/20/whoa-google-thats-a-pretty-big-security-hole/

See this
Quote
Update 4: Google says the issue is now resolved: “We quickly fixed the issue in the Google Apps Script API that could have allowed for emails to be sent to Gmail users without their permission if they visited a specially designed website while signed into their account. We immediately removed the site that demonstrated this issue, and disabled the functionality soon after. We encourage responsible disclosure of potential application security issues to security@google.com.”
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on November 22, 2010, 12:36:22 PM
See this
Quote
Update 4: Google says the issue is now resolved: “We quickly fixed the issue in the Google Apps Script API that could have allowed for emails to be sent to Gmail users without their permission if they visited a specially designed website while signed into their account. We immediately removed the site that demonstrated this issue, and disabled the functionality soon after. We encourage responsible disclosure of potential application security issues to security@google.com.”

I know that, Kenny... I read the content before posting it..! ;)
Still, affected users should at least know about the issue, imo...
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on November 23, 2010, 08:56:13 AM
Exploit for unpatched Stuxnet hole
http://www.h-online.com/security/news/item/Exploit-released-for-unpatched-Stuxnet-hole-1140196.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Chris Thomas on November 23, 2010, 09:05:19 AM
Free ClamWin virus scanner moves most of Windows into quarantine
http://www.h-online.com/open/news/item/Free-ClamWin-virus-scanner-moves-most-of-Windows-into-quarantine-1139430.html
Wow... What a nightmare! 25.000 files sent to Chest!

That was cool.... :P
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on November 23, 2010, 09:09:52 AM
Avira blocks security tool and struggles with memory leak
http://www.h-online.com/security/news/item/Avira-blocks-security-tool-and-struggles-with-memory-leak-1140478.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Omid Farhang on November 23, 2010, 12:27:33 PM
Avira blocks security tool and struggles with memory leak
http://www.h-online.com/security/news/item/Avira-blocks-security-tool-and-struggles-with-memory-leak-1140478.html


I confirm latest update of Avira is highly buggy (Avira 10 Service Pack 1). It cause shutdown problem in Windows XP SP3 (I've seen many people are reporting that in Avira forum and moderators confirmed known problem), slow down in webguard which slow internet speed a lot, BSOD and also unstable firewall. I don't know what's going on in behind scense, this is first time Avira release such a bad update.

Edit:
I asked Avira for a comment, These are what I got:

Michael (Avira Moderator):
Quote
There is not really a need to install the pre-sp1 version of aVir. The posted workaround solves also the problem with the memory leak.
Actual there is no information available what the reason for this leak is or which installed programs/drivers are the reason for the leak.

Avira (In Facebook):
Quote
As you can see in the article we commented to heise online already. A patch is in development and will be shipped soon. Affected are only a few systems, far below the promille border. The very shortly blocked Secunia PSI was corrected immediatly after we received the notification.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Marc57 on November 23, 2010, 07:13:21 PM
Virus infecting Stony Brook computers

"Students, staff and faculty using computers on the Stony Brook University networks should be on the lookout for a virus that disguises itself as security software called ThinkPoint, according to a post on the university’s Division of Information Technology site on Monday."


http://www.sbstatesman.com/virus-attacking-stony-brook-computers786

Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on November 24, 2010, 02:41:39 PM
Cross-Border Korean Shelling Leads to FAKEAV

News outlets all over the world are talking about the recent cross-border clash between North and South Korea. The shelling, one of the worst incidents between the two countries in years, is naturally being used by cybercriminals behind fake antivirus malware.

http://blog.trendmicro.com/cross-border-korean-shelling-leads-to-fakeav
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on November 24, 2010, 04:06:14 PM
Free anti-virus for Mac - 150,000 active users and plenty of malware found

http://nakedsecurity.sophos.com/2010/11/18/free-anti-virus-for-mac-150000-active-users-and-plenty-of-malware-found/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on November 24, 2010, 04:25:12 PM
F-Secure Stuxnet Redux: Questions and Answers with video
http://www.f-secure.com/weblog/archives/00002066.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on November 24, 2010, 09:36:46 PM
BitDefender: 20% of Facebook news feeds contain infections
http://www.h-online.com/security/news/item/BitDefender-20-of-Facebook-news-feeds-contain-infections-1141060.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on November 25, 2010, 12:12:39 PM
Secunia got hijacked
http://secunia.com/blog/153/
http://isc.sans.edu/diary.html?storyid=9994
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: AdrianH on November 25, 2010, 01:04:43 PM
http://www.theregister.co.uk/2010/11/24/windows_0day_report/

Windows 0day allows malicious code execution

Quote
Antimalware provider Prevx has sounded the alarm about a serious vulnerability in fully patched versions of Microsoft Windows. It allows attackers to execute malware, even in versions designed to withstand such exploits.............. (read more)

Windows in trouble again  ::)

XP/Vista/Win7 32 and 64 bit affected.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on November 25, 2010, 02:55:18 PM
Windows 0day allows malicious code execution

Thanks, Adrian...!!!
asyn

Some related links:
http://www.prevx.com/blog/160/New-Windows-day-exploit-speaks-chinese.html
http://www.vupen.com/english/advisories/2010/3058
https://twitter.com/msftsecresponse/status/7590788200402945
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on November 25, 2010, 09:05:11 PM
Super Virus A Target For Cyber Terrorists

A super virus that was used to disrupt Iran's nuclear programme has been traded on the black market and could be used by terrorists, according to Sky News sources.
http://news.sky.com/skynews/Home/World-News/Stuxnet-Worm-Virus-Targeted-At-Irans-Nuclear-Plant-Is-In-Hands-Of-Bad-Guys-Sky-News-Sources-Say/Article/201011415827544?lpos=World_News_News_Your_Way_Region_5&lid=NewsYourWay_ARTICLE_15827544_Stuxnet_Worm%3A_Virus_Targeted_At_Irans_Nuclear_Plant_Is_In_Hands_Of_Bad_Guys%2C_Sky_News_Sources_Say


hmmmm...that was a short url   ;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on November 25, 2010, 09:11:06 PM
hmmmm...that was a short url   ;D

It sure was... ;D 8)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Llanziel on November 30, 2010, 02:25:43 AM
Exploit Code Out For New Windows Kernel Flaw

http://goo.gl/TVSX5 (Shortened)

http://threatpost.com/en_us/blogs/exploit-code-out-new-windows-kernel-flaw-112910
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nmb on November 30, 2010, 03:32:42 AM
Exploit Code Out For New Windows Kernel Flaw
http://goo.gl/TVSX5   (Shortened)

Please do not use shortened links.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on November 30, 2010, 05:27:43 AM
For those who are interested - a guide for the preview of some commonly found shortened urls

http://security.thejoshmeister.com/2009/04/how-to-preview-shortened-urls-tinyurl.html


and a warning for Facebook users

Facebook infested with new worm
http://www.zdnet.com/blog/igeneration/facebook-infested-with-new-worm-more-proof-site-is-insecure/6955?tag=nl.e550

Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Brandonn2010 on November 30, 2010, 06:45:31 AM
Free anti-virus for Mac - 150,000 active users and plenty of malware found

http://nakedsecurity.sophos.com/2010/11/18/free-anti-virus-for-mac-150000-active-users-and-plenty-of-malware-found/

That may convince my stepmom to put an antivirus on her iMac. is the Avast! Mac version free? If not, what free Mac AVs are there?
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on November 30, 2010, 07:43:56 AM
That may convince my stepmom to put an antivirus on her iMac. is the Avast! Mac version free? If not, what free Mac AVs are there?

Please open a new topic for this question.
Thanks.
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on November 30, 2010, 05:59:15 PM
Nullsoft closes multiple Winamp vulnerabilities
http://forums.winamp.com/showthread.php?t=324322
http://forums.winamp.com/showthread.php?threadid=159785
http://www.winamp.com/media-player/en
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on December 01, 2010, 01:07:14 PM
Latest Koobface news ..... still alive and well

Koobface: Inside a Crimeware Network
http://www.infowar-monitor.net/2010/11/koobface/


Rogue apps 'worst Facebook feed malware baddies' ( Bonus extras will eff up your feed )
http://www.theregister.co.uk/2010/11/24/facebook_malware_survey/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on December 01, 2010, 01:10:03 PM
ZeuS variant only infects super-fast PCs ( Too tricky for its own bad )
http://www.theregister.co.uk/2010/11/25/snobby_zeus_variant_avoids_bog_standard_pcs/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on December 01, 2010, 01:15:42 PM
ZeuS variant only infects super-fast PCs ( Too tricky for its own bad )
http://www.theregister.co.uk/2010/11/25/snobby_zeus_variant_avoids_bog_standard_pcs/

Technical info here: http://forum.avast.com/index.php?topic=66267.msg561612#msg561612
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on December 01, 2010, 02:03:17 PM
Quote
Last infection here was a 'Yankee Doodle' in the late 80ies.
I try to eat one of them whenever I find a store that sells them:  ;D ;D
(http://www.drakescakeonline.com/images/yankee_doodle_sm.jpg)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on December 01, 2010, 04:05:18 PM
Quote
Last infection here was a 'Yankee Doodle' in the late 80ies.
I try to eat one of them whenever I find a store that sells them:  ;D ;D

Lol..! So you are infected with other Yankee Doodle(s)... ;D
http://www.symantec.com/security_response/writeup.jsp?docid=2000-121914-2303-99
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on December 01, 2010, 04:11:09 PM
Russians on the moon? Canon's image verification system cracked
http://www.h-online.com/security/news/item/Russians-on-the-moon-Canon-s-image-verification-system-cracked-1145443.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on December 01, 2010, 04:14:26 PM
Savannah software forge compromised
http://www.h-online.com/open/news/item/Savannah-software-forge-compromised-1145383.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on December 03, 2010, 08:02:59 AM
Back door in ProFTPD FTP server
http://www.h-online.com/open/news/item/Back-door-in-ProFTPD-FTP-server-1146592.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: SafeSurf on December 03, 2010, 08:56:18 AM
Horror AVG (Free and Paid) Update Throws Win7 and other OS’s into Constant Reboot Loops – Ooops…We’re Sorry:
http://www.theregister.co.uk/2010/12/02/avg_auto_immune_update/ (http://www.theregister.co.uk/2010/12/02/avg_auto_immune_update/)

Comment and Temporary Fix from AVG:
http://product-team.blog.avg.com/2010/12/avg-fix-for-computers-running-on-windows-7-64-bit-platform.html?utm_medium=twitter&utm_source=twitterfeed (http://product-team.blog.avg.com/2010/12/avg-fix-for-computers-running-on-windows-7-64-bit-platform.html?utm_medium=twitter&utm_source=twitterfeed)

Edit:  Just saw a new thread about this: http://forum.avast.com/index.php?topic=66897.0 (http://forum.avast.com/index.php?topic=66897.0). 
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Lisandro on December 03, 2010, 11:28:36 AM
Horror AVG (Free and Paid) Update Throws Win7 and other OS’s into Constant Reboot Loops – Ooops…We’re Sorry:
http://www.theregister.co.uk/2010/12/02/avg_auto_immune_update/ (http://www.theregister.co.uk/2010/12/02/avg_auto_immune_update/)

Comment and Temporary Fix from AVG:
http://product-team.blog.avg.com/2010/12/avg-fix-for-computers-running-on-windows-7-64-bit-platform.html?utm_medium=twitter&utm_source=twitterfeed (http://product-team.blog.avg.com/2010/12/avg-fix-for-computers-running-on-windows-7-64-bit-platform.html?utm_medium=twitter&utm_source=twitterfeed)

Edit:  Just saw a new thread about this: http://forum.avast.com/index.php?topic=66897.0 (http://forum.avast.com/index.php?topic=66897.0). 
One year after avast's nightmare...
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Llanziel on December 03, 2010, 08:38:30 PM
Google Plugs 'High Risk' Chrome Holes, Adds PDF Viewer in Sandbox

http://threatpost.com/en_us/blogs/google-plugs-high-risk-chrome-holes-adds-pdf-viewer-sandbox-120310?utm_source=Newsletter_120310&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=

Microsoft Research Develops Zozzle JavaScript Malware Detection Tool

http://threatpost.com/en_us/blogs/microsoft-research-develops-zozzle-javascript-malware-detection-tool-120210?utm_source=Newsletter_120310&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on December 04, 2010, 12:41:02 PM
Ransomware returns: 'If you ever want to see your data again...
'Revamped version of GpCode is out, yet the malware still requires victims to believe kidnappers will return stolen data for a fee

http://infoworld.com/t/malware/ransomware-returns-if-you-ever-want-see-your-data-again-449
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on December 07, 2010, 10:17:03 PM
New Virus: Watch Out for Goo.gl Links on Twitter
http://lifehacker.com/5708311/new-virus-watch-out-for-googl-links-on-twitter
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on December 08, 2010, 10:27:09 PM
OOPS - Root privileges under Linux
http://www.h-online.com/open/news/item/OOPS-Root-privileges-under-Linux-1149758.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Silk0 on December 08, 2010, 11:35:24 PM
Malware "speaks" various languages
http://www.symantec.com/connect/blogs/w32yimfocab-malware-localization (http://www.symantec.com/connect/blogs/w32yimfocab-malware-localization)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Llanziel on December 09, 2010, 12:07:05 AM
Fake Amazon Receipt Generator Dupes Merchants
http://threatpost.com/en_us/blogs/fake-amazon-receipt-generator-dupes-merchants-120710?utm_source=Newsletter_120810&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=

TDL4 Rootkit Now Using Stuxnet Bug
http://threatpost.com/en_us/blogs/tdl4-rootkit-now-using-stuxnet-bug-120710?utm_source=Newsletter_120810&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=

Microsoft Adds Tracking Protection to IE 9http://threatpost.com/en_us/blogs/microsoft-adds-tracking-protection-ie-9-120710?utm_source=Newsletter_120810&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on December 09, 2010, 12:30:23 PM
OpenSSL Security Advisory
http://www.openssl.org/news/secadv_20101202.txt
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on December 10, 2010, 09:01:19 AM
Possible root vulnerability in Exim internet mailer
http://www.h-online.com/open/news/item/Possible-root-vulnerability-in-Exim-internet-mailer-1150631.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: yongsua on December 10, 2010, 04:32:19 PM
‘Tis the Season of DDoS – WikiLeaks Edition.This is the most interesting article i ever read.Read here:http://pandalabs.pandasecurity.com/tis-the-season-of-ddos-wikileaks-editio/ (http://pandalabs.pandasecurity.com/tis-the-season-of-ddos-wikileaks-editio/)Currently this news is very famous over the globe.The anonymous guys on one side fighting for freedom of information and freedom of press.And other people who consider themselves patriots who are trying to defend the greater interests of the United States.Lastly,I know I posted in the wrong topic,it should another topic. :-[
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on December 11, 2010, 04:19:50 AM
Very interesting read.
It truly proves that the grass is always greener on the other side  unless you
happen to step into some cow dung. ;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on December 11, 2010, 05:02:15 AM
Walgreen's acknowledges theft of customers email addresses.

(http://img.photobucket.com/albums/v190/bob3160/Walgreens.jpg)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on December 11, 2010, 06:18:19 AM
Walgreen's acknowledges theft of customers email addresses.
Walgreen Co. warns customers e-mail addresses may be in spammer's hands
http://latimesblogs.latimes.com/technology/2010/12/walgreen-co-warns-customers-e-mail-addresses-may-be-in-spammers-hands.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on December 11, 2010, 07:09:18 AM
I believe I just said that without having to go to another website  ;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on December 11, 2010, 08:51:00 AM
Next Tuesday Microsoft to finally fix IE vulnerability
http://www.h-online.com/security/news/item/Next-Tuesday-Microsoft-to-finally-fix-IE-vulnerability-1151069.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on December 11, 2010, 02:09:34 PM
Next Tuesday Microsoft to finally fix IE vulnerability
http://www.h-online.com/security/news/item/Next-Tuesday-Microsoft-to-finally-fix-IE-vulnerability-1151069.html

Key comment
Quote
The only known exploit is impotent where data execution prevention (DEP) is activated (as it is by default in Internet Explorer 8).

Microsoft Security Bulletin Advance Notification for December 2010
https://www.microsoft.com/technet/security/bulletin/ms10-dec.mspx
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Silk0 on December 11, 2010, 03:03:57 PM
Finally....

Microsoft to plug critical IE, final Stuxnet Windows holes
http://news.cnet.com/8301-27080_3-20025204-245.html?tag=mncol;title (http://news.cnet.com/8301-27080_3-20025204-245.html?tag=mncol;title)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: SpeedyPC on December 11, 2010, 03:16:48 PM
Next Tuesday Microsoft to finally fix IE vulnerability
http://www.h-online.com/security/news/item/Next-Tuesday-Microsoft-to-finally-fix-IE-vulnerability-1151069.html

Key comment
Quote
The only known exploit is impotent where data execution prevention (DEP) is activated (as it is by default in Internet Explorer 8).

Microsoft Security Bulletin Advance Notification for December 2010
https://www.microsoft.com/technet/security/bulletin/ms10-dec.mspx

Finally....

Microsoft to plug critical IE, final Stuxnet Windows holes
http://news.cnet.com/8301-27080_3-20025204-245.html?tag=mncol;title (http://news.cnet.com/8301-27080_3-20025204-245.html?tag=mncol;title)

I wish I could say Bull S**t! Microsoft don't usually keep their promised to patch those problem in IE8 better stick with Firefox or Opera for everyday browsing used and only used Windows Update Patch in IE8. 
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on December 11, 2010, 03:30:40 PM
I wish I could say Bull S**t! Microsoft don't usually keep their promised to patch those problem in IE8 better stick with Firefox or Opera for everyday browsing used and only used Windows Update Patch in IE8. 

Only those stuck on XP and don't have Windows 7 like Firefox. ;)

IE9, FF4 Beta In Real-World Benchmark
http://www.lucidchart.com/blog/2010/09/16/ie9-ff4-beta-in-real-world-benchmark
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Aethec on December 11, 2010, 03:36:30 PM
I wish I could say Bull S**t! Microsoft don't usually keep their promised to patch those problem in IE8 better stick with Firefox or Opera for everyday browsing used and only used Windows Update Patch in IE8. 
On modern versions of Windows, you don't need IE for Windows updates.
By the way, unless you have credible sources, saying this is a huge troll...

PS: YoKenny, I do wonder what the benchmark they used does in the link you posted...since Chrome 6 has no hardware acceleration but FF 4 Beta and IE 9 Beta do, those "real world" results seem weird.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: DavidR on December 11, 2010, 03:44:31 PM
<snip>
Only those stuck on XP and don't have Windows 7 like Firefox. ;)
<snip>

What a patently rubbish sweeping statement, how do you account for those win7 users that use firefox or chrome or opera. Your choice of browser is totally unrelated to the OS you are using as it is the browser, its functions, flexibility, extensions, security, etc. that suit your use of the browser and internet that determine which browser you like best.

My preference of Firefox v IE has nothing to do with the OS being used as that preference was made many years before Vista or win7 every came out.

By your own off the wall statement, you should be using firefox on your XP system :P

Even on XP you don't have to use IE for windows updates, you just use the inbuilt windows update, either Auto or Notify, etc.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: SpeedyPC on December 11, 2010, 04:08:06 PM
<snip>
Only those stuck on XP and don't have Windows 7 like Firefox. ;)
<snip>

What a patently rubbish sweeping statement, how do you account for those win7 users that use firefox or chrome or opera. Your choice of browser is totally unrelated to the OS you are using as it is the browser, its functions, flexibility, extensions, security, etc. that suit your use of the browser and internet that determine which browser you like best.

My preference of Firefox v IE has nothing to do with the OS being used as that preference was made many years before Vista or win7 every came out.

By your own off the wall statement, you should be using firefox on your XP system :P

Even on XP you don't have to use IE for windows updates, you just use the inbuilt windows update, either Auto or Notify, etc.

Well said DavidR according to my current Secunia PSI my Firefox browser is fully patch see attachment, and only 1 insecure only in IE8, YoKenny you cannot improved your statement against XP users as DavidR said.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on December 11, 2010, 04:41:45 PM
IE9, FF4 Beta In Real-World Benchmark

As you keep posting this comment over and over again...
My question is: Do you get paid by MS..?? ;)
I don't care about the speed of my browser, I prefer flexibility/security over speed..!!!
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Omid Farhang on December 11, 2010, 04:46:25 PM
As you keep posting this comment over and over again...
My question is: Do you get paid by MS..?? ;)
I don't care about the speed of my browser, I prefer flexibility/security over speed..!!!
asyn
I know some people more spamming that YoKenny with just this one comment (which is accurate rating), asyn!
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: SpeedyPC on December 11, 2010, 04:46:32 PM
IE9, FF4 Beta In Real-World Benchmark

I don't care about the speed of my browser, I prefer flexibility/security over speed..!!!
asyn


+1
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on December 11, 2010, 06:30:06 PM
RealNetworks, Inc. Releases Update to Address Security Vulnerabilities
http://service.real.com/realplayer/security/12102010_player/en/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on December 11, 2010, 07:35:25 PM
My question is: Do you get paid by MS..?? ;)
No.

If I did I would not be stuck in this horrible Canadian climate!

Now if I was Justin Bieber I would be in Costa Rica for the Winter.
http://www.youtube.com/watch?v=_Z5-P9v3F8w

I'd miss October Fest sausage and sauerkraut though. ;D

Quote
I don't care about the speed of my browser, I prefer flexibility/security over speed..!!!
Flexibility to the point of collapse will really be a good philosophy to follow with Security as an afterthought.  ;)

Arguing with DavidR is like arguing with my mother who always believed she was correct and died proving it.  :o

I bet Justin Bieber uses Windows 7 and would be horrified by XP.  ;)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on December 11, 2010, 08:14:49 PM
I bet Justin Bieber uses Windows 7 and would be horrified by XP.  ;)

I don't really care about Justin Bieber...?? ;D
Sorry guys, OT discussion is over now.
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: DavidR on December 11, 2010, 08:53:24 PM
<snip>
Arguing with DavidR is like arguing with my mother who always believed she was correct and died proving it.  :o
<snip>

There you go again, when you get your ar*e kicked when you use an off the wall sweeping statement, you can't counter the comment, so you change the subject and dive off at another tangent again.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on December 11, 2010, 08:58:26 PM
<snip>
Arguing with DavidR is like arguing with my mother who always believed she was correct and died proving it.  :o
<snip>

There you go again, when you get your ar*e kicked when you use an off the wall sweeping statement, you can't counter the comment, so you change the subject and dive off at another tangent again.

My mother taught me well.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: DavidR on December 11, 2010, 09:08:01 PM
There you go again proving my point, diving off in another direction.

I rather doubt she taught you anything, for that to happen you have to be capable of listening, something which appears to come difficult for you.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Altarir. on December 11, 2010, 09:30:28 PM
My mother taught me well.

Unfortunately, your trolling is sick and tasteless. Try some more, and maybe you will archieve the perfection!
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: SpeedyPC on December 12, 2010, 07:33:06 AM
Off the topic my mother taught me to believe in common sense and it very true if it wasn't YoKenny way. 
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on December 12, 2010, 08:09:18 PM
Possible root vulnerability in Exim internet mailer
http://www.h-online.com/open/news/item/Possible-root-vulnerability-in-Exim-internet-mailer-1150631.html

Debian and Red Hat close Exim hole
http://www.h-online.com/security/news/item/Debian-and-Red-Hat-close-Exim-hole-1151693.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on December 13, 2010, 11:42:50 AM
Gawker.com - Commenting Accounts Compromised — Change Your Passwords
http://gawker.com/5712615/commenting-accounts-compromised-%2B%2B-change-your-passwords
FAQ: http://lifehacker.com/5712785/faq-compromised-commenting-accounts-on-gawker-media
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on December 13, 2010, 11:01:59 PM
"HDD Plus" malware spread through major ad networks, using malvertising and drive-by download
http://blog.armorize.com/2010/12/hdd-plus-malware-spread-through.html


Major Ad Networks Found Serving Malicious Ads
https://threatpost.com/en_us/blogs/major-ad-networks-found-serving-malicious-ads-121210
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: DavidR on December 13, 2010, 11:15:38 PM
They are somewhat slow of the mark with this 'news' avast had an article in the blogs months ago (like February, almost 10 months ago) about ads poisoning.

http://blog.avast.com/2010/02/18/ads-poisoning-%E2%80%93-jsprontexi/ (http://blog.avast.com/2010/02/18/ads-poisoning-%E2%80%93-jsprontexi/)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nmb on December 14, 2010, 02:26:26 PM
The Internet Goes to War

Quote
If you weren’t paying attention recently, the Internet has gone to war.

http://asert.arbornetworks.com/2010/12/the-internet-goes-to-war/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on December 14, 2010, 02:48:32 PM
The Internet Goes to War

Quote
If you weren’t paying attention recently, the Internet has gone to war.

http://asert.arbornetworks.com/2010/12/the-internet-goes-to-war/

Wikileaks sure shook up the Internet.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on December 15, 2010, 09:22:01 AM
Over 500 patches for SAP
http://www.h-online.com/security/news/item/Over-500-patches-for-SAP-1153061.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on December 15, 2010, 09:38:06 AM
Next Tuesday Microsoft to finally fix IE vulnerability

One IE vulnerability not fixed
http://www.vupen.com/english/advisories/2010/3156
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on December 15, 2010, 10:19:49 AM
Critical vulnerability in Internet Explorer - no available update (UPDATED)
http://www.norman.com/security_center/security_center_archive/2010/129567/en



Two critical updates for Microsoft systems in December 2010
http://www.norman.com/security_center/security_center_archive/2010/133179/en
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on December 15, 2010, 12:26:19 PM
Critical vulnerability in Internet Explorer - no available update (UPDATED)
http://www.norman.com/security_center/security_center_archive/2010/129567/en

Update 2010-12-15

Microsoft has published an update that solves this issue.

More information in Microsoft Security Bulletin MS10-090 (http://www.microsoft.com/technet/security/bulletin/MS10-090.mspx)
It's always nice to post all the information. :)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on December 16, 2010, 03:26:52 PM
Back door in HP network storage solution
http://www.securityweek.com/backdoor-vulnerability-discovered-hp-msa2000-storage-systems

Update: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02662287
(HP SUPPORT COMMUNICATION - CUSTOMER ADVISORY)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Llanziel on December 17, 2010, 07:36:10 PM
Chaining Bugs to Exploit Browser Plug-Ins


http://threatpost.com/en_us/blogs/chaining-bugs-exploit-browser-plug-ins-121710?utm_source=Newsletter_121710&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on December 18, 2010, 09:25:35 AM
When a smart card can root your computer
http://labs.mwrinfosecurity.com/files/Advisories/mwri_opensc-get-serial-buffer-overflow_2010-12-13.pdf
Patches available: https://www.opensc-project.org/opensc/changeset/4913
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Swarnava/Heaven GOD on December 18, 2010, 06:06:30 PM
Twitter, Leaks and Spam

It's quite common to see attackers use hot topics on social networks to force users to click on malicious links. So what would be more interesting these days than using the term “Wikileaks”?

http://www.securelist.com/en/blog/208188050/Twitter_Leaks_and_Spam
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on December 18, 2010, 09:04:44 PM
Google questions results of malicious site protection test
http://www.h-online.com/security/news/item/Google-questions-results-of-malicious-site-protection-test-1155534.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Omid Farhang on December 19, 2010, 09:41:44 AM
Google questions results of malicious site protection test
http://www.h-online.com/security/news/item/Google-questions-results-of-malicious-site-protection-test-1155534.html

Good one, Thanks!

Quote
...The test by NSS Labs was financed by Microsoft.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on December 19, 2010, 12:05:44 PM
USA: 11.7 MILLION PERSONS REPORTED IDENTITY THEFT VICTIMIZATION IN 2008
http://www.ojp.usdoj.gov/newsroom/pressreleases/2010/BJS11044.htm
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on December 19, 2010, 01:35:23 PM
That's a lot of theft but the info is a little dated since the information
is "water under the bridge" not anything you can do anything about. :)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on December 19, 2010, 01:55:11 PM
That's a lot of theft but the info is a little dated since the information
is "water under the bridge" not anything you can do anything about. :)

True, Bob.
I don't understand either, why they release the info this late... ;)

Quote
# ADVANCE FOR RELEASE AT 10:00 A.M. EST # Thursday, December 16, 2010
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on December 19, 2010, 03:38:56 PM
Off Topic:
I love your Christmas Tree.  :)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: SpeedyPC on December 19, 2010, 03:40:19 PM
Off Topic:
I love your Christmas Tree.  :)

Off Topic:

Can I chop it down on boxing day ;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on December 19, 2010, 04:58:16 PM
Off Topic:
I love your Christmas Tree.  :)

Thanks Bob..! :)

@Speedy: Well, it won't last till boxing day... ;)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on December 20, 2010, 12:59:19 PM
Google: New hacked site notifications in search results
http://googlewebmastercentral.blogspot.com/2010/12/new-hacked-site-notifications-in-search.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: yongsua on December 20, 2010, 05:19:43 PM
Virus yearbook 2010 from Panda Security.http://press.pandasecurity.com/news/virus-yearbook-2010/ (http://press.pandasecurity.com/news/virus-yearbook-2010/)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on December 20, 2010, 06:01:20 PM
Google: New hacked site notifications in search results
http://googlewebmastercentral.blogspot.com/2010/12/new-hacked-site-notifications-in-search.html


nice, that was needed and will avoid a waste of time in verifications sometimes.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on December 21, 2010, 04:51:15 PM
New Facebook scam


Facebook 'Who Has Deleted Ya' Scam Promises Free iPhone, iPad
http://www.huffingtonpost.com/2010/12/20/who-has-deleted-ya-scam-facebook_n_799195.html

ALERT: Don’t Click On Who Has Deleted Ya Application
http://www.allfacebook.com/alert-dont-click-on-who-has-deleted-ya-application-2010-12

Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on December 21, 2010, 05:54:27 PM
Back door in ProFTPD FTP server
http://www.h-online.com/open/news/item/Back-door-in-ProFTPD-FTP-server-1146592.html

Phrack hole closed in ProFTPD
http://www.h-online.com/open/news/item/Phrack-hole-closed-in-ProFTPD-1156782.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on December 21, 2010, 05:58:47 PM
Microsoft withdraws flawed Outlook update
http://blogs.msdn.com/b/outlook/archive/2010/12/17/issues-with-the-recent-update-for-outlook-2007.aspx
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Gargamel360 on December 22, 2010, 05:11:58 AM
SSDD: A New Face on an Established Idea- "Utility Rouges"

http://sunbeltblog.blogspot.com/2010/12/rogues-now-imitate-utilities-rather.html? (http://sunbeltblog.blogspot.com/2010/12/rogues-now-imitate-utilities-rather.html?)

http://news.cnet.com/8301-27080_3-20025692-245.html (http://news.cnet.com/8301-27080_3-20025692-245.html)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on December 23, 2010, 01:37:02 AM
SSDD: A New Face on an Established Idea- "Utility Rouges"

http://sunbeltblog.blogspot.com/2010/12/rogues-now-imitate-utilities-rather.html? (http://sunbeltblog.blogspot.com/2010/12/rogues-now-imitate-utilities-rather.html?)

http://news.cnet.com/8301-27080_3-20025692-245.html (http://news.cnet.com/8301-27080_3-20025692-245.html)
http://techtalk.pcpitstop.com/2010/12/21/malware-minute-malware-now-imitates-pc-utilities/? (http://techtalk.pcpitstop.com/2010/12/21/malware-minute-malware-now-imitates-pc-utilities/?)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Swarnava/Heaven GOD on December 23, 2010, 06:18:53 AM
A malicious addition to a Facebook link

(http://www.securelist.com/en/images/pictures/klblog/347.jpg)

http://www.securelist.com/en/blog/345/A_malicious_addition_to_a_Facebook_link
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on December 23, 2010, 11:16:16 AM
One IE vulnerability not fixed
http://www.vupen.com/english/advisories/2010/3156

Exploit published for unpatched Internet Explorer vulnerability
http://www.h-online.com/security/news/item/Exploit-published-for-unpatched-Internet-Explorer-vulnerability-1158348.html

Update: http://www.microsoft.com/technet/security/advisory/2488013.mspx
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on December 23, 2010, 12:50:17 PM
Update: http://www.microsoft.com/technet/security/advisory/2488013.mspx

Key comment
Quote
Currently, Microsoft is unaware of any active exploitation of this vulnerability.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on December 23, 2010, 01:03:00 PM
Update: http://www.microsoft.com/technet/security/advisory/2488013.mspx

Key comment
Quote
Currently, Microsoft is unaware of any active exploitation of this vulnerability.

https://www.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ms11_xxx_ie_css_import.rb
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on December 23, 2010, 01:12:45 PM
https://www.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ms11_xxx_ie_css_import.rb
It can not be displayed ???
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Silk0 on December 23, 2010, 01:34:16 PM
https://www.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ms11_xxx_ie_css_import.rb
It can not be displayed ???

Try with Firefox... mine is working...

Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Omid Farhang on December 23, 2010, 01:39:39 PM
It can not be displayed ???
check those kind of sites (Broken/down) here: http://downforeveryoneorjustme.com/ (http://downforeveryoneorjustme.com/)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on December 23, 2010, 01:58:58 PM
Try with Firefox... mine is working...
I won't install Firefox just for that site!  ::)

I would rather be sent to Siberia ;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Altarir. on December 23, 2010, 02:01:26 PM
Quote
Try with Firefox... mine is working...

this shows yet again how much IE sucks compared to FF
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on December 23, 2010, 02:18:02 PM
Quote
Try with Firefox... mine is working...

this shows yet again how much IE sucks compared to FF
Works just fine in IE9 even if it doesn't make Altarir happy  :)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nmb on December 23, 2010, 05:36:37 PM
Asyn, Please don't post the link to exploit code.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on December 23, 2010, 07:22:02 PM
Update: http://www.microsoft.com/technet/security/advisory/2488013.mspx

Key comment
Quote
Currently, Microsoft is unaware of any active exploitation of this vulnerability.

https://www.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ms11_xxx_ie_css_import.rb

VirusTotal
http://www.virustotal.com/file-scan/report.html?id=bd656ad91978de9fa2c59aabb81a6693ea9c1294492693d8b8904e3989c87f95-1293126802

sample sendt avast!   ;)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Llanziel on December 23, 2010, 08:32:07 PM
Update: http://www.microsoft.com/technet/security/advisory/2488013.mspx

Key comment
Quote
Currently, Microsoft is unaware of any active exploitation of this vulnerability.

https://www.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ms11_xxx_ie_css_import.rb

VirusTotal
http://www.virustotal.com/file-scan/report.html?id=bd656ad91978de9fa2c59aabb81a6693ea9c1294492693d8b8904e3989c87f95-1293126802

sample sendt avast!   ;)

And what about Firewalls?

They can't stop this exploits attacks?
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on December 23, 2010, 09:41:08 PM
Quote
Try with Firefox... mine is working...

this shows yet again how much IE sucks compared to FF
Works just fine in IE9 even if it doesn't make Altarir happy  :)
I guess Altarir is familiar with Siberia but not using Windows 7 and using WOT leaves him out in the cold ;)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on December 28, 2010, 02:32:43 PM
addons.mozilla.org disclosure
http://blog.mozilla.com/security/2010/12/27/addons-mozilla-org-disclosure/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: DavidR on December 28, 2010, 02:59:56 PM
addons.mozilla.org disclosure
http://blog.mozilla.com/security/2010/12/27/addons-mozilla-org-disclosure/


I received an email about this directly. This email caused me more concern than the potential issue in the blog article as it looked like the classic phishing email to try and obtain user info. But the IP addresses in the email proved it did com from Mozilla.

It is so long ago that I signed up to the addons section as normally you don't need to unless the addon was experimental. So for me the info was already redundant.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Lisandro on December 28, 2010, 03:10:55 PM
addons.mozilla.org disclosure
http://blog.mozilla.com/security/2010/12/27/addons-mozilla-org-disclosure/
The problem is that if you use the same password there than in other forums... They could cross-link the email with the password.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: CharleyO on December 30, 2010, 09:32:03 AM
***

A misplaced security notice by malcontent from this link:
http://forum.avast.com/index.php?topic=68471.msg575448#msg575448

Quote

http://news.softpedia.com/news/Trojan-Distributed-in-New-Mass-Injection-Attack-via-Java-Downloader-174971.shtml

Quote
Security researchers warn that a new mass injection attack is underway directing the visitors of hundreds of websites to a malicious Java applet which downloads a trojan.

According to Denis Sinegubko, the creator of the Unmask Parasites Web scanner, the malicious code is added at the end of HTML pages on compromised websites and takes the form of an obfuscated JavaScript function.

When parsed by the browser, this function adds a rogue IFrame to the HTML document, which loads a new.htm page from aubreyserr.com, medien-verlag.de or yennicq.be.

According to statistics from Google's Safe Browsing service, around 2,000 websites link to these domains, giving a rough estimation of the attack's impact so far.

The page called by the IFrame loads a Hidden.jar applet deceptively titled "Java Update." This is a Java OpenConnection-type downloader whose only purpose is to download and execute a file called host.exe.

The three domains serving the malware are actually legitimate, but their corresponding websites have been compromised.



***
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: malcontent on December 30, 2010, 09:41:33 AM

http://news.softpedia.com/news/Trojan-Distributed-in-New-Mass-Injection-Attack-via-Java-Downloader-174971.shtml

Security researchers warn that a new mass injection attack is underway directing the visitors of hundreds of websites to a malicious Java applet which downloads a trojan.


Avast seem to detect this according to a 3 day old Virsustotal scan. It detects it as: Other:Malware-gen

http://www.virustotal.com/file-scan/report.html?id=b3aa7d92b97cbbc57b563bfb92204931efc3264612b20c754d948edb1f310b51-1293443980
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on December 30, 2010, 01:00:42 PM
Comodo DACS (Distributed and Collaborative Scanning)

I thought it would be a good idea to put this in the security warnings and notices section, hoping that Avast will put it as soon as possible in the PUP list (I'm serious), and may be add all Comodo links (forum, blog etc...) to the Network Shield black list. thanks.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: SpeedyPC on December 30, 2010, 02:15:29 PM
Comodo DACS (Distributed and Collaborative Scanning)

I thought it would be a good idea to put this in the security warnings and notices section, hoping that Avast will put it as soon as possible in the PUP list (I'm serious), and may be add all Comodo links (forum, blog etc...) to the Network Shield black list. thanks.

Logos care to explain why?...............or are you scare of Comodo DACS features
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Silk0 on December 30, 2010, 11:52:57 PM
Android mobile malware has botnet-like traits
http://www.pcadvisor.co.uk/news/index.cfm?newsid=3254754 (http://www.pcadvisor.co.uk/news/index.cfm?newsid=3254754)

Internet Explorer security flaw that allows hackers to take control of computers
http://www.dailymail.co.uk/sciencetech/article-1341402/Microsoft-warns-Internet-Explorer-bug.html (http://www.dailymail.co.uk/sciencetech/article-1341402/Microsoft-warns-Internet-Explorer-bug.html)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on December 31, 2010, 12:50:36 AM
Internet Explorer security flaw that allows hackers to take control of computers
http://www.dailymail.co.uk/sciencetech/article-1341402/Microsoft-warns-Internet-Explorer-bug.html (http://www.dailymail.co.uk/sciencetech/article-1341402/Microsoft-warns-Internet-Explorer-bug.html)

Key comment
Quote
'We're currently unaware of any attacks trying to use the claimed vulnerability or of customer impact.'
Fear mongers are rampant :'(
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: DavidR on December 31, 2010, 01:00:48 AM
Hardly fear mongering, is the flay possible/feasible, etc. it doesn't matter if they are unaware of any attacks. Being unaware is hardly a glowing testimony that it isn't a problem. If/and when it does come to their knowledge it will be a bit late in the day.

You can hardly call it fear mongering when it is Microsoft doing the fear mongering as you call it.

Quote from: extract from DailyMail article
Microsoft have warned about a flaw on the Internet Explorer browser, that could allow hackers to take control of unprotected computers.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Swarnava/Heaven GOD on December 31, 2010, 09:22:51 AM
Privacy Alert: 10 Biggest Threats of 2010

http://www.pcworld.com/businesscenter/article/212631/privacy_alert_10_biggest_threats_of_2010.html?CID
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on December 31, 2010, 12:21:43 PM
Critical update for WordPress
http://wordpress.org/news/2010/12/3-0-4-update/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on December 31, 2010, 04:34:39 PM
Hole in VLC Media Player
http://www.videolan.org/security/sa1007.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: CharleyO on January 01, 2011, 09:40:59 AM
***

The State Of IT Security In 2011

"Here are 10 key security trends that we see in the upcoming 2011."

http://www.crn.com/slide-shows/security/228800318/it-security-predictions-for-2011.htm


***
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on January 03, 2011, 05:52:47 PM
Targeted attacks against recently addressed Microsoft Office vulnerability
http://blogs.technet.com/b/mmpc/archive/2010/12/29/targeted-attacks-against-recently-addressed-microsoft-office-vulnerability-cve-2010-3333-ms10-087.aspx
Title: Spoofed eCard from the Whitehouse stole government data
Post by: malcontent on January 04, 2011, 09:25:18 AM
http://krebsonsecurity.com/2011/01/white-house-ecard-dupes-dot-gov-geeks/
Quote
A malware-laced e-mail that spoofed seasons greetings from The White House siphoned gigabytes of sensitive documents from dozens of victims over the holidays, including a number of government employees and contractors who work on cybersecurity matters.

The attack appears to be the latest salvo from ZeuS malware gangs whose activities over the past year have blurred the boundaries between online financial crime and espionage, by stealing both financial data and documents from victim machines.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on January 05, 2011, 09:30:09 AM
Microsoft Security Advisory (2490606)
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/2490606.mspx
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on January 05, 2011, 01:55:40 PM
Microsoft Security Advisory (2490606)
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/2490606.mspx
Key comments
Quote
We are not aware of attacks that try to use the reported vulnerability or of customer impact at this time.
Non-Affected Software
Windows 7 for 32-bit Systems
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on January 06, 2011, 01:25:07 AM

http://www.csoonline.com/article/650614/is-storm-waldec-botnet-part-of-new-year-spam-campaign- (http://www.csoonline.com/article/650614/is-storm-waldec-botnet-part-of-new-year-spam-campaign-)

Quote
Is Storm/Waldec botnet part of New Year spam campaign?
Researchers with Shadowserver Foundation think they are seeing some new tricks from an old botnet. And it could mean a comeback in 2011

Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: mkis on January 06, 2011, 01:35:00 AM

http://nakedsecurity.sophos.com/2011/01/04/fake-microsoft-update-spreads-worm/ (http://nakedsecurity.sophos.com/2011/01/04/fake-microsoft-update-spreads-worm/)

Quote
Fake Microsoft security update spreads Autorun worm

In the current example, they've spammed out an email containing a worm, which even quotes the real name of a senior member of Microsoft's security team - Steve Lipner - to try to fool you into believing it is genuine.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on January 06, 2011, 08:31:02 AM
Floating point DoS attack
http://www.h-online.com/security/news/item/Floating-point-DoS-attack-1163838.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: yongsua on January 06, 2011, 09:49:33 AM
PandaLabs Annual Report 2010http://press.pandasecurity.com/wp-content/uploads/2010/05/PandaLabs-Annual-Report-2010.pdf (http://press.pandasecurity.com/wp-content/uploads/2010/05/PandaLabs-Annual-Report-2010.pdf)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on January 07, 2011, 09:47:01 AM
lol it didn't take long:
Researcher breaks security sandbox in Adobe Flash
http://www.theregister.co.uk/2011/01/07/adobe_flash_bypass/

edit: BUT:
Quote
An attacker would first need to gain access to the user's system to place a malicious SWF file in a directory on the local machine before being able to trick the user into launching an application that can run the SWF file natively. In the majority of use scenarios, the malicious SWF file could not simply be launched by double-clicking on it; the user would have to manually open the file from within the application itself.
The company's security team has rated the bug “moderate.

... so no need to worry really.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on January 07, 2011, 11:21:38 PM
Floating point DoS attack
http://www.h-online.com/security/news/item/Floating-point-DoS-attack-1163838.html

PHP 5.3.5 / 5.2.17: Floating-Point bug fixed
http://www.h-online.com/open/news/item/PHP-5-3-5-5-2-17-Floating-Point-bug-fixed-1165104.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on January 07, 2011, 11:29:35 PM
Microsoft Tuesday patches omit known vulnerabilities
http://www.h-online.com/security/news/item/Microsoft-Tuesday-patches-omit-known-vulnerabilities-1164865.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on January 08, 2011, 01:14:31 PM
PlayStation 3 security fully compromised
http://www.norman.com/security_center/security_center_archive/2011/134142/en-us
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: scythe944 on January 10, 2011, 05:01:35 PM
PlayStation 3 security fully compromised
http://www.norman.com/security_center/security_center_archive/2011/134142/en-us

That's actually pretty cool.  Wouldn't mind the ability to throw another OS on my PS3.  The thought of making it more of a media center would be nice as well.  Guess we'll see what the community brings in the coming months.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Nesivos on January 10, 2011, 08:49:29 PM
***

The State Of IT Security In 2011

"Here are 10 key security trends that we see in the upcoming 2011."

http://www.crn.com/slide-shows/security/228800318/it-security-predictions-for-2011.htm


***

Thanks for the link. :)

A lot of very useful information there especially if you go to some of the sights/companies mentioned on the link.


Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: CharleyO on January 11, 2011, 07:27:09 AM
***

You are welcome, Nesivos   :)


***
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on January 11, 2011, 10:28:43 AM
Mono developers close security hole
http://www.mono-project.com/Release_Notes_Mono_2.8.2
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Llanziel on January 11, 2011, 07:13:02 PM
With Autos At CES, Are Vehicle Hacks Far Behind?

http://threatpost.com/en_us/blogs/autos-ces-are-vehicle-hacks-far-behind-010711?utm_source=Newsletter_011011&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on January 11, 2011, 09:44:15 PM
Cloud Computing Used to Hack Wireless Passwords
http://news.idg.no/cw/art.cfm?id=72CD2E1A-1A64-6A71-CE4C3EE52F761AAF
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on January 12, 2011, 10:21:23 AM
Critical vulnerability in Internet Explorer - no available update (UPDATED)
http://www.norman.com/security_center/security_center_archive/2010/133646/en-us



Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on January 12, 2011, 10:35:39 AM
more facebook malware...

Facebook worm spread via photo album chat lure
http://www.theregister.co.uk/2011/01/10/facebook_worm_photo_chat_scam/

Facebook virus spreads via photo album chat messages
http://nakedsecurity.sophos.com/2011/01/09/facebook-photo-album-chat-messages-spreading-koobface-worm/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on January 12, 2011, 03:18:25 PM
Critical vulnerability in Internet Explorer - no available update (UPDATED)
http://www.norman.com/security_center/security_center_archive/2010/133646/en-us

Right now, there are 5 holes unpatched by MS...
More info here: http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: CharleyO on January 17, 2011, 07:30:11 AM
***

Gawker Password Theft a Wake-Up Call

Analysis: Underestimating your own vulnerability is a recipe for disaster.

Quote

The big story was that over the weekend of Dec. 11-12, Gawker admitted in a post on its various sites— which include Deadspin, Fleshbot, Gizmodo, io9, Jalopnik, Jezebel, Kotaku and Lifehacker, as well as Gawker itself—that its central password database had been compromised. It seems that the Gawker IT organization had used the long-obsolete DES to encrypt the password store, had ignored at least a month’s worth of warnings that something fishy was going on, and had let its production servers get about three years behind on kernel patches. In short, the company’s IT crew had utterly failed at its job.


http://www.eweek.com/c/a/Security/Gawker-Password-Theft-a-WakeUp-Call-181361/


***

Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Llanziel on January 17, 2011, 05:50:40 PM
Scam Sites Demanding SMS Payment For Fake Flash, Firefox Downloads

http://threatpost.com/en_us/blogs/scam-sites-demanding-sms-payment-fake-flash-firefox-downloads-011711?utm_source=Newsletter_011711&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=&CID=
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Silk0 on January 17, 2011, 08:58:00 PM
Cyber attacks could create "perfect storm"
http://www.reuters.com/article/idUSTRE70G1IU20110117 (http://www.reuters.com/article/idUSTRE70G1IU20110117)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Llanziel on January 18, 2011, 01:13:46 AM
Top Ten Web Hacking Techniques of 2010 (Official)

http://jeremiahgrossman.blogspot.com/2011/01/top-ten-web-hacking-techniques-of-2010.html

Attacking HTTPS with Cache Injection

Apply to IE 8 & Firefox 3.6


http://www.youtube.com/watch?v=bt0Qh9c59_c
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nmb on January 18, 2011, 06:03:47 AM
F-Secure Wrap-up on Case Stuxnet

By Mikko :  http://www.youtube.com/watch?v=gFzadFI7sco (10:51 min)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on January 18, 2011, 08:37:07 AM
Tor project releases update to close critical hole
https://blog.torproject.org/blog/tor-02128-released-security-patches
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on January 18, 2011, 05:22:35 PM
ICQ can be fed crafted updates
http://www.h-online.com/security/news/item/ICQ-can-be-fed-crafted-updates-1170607.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Jtaylor83 on January 18, 2011, 06:18:27 PM
Rogue Facebook apps can now access your home address and mobile phone number

http://nakedsecurity.sophos.com/2011/01/16/rogue-facebook-apps-access-your-home-address-mobile-phone-number/#idc-cover


Update

Facebook regroups on sharing addresses and mobile numbers

http://nakedsecurity.sophos.com/2011/01/18/facebook-regroups-on-sharing-addresses-and-mobile-numbers/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on January 18, 2011, 07:15:55 PM
Sybase plugs holes in Application Server
http://www.sybase.com/detail?id=1091057
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on January 19, 2011, 01:23:50 PM
Oracle patches 66 vulnerabilities
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on January 20, 2011, 09:03:09 AM
Quote
Bot attacks Linux and Mac (and Windows)
http://www.theregister.co.uk/2011/01/19/mac_linux_bot_vulnerabilities/

Quote
From the department of cosmic justice comes this gem, spotted by researchers from Symantec: a trojan that targets Windows, Mac, and Linux computers contains gaping security vulnerabilities that allow rival criminal gangs to commandeer the infected machines.

Known as Trojan.Jnanabot, or alternately as OSX/Koobface.A or trojan.osx.boonana.a, the bot made waves in October when researchers discovered its Java-based makeup allowed it to attack Mac and Linux machines, not just Windows PCs as is the case with most malware. Once installed, the trojan components are stored in an invisible folder and use strong encryption to keep communications private.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on January 20, 2011, 02:27:03 PM
Critical vulnerability in Windows Graphics Rendering Engine - no available update
http://www.norman.com/security_center/security_center_archive/2011/134012/en


Quote
Update 2011-01-20

Microsoft has updated its security advisory with information about the fact that the previously published fixit solution only applies for Windows XP and Windows Server 2003.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: yongsua on January 21, 2011, 06:30:22 AM
PandaLabs Uncovers Alarming Statistics on Cyber-Crime Black Markethttp://press.pandasecurity.com/news/pandalabs-uncovers-alarming-statistics-on-cyber-crime-black-market/ (http://press.pandasecurity.com/news/pandalabs-uncovers-alarming-statistics-on-cyber-crime-black-market/)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on January 21, 2011, 12:12:42 PM
Bohu Takes Aim at the Cloud
http://blogs.technet.com/b/mmpc/archive/2011/01/19/bohu-takes-aim-at-the-cloud.aspx
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDropper%3AWin32%2FBohu.A
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on January 21, 2011, 04:12:32 PM
Possible new Twitter worm
http://isc.sans.edu/diary.html?storyid=10297
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on January 23, 2011, 09:02:24 PM
Critical vulnerability in VLC player
http://www.h-online.com/security/news/item/Critical-vulnerability-in-VLC-player-1175195.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on January 24, 2011, 08:56:59 PM
Critical vulnerability in Opera web browser
http://www.h-online.com/security/news/item/Critical-vulnerability-in-Opera-web-browser-1175689.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on January 24, 2011, 09:04:19 PM
Critical vulnerability in VLC player
http://www.h-online.com/security/news/item/Critical-vulnerability-in-VLC-player-1175195.html

VLC Media Player 1.1.6 fixes critical vulnerabilities
http://git.videolan.org/?p=vlc/vlc-1.1.git;a=tag;h=f8d04ab27701f659102ccdb628abce9aa5dadc2a
http://www.videolan.org/vlc/releases/1.1.6.html
http://www.videolan.org/vlc/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: scythe944 on January 24, 2011, 09:34:52 PM
Critical vulnerability in VLC player
http://www.h-online.com/security/news/item/Critical-vulnerability-in-VLC-player-1175195.html

VLC Media Player 1.1.6 fixes critical vulnerabilities
http://git.videolan.org/?p=vlc/vlc-1.1.git;a=tag;h=f8d04ab27701f659102ccdb628abce9aa5dadc2a
http://www.videolan.org/vlc/releases/1.1.6.html
http://www.videolan.org/vlc/


Well, that was quickly fixed...
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on January 24, 2011, 09:52:44 PM
Well, that was quickly fixed...

Yes, open source projects are often quicker in fixing errors/problems than others... :)
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on January 25, 2011, 03:12:06 PM
Cracker offers access to government servers for a fee
http://krebsonsecurity.com/2011/01/ready-for-cyberwar/
http://blog.imperva.com/2011/01/major-websites-govmiledu-are-hacked-and-up-for-sale.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on January 25, 2011, 09:21:00 PM
New Scam mail in sirculation, and this time from Tunisia


A letter from a new friend
http://www.norman.com/security_center/blog/per_olav_forland/134881/en
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: DavidR on January 25, 2011, 09:59:37 PM
Nothing new here, just another take on the same old Nigerian 412 fraud theme looking for gullible people.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on January 26, 2011, 12:05:04 AM
Nothing new here, just another take on the same old Nigerian 412 fraud theme looking for gullible people.
Many years ago, I even answered one of these letters and strung the fellow along
for quite a few month. Always left him dangling hoping that with the next email I'd finally consent
to sending him the small percentage of money he wanted as good faith money so that he would be able to send me my millions.  ;D ;D
He never got the good faith money and I never got my millions.  :)
 
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on January 26, 2011, 12:11:58 AM
Nothing new here, just another take on the same old Nigerian 412 fraud theme looking for gullible people.
Many years ago, I even answered one of these letters and strung the fellow along
for quite a few month. Always left him dangling hoping that with the next email I'd finally consent
to sending him the small percentage of money he wanted as good faith money so that he would be able to send me my millions.  ;D ;D
He never got the good faith money and I never got my millions.  :)
 
Yep here is a user guide if some want to have fun    ;D

E-mail Scams – Have Fun While Scamming the E-mail Scammers
http://www.suite101.com/content/e-mail-scams--have-fun-while-scamming-the-e-mail-scammers-a326407

and here is one that did it
http://www.cracked.com/article_16234_having-fun-with-419-scammers.html

I like the fake bible quotes he is using  ;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on January 26, 2011, 12:15:08 AM
Fedora infrastructure hacked
http://lists.fedoraproject.org/pipermail/announce/2011-January/002911.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: malcontent on January 26, 2011, 05:33:50 AM
Kaspersky finds fake antivirus program in ads on ICQ

http://news.cnet.com/8301-27080_3-20029525-245.html
Quote
A Kaspersky researcher has discovered a fake antivirus warning linked to ads on ICQ, which is popular in Russia and Eastern Europe.

The ad that showed up in the ICQ window was for a women's clothing company called Charlotte Russe and clicking on the ad directs to the company's Web site, said Roel Schouwenberg, a senior antivirus researcher at Moscow-based Kaspersky.

Around the same time the ad was displayed another pop-up appeared in a new browser from "Antivirus8," that said suspicious activity was detected on the system and it encouraged the user to download the program, which is not a legitimate antivirus product, Schouwenberg told CNET.

The malware attack is interesting for several reasons. The rogue antivirus "scareware" appears without the user doing anything that normally triggers such pop-ups, such as clicking on malicious links in search results, he said. The attack also does not appear to have an exploit included in it; just the social-engineering aspect in which the user is lured into downloading supposed antivirus protection that is totally unnecessary, he added.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nnoa110 on January 27, 2011, 09:48:22 AM
Facebook blames bug for Zuckerberg 'hacking'

http://www.bbc.co.uk/news/technology-12286377
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on January 27, 2011, 01:14:11 PM
Critical vulnerability in Opera web browser
http://www.h-online.com/security/news/item/Critical-vulnerability-in-Opera-web-browser-1175689.html

Fixed in Opera 11.01
http://www.opera.com/docs/changelogs/windows/1101/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Charyb on January 27, 2011, 08:48:05 PM
http://www.securecomputing.net.au/News/245426,trojan-built-to-disable-cloud-antivirus.aspx

Trojan to disable cloud AV.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Lisandro on January 27, 2011, 08:56:06 PM
http://www.securecomputing.net.au/News/245426,trojan-built-to-disable-cloud-antivirus.aspx
Trojan to disable cloud AV.
Hope avast add signatures for this quickly...
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: SpeedyPC on January 28, 2011, 06:08:11 AM
http://www.securecomputing.net.au/News/245426,trojan-built-to-disable-cloud-antivirus.aspx
Trojan to disable cloud AV.
Hope avast add signatures for this quickly...

+1 Or my PC will get killed ;)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on January 28, 2011, 12:49:49 PM
A more secure Facebook
http://www.norman.com/security_center/blog/per_olav_forland/135128/en
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on January 29, 2011, 09:43:01 AM
SourceForge disables servers after break-in
http://sourceforge.net/blog/sourceforge-net-attack/
http://sourceforge.net/apps/wordpress/sourceforge/2011/01/27/sourceforge-net-attack-update/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nnoa110 on January 29, 2011, 10:27:38 AM
Hackers turn back the clock with Telnet attacks

http://www.networkworld.com/news/2011/012711-hackers-turn-back-the-clock.html?t51hb
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on January 29, 2011, 04:09:05 PM
Update fixes DoS vulnerability in DHCPv6 server
http://www.isc.org/software/dhcp/advisories/cve-2011-0413
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on January 30, 2011, 03:35:56 AM
Vulnerability in MHTML Could Allow Information Disclosure
http://www.microsoft.com/technet/security/advisory/2501696.mspx
http://blogs.technet.com/b/srd/archive/2011/01/28/more-information-about-the-mhtml-script-injection-vulnerability.aspx
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: spg SCOTT on January 30, 2011, 10:14:59 PM
SourceForge disables servers after break-in
http://sourceforge.net/blog/sourceforge-net-attack/
http://sourceforge.net/apps/wordpress/sourceforge/2011/01/27/sourceforge-net-attack-update/


More info: http://sourceforge.net/blog/sourceforge-attack-full-report/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on January 31, 2011, 09:28:04 AM
Opera Multiple Vulnerabilities
http://secunia.com/advisories/43023/


Solution
Update to version 11.01.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: AdrianH on January 31, 2011, 04:47:03 PM
Serious new flaw found in WINDOWS  ::)     

News

http://www.bbc.co.uk/news/technology-12325139

Fixit available here
http://support.microsoft.com/kb/2501696

Advisory
http://www.microsoft.com/technet/security/advisory/2501696.mspx
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on January 31, 2011, 06:26:36 PM
Serious new flaw found in WINDOWS  ::)     

affecting Internet Explorer exclusively. But as I use IE9 off and on now, I applied the temp fix earlier today ;)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Avastfan1 on January 31, 2011, 10:17:41 PM
If this temporary fix is applied, will it be automatically reversed or updated when a permanent patch is installed?
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on February 01, 2011, 12:45:24 AM
A New facbook scam in circulation, this time it is fake facbook security

Facebook Security Spoofed, Used for Phishing
http://blog.trendmicro.com/facebook-security-spoofed-used-for-phishing/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on February 01, 2011, 12:59:47 AM
there is always someone that takes the bait....

419ers strip lonely heart mum of £80k - Handsome US soldier actually Lad from Lagos
http://www.theregister.co.uk/2011/01/31/419_mum/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on February 01, 2011, 12:44:49 PM
New critical vulnerability in VLC Media Player
http://www.h-online.com/open/news/item/New-critical-vulnerability-in-VLC-Media-Player-1180905.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: MikeBCda on February 01, 2011, 09:18:55 PM
A New facbook scam in circulation, this time it is fake facbook security

Facebook Security Spoofed, Used for Phishing
http://blog.trendmicro.com/facebook-security-spoofed-used-for-phishing/
Several misspellings in the "warning notice" should be the tip-off that it's not legit.  I'm ignoring your own "facbook" in your first line.  ;)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on February 01, 2011, 09:32:17 PM
Quote
I'm ignoring your own "facbook" in your first line.
dam this 10" keyboard   :P   .....let me see your Norwegian spelling Mike   ;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: spg SCOTT on February 01, 2011, 09:39:42 PM
Another "facbook" one ;D ;D

http://community.websense.com/blogs/securitylabs/archive/2011/01/30/quot-fackbook-profile-photos-quot-malware-is-coming.aspx
Title: Researchers pry open Waledac, find 500,000 email passwords
Post by: malcontent on February 02, 2011, 02:14:34 AM
http://www.theregister.co.uk/2011/02/02/waledac_account_compromise/
Quote
Researchers have taken a peek inside the recently refurbished Waledac botnet, and what they've found isn't pretty.

Waledac, a successor to the once-formidable Storm botnet, has passwords for almost 500,000 Pop3 email accounts, allowing spam to be sent through SMTP servers, according to findings published on Tuesday by security firm Last Line. By hijacking legitimate email servers, the Waledac gang is able to evade IP-based blacklisting techniques that many spam filters use to weed out junk messages.

What's more, Waledac controllers are in possession of almost 124,000 FTP credentials. The passwords let them run programs that automatically infect the websites with scripts that redirect users to sites that install malware and promote fake pharmaceuticals. Last month, the researchers identified almost 9,500 webpages from 222 sites that carried poisoned links injected by Waledac.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: MikeBCda on February 02, 2011, 06:37:52 PM
Quote
I'm ignoring your own "facbook" in your first line.
dam this 10" keyboard   :P   .....let me see your Norwegian spelling Mike   ;D

As you may have heard, a great deal of the U.S. and Canada is/are in the middle of (or recovering from) a major winter storm ... it's the worst spell of wethur in ages.  ;D ;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on February 03, 2011, 11:40:18 PM
IPcalypse happened: Will the Internet collapse? For $ale, my IPv4 number!!!
http://www.norman.com/security_center/blog/righard_zwienenberg/135191/en
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on February 04, 2011, 10:28:00 AM
New critical vulnerability in VLC Media Player
http://www.h-online.com/open/news/item/New-critical-vulnerability-in-VLC-Media-Player-1180905.html

VLC Media Player 1.1.7 addresses critical vulnerability
http://www.h-online.com/open/news/item/VLC-Media-Player-1-1-7-addresses-critical-vulnerability-1182203.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on February 04, 2011, 01:04:18 PM
Microsoft's security updates scheduled for release
Microsoft plans to release three updates for critical and nine updates for important vulnerabilities 8 February 2011

Microsoft Security Bulletin Advance Notification for February 2011
http://www.microsoft.com/technet/security/bulletin/ms11-feb.mspx
Title: Next-Generation Banking Malware Emerges After Zeus
Post by: malcontent on February 04, 2011, 06:41:44 PM
http://www.computerworld.com/s/article/9207940/Next_generation_banking_malware_emerges_after_Zeus?taxonomyId=17

http://krebsonsecurity.com/2011/02/revisiting-the-spyeyezeus-merger/

Quote
The rumored combination of two pieces of advanced online banking malware appears to be fully underway after several months of speculation.

What appears to be a beta version of a piece of malware that has bits of both Zeus and SpyEye is now in circulation, albeit among just a few people, said Aviv Raff, CTO and cofounder of Seculert.

The source code for Zeus was rumored to have been transferred to the creator of SpyEye, and it was anticipated that the two pieces of malware would be combined. That evidence has just emerged now, Raff said.

The new malware also has at least a couple of new features. One of those is designed to defeat Rapport, a browser add-on from the security vendor Trusteer that intends to protect connections between a client and a bank server and resist man-in-the-middle attacks. Previously, the anti-Rapport feature was a separate module for Zeus, but now it has been baked in, Raff said.

The malware writers have also added a way to remotely connect to a victim's computer using the Remote Desktop Protocol, a Microsoft protocol that allows a remote user to access a computer using the normal Windows graphical interface rather than a command line.

So far, Raff said it appears that only a few cybercriminals are using the new version. He declined to say how Seculert obtained the malware or how much it might be selling for on the malware market.

"It seems to be still under development, with bug fixes released almost daily," Raff said.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: JuninhoSlo on February 04, 2011, 11:38:34 PM
Hi ;)

I just read about the fake AV program FakeXPA which is very similar to AVG AV program.

https://threatpost.com/en_us/blogs/fake-avg-scam-software-cops-name-and-logo-real-av-020111

Can Avast detectes this fake AV?

Thank you. Lep pozdrav :)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on February 05, 2011, 08:04:01 AM
Mailing list application Majordomo reveals file content
http://www.h-online.com/open/news/item/Mailing-list-application-Majordomo-reveals-file-content-1183034.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on February 06, 2011, 04:05:29 PM
Hackers Penetrate Nasdaq Computers
http://online.wsj.com/article/SB10001424052748704709304576124502351634690.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on February 08, 2011, 05:40:11 PM
2 years and still no fix for Java...
http://slightlyrandombrokenthoughts.blogspot.com/2011/02/java-jfilechooser-programmatic.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on February 08, 2011, 06:04:20 PM
ZDI names and shames security vulnerabilities from Microsoft, IBM, HP and Novell
http://www.h-online.com/security/news/item/ZDI-names-and-shames-security-vulnerabilities-from-Microsoft-IBM-HP-and-Novell-1185438.html
http://www.zerodayinitiative.com/advisories/published/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on February 08, 2011, 06:48:14 PM
USB autorun attacks against Linux
http://blogs.iss.net/archive/Shmoocon2011.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on February 09, 2011, 12:07:18 PM
Critical udates for Adobe Reader and Acrobat
http://www.norman.com/security_center/security_center_archive/2011/135557/no


Critical vulnerability in Internet Explorer - no available update (UPDATED)
http://www.norman.com/security_center/security_center_archive/2010/133646/no

http://www.microsoft.com/technet/security/Bulletin/MS11-003.mspx
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on February 09, 2011, 02:37:11 PM
Oracle Security Alert for CVE-2010-4476
http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html
Patch available: http://www.oracle.com/technetwork/java/javase/downloads/index.html#fpupdater
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on February 09, 2011, 02:39:09 PM
http://www.microsoft.com/technet/security/Bulletin/MS11-003.mspx
IE9 not affected after current Windows Update

From the FAQ
Quote
Is Internet Explorer 9 Beta affected by these vulnerabilities?
Internet Explorer 9 Beta is affected by the vulnerabilities described in this bulletin. Customers running this beta release are encouraged to download and apply the update to their systems. Security updates are available from Microsoft Update and Windows Update. The security updates for this beta are also available for download from the Microsoft Download Center.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on February 11, 2011, 09:23:54 AM
Security vulnerability demonstrated in Safari
http://www.h-online.com/security/news/item/Security-vulnerability-demonstrated-in-Safari-1186873.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on February 15, 2011, 07:15:48 PM
Hardware keyloggers found in public libraries [UK]
http://www.h-online.com/security/news/item/Hardware-keyloggers-found-in-public-libraries-1190097.html
Title: Hacked BBC streaming websites serve up malware
Post by: malcontent on February 15, 2011, 09:38:01 PM
http://www.theregister.co.uk/2011/02/15/bbc_driveby_download/
Quote
Streaming sites operated by the BBC were hacked on Tuesday so they silently served visitors with malware, researchers from security firm Websense said.

An iframe tag on the BBC's 6 Music and 1Xtra websites injected an exploit that was housed on a website with an address ending in cc, a top level domain for the Cocos Islands. The malicious binary was generated by the Phoenix exploit kit, which dates back to 2007 and streamlines malware infections by collecting detailed statistics.

“If an unprotected user browsed to the site they would be faced with drive-by downloads, meaning that simply browsing to the page is enough to get infected with a malicious executable,” Websense researchers wrote in a blog post.

A VirusTotal scan showed that only nine of the top 43 antivirus products detected the threat.

http://www.virustotal.com/file-scan/report.html?id=4a0ab371e6c6dd54deeab41ab1b77fa373d2face149523dfd183d669b31da6bc-1297784293
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on February 16, 2011, 09:56:27 AM
Updated W32.Stuxnet Dossier is Available
http://www.symantec.com/connect/blogs/updated-w32stuxnet-dossier-available
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Omid Farhang on February 16, 2011, 01:30:56 PM
Winamp Forums Security Notification

http://forums.winamp.com/showthread.php?t=327366 (http://forums.winamp.com/showthread.php?t=327366)
Quote
We have confirmed that your email address was exposed as a result of this attack. We have not confirmed but must assume that other Winamp Forums user account detail, including your forums username, date of birth, time zone preference and encrypted password (not your clear text or unencrypted password) was exposed. The Winamp Forums are now secure, but because we value your privacy we would like to notify you of the incident and encourage you to immediately change your password as a precautionary measure. If you have used your Winamp forums password across other web sites, please change the password on those web sites as well.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on February 16, 2011, 03:13:03 PM
New hole in Windows file sharing
http://www.h-online.com/security/news/item/New-hole-in-Windows-file-sharing-1190923.html

Update:

Notes on exploitability of the recent Windows BROWSER protocol issue
http://blogs.technet.com/b/srd/archive/2011/02/16/notes-on-exploitability-of-the-recent-windows-browser-protocol-issue.aspx

My Sweet Valentine - the CIFS Browser Protocol Heap Corruption Vulnerability
http://blogs.technet.com/b/mmpc/archive/2011/02/16/my-sweet-valentine-the-cifs-browser-protocol-heap-corruption-vulnerability.aspx
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on February 17, 2011, 01:54:00 PM
Malware toolkits fuel the botnet epidemic
http://www.h-online.com/security/news/item/Malware-toolkits-fuel-the-botnet-epidemic-1191981.html
http://www.damballa.com/downloads/r_pubs/Damballa_2010_Top_10_Botnets_Report.pdf
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on February 17, 2011, 02:30:48 PM
Foreign hackers attack Canadian government
http://www.cbc.ca/politics/story/2011/02/16/pol-weston-hacking.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Dwarden on February 17, 2011, 04:21:34 PM
http://www.theregister.co.uk/2011/02/15/bbc_driveby_download/
Quote
Streaming sites operated by the BBC were hacked on Tuesday so they silently served visitors with malware, researchers from security firm Websense said.

An iframe tag on the BBC's 6 Music and 1Xtra websites injected an exploit that was housed on a website with an address ending in cc, a top level domain for the Cocos Islands. The malicious binary was generated by the Phoenix exploit kit, which dates back to 2007 and streamlines malware infections by collecting detailed statistics.

“If an unprotected user browsed to the site they would be faced with drive-by downloads, meaning that simply browsing to the page is enough to get infected with a malicious executable,” Websense researchers wrote in a blog post.

A VirusTotal scan showed that only nine of the top 43 antivirus products detected the threat.

http://www.virustotal.com/file-scan/report.html?id=4a0ab371e6c6dd54deeab41ab1b77fa373d2face149523dfd183d669b31da6bc-1297784293

interesting yesterdays refresh claims that Avast! still fails to identify this threat
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: spg SCOTT on February 17, 2011, 07:37:21 PM
Just took that script and put it in a text file, and scanned it with avast. The iframe was detected.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on February 21, 2011, 02:03:05 PM
Social Network Security Portal
http://www.socialnetworksecurity.org/en/index.php
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Alan Baxter on February 21, 2011, 10:23:51 PM
Social Network Security Portal
http://www.socialnetworksecurity.org/en/index.php

404 Not Found (http://www.socialnetworksecurity.org/en/index.php)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on February 21, 2011, 10:29:32 PM
Social Network Security Portal
http://www.socialnetworksecurity.org/en/index.php

404 Not Found (http://www.socialnetworksecurity.org/en/index.php)
No problem for me.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Alan Baxter on February 21, 2011, 10:40:39 PM
Thank you, YoKenny.  I get the same results in IE8 even after flushing the Windows XP DNS cache.  Google DNS (8.8.8.8) returns an IP of 174.122.92.18 for www.socialnetworksecurity.org.  When I enter the IP in IE8 I still get the 404.  Could you enter nslookup www.socialnetworksecurity.org in a command window and tell me your result?  I'd like to know the IP of your server and the IP it returns for the problematic website.

Edit: The Level 3 name server at 4.2.2.1 is returning 174.122.92.41, which at least takes me to the socialnetworksecurity.org German language page.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on February 22, 2011, 12:37:29 AM
Could you enter nslookup www.socialnetworksecurity.org in a command window and tell me your result?  I'd like to know the IP of your server and the IP it returns for the problematic website.

Response from nslookup
Code: [Select]
C:\>nslookup www.socialnetworksecurity.org
Server:  resolver1-fs.opendns.com
Address:  208.67.222.123

Non-authoritative answer:
Name:    www.socialnetworksecurity.org.2wire.net
Address:  67.215.65.132
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Alan Baxter on February 22, 2011, 12:47:10 AM
Thanks.  Entering http://174.122.92.41/en/index.php in the url bar gets me to the socialnetworksecurity.org English language page.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: SafeSurf on February 22, 2011, 10:45:02 AM

Flash Drives Dangerously Hard to Purge of Sensitive Data:
http://www.theregister.co.uk/2011/02/21/flash_drive_erasing_peril/ (http://www.theregister.co.uk/2011/02/21/flash_drive_erasing_peril/)

Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on February 24, 2011, 11:12:52 AM
Microsoft Security Advisory (2491888)
Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of Privilege
http://www.microsoft.com/technet/security/advisory/2491888.mspx
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on February 24, 2011, 01:18:22 PM
Microsoft Security Advisory (2491888)
Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of Privilege
http://www.microsoft.com/technet/security/advisory/2491888.mspx
Key statement
Quote
When this security advisory was issued, had Microsoft received any reports that this vulnerability was being exploited?
No. Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers when this security advisory was originally issued.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on March 01, 2011, 01:10:26 PM
20 years of innovative Windows malware
http://infoworld.com/d/security/20-years-innovative-windows-malware-021
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on March 01, 2011, 01:16:56 PM
Trojan targets Mac OS X
http://nakedsecurity.sophos.com/2011/02/26/mac-os-x-backdoor-trojan-now-in-beta/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: CharleyO on March 02, 2011, 03:37:28 AM
***

Man sentenced to jail for eBay fraud

Quote
A man who used the website eBay to dishonestly obtain nearly $40,000 has been sentenced to three years in jail by a Brisbane District Court Judge.

Philip John Heggie, 19, today pleaded guilty to 20 charges, including fraud and computer hacking, and another 91 charges of breaching bail conditions.

http://www.abc.net.au/news/stories/2011/03/01/3151995.htm?site=brisbane&section=news&date=(none)


***
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: spg SCOTT on March 02, 2011, 03:07:42 PM
Britons caught out by bad web ads
http://www.bbc.co.uk/news/technology-12608651

I have seen the extent of this on another forum, with an increased number of system tool infections...
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on March 02, 2011, 03:23:40 PM
LastPass security hole (cross site scripting)

http://forum.avast.com/index.php?topic=72774.msg606137#msg606137
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: SpeedyPC on March 03, 2011, 07:39:14 AM
The anti-social network: boys jailed for $26m 'Crimebook' scam

http://www.smh.com.au/technology/technology-news/the-antisocial-network-boys-jailed-for-26m--crimebook--scam-20110303-1bfxw.html (http://www.smh.com.au/technology/technology-news/the-antisocial-network-boys-jailed-for-26m--crimebook--scam-20110303-1bfxw.html)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on March 03, 2011, 10:34:13 AM
Quote
Rogue AV pimps finally show love for alternative browsers...Ruse spoofs Firefox, Chrome, Safari
http://www.theregister.co.uk/2011/03/02/rogue_av_mimics_firefox/

(http://regmedia.co.uk/2011/03/02/fake_av_firefox.png)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: DavidR on March 03, 2011, 03:36:46 PM
It never ceases to amaze me how many people will actually fall for this and click the Start Protection, etc. etc.

Basically they don't know what their browser can and can't do.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on March 03, 2011, 04:45:07 PM
Is avast! warning us about this ???
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: DavidR on March 03, 2011, 04:58:45 PM
Well the problem is the initial is just a pop-up/ad, the main payload comes from clicking the Start Protection. Then would we see if it is blocked/detected.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on March 04, 2011, 11:47:00 AM
WordPress.com Suffers Largest DDoS Attack In Its History
http://techcrunch.com/2011/03/03/wordpress-com-suffers-major-ddos-attack/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on March 04, 2011, 02:53:30 PM
WordPress.com Suffers Largest DDoS Attack In Its History
http://techcrunch.com/2011/03/03/wordpress-com-suffers-major-ddos-attack/
WordPress.com Survives DDOS Attack
http://blog.eset.com/2011/03/03/wordpress-com-survives-ddos-attack
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on March 05, 2011, 02:04:48 PM
A Look Inside the Bustling Cybercrime Marketplace
http://www.securityweek.com/look-inside-bustling-cybercrime-marketplace
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nth.l0gik on March 06, 2011, 03:32:45 PM
i'm not really sure if this would count as a legitimate security warning, but i'll mention it anyways. hopefully it will show notice in some way. when i got rid of this one file called either "LHU.exe" or "IHU.exe",... it was called something like that. it masked itself as something called "xp anti-virus 2011". while it activated ever so often, i had the new software update to 6.01 and avast then did not detect its actions as malicious/suspicious. i can't figure out where i picked it up at, though, i did some fancy regedit moves and did one last scan in safe mode with avast (new software update @ 6.01) and that PUP got placed in custody (virus chest). i submitted that plus 7 other files to the avast virus lab for analysis, hopefully i could recieve some word on if my findings were useful to this forum or not through that process.

fancy regedit moves:

1. http://www.expertsupportnow.com/870/how-to-remove-xp-anti-virus-2011-virus-malware/

just in case anything goes wrong with your ability to launch *.exe files if you misstep
on regedit fixing, use the below link to fix it.

2. http://filext.com/faq/broken_exe_association.php
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: CharleyO on March 07, 2011, 03:38:48 PM
***

French government comes under cyber attack


Quote

The French finance ministry has shut down 10,000 computers after a "spectacular" cyber attack from hackers using Internet addresses in China, officials and reports said Monday.


The rest of the story is at the link below.

http://news.id.msn.com/top-stories/article.aspx?cp-documentid=4694193


***
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on March 08, 2011, 09:00:21 AM
WordPress.com Suffers Largest DDoS Attack In Its History
http://techcrunch.com/2011/03/03/wordpress-com-suffers-major-ddos-attack/
WordPress.com Survives DDOS Attack
http://blog.eset.com/2011/03/03/wordpress-com-survives-ddos-attack

WordPress hit with second big attack in two days
http://news.cnet.com/8301-27080_3-20039385-245.html

WordPress.com DDoS Attacks Primarily From China
http://techcrunch.com/2011/03/04/wordpress/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on March 08, 2011, 11:49:20 AM
Plaintext injection in STARTTLS
http://www.securityfocus.com/archive/1/516901/30/0/threaded
http://www.kb.cert.org/vuls/id/555316
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on March 08, 2011, 01:26:54 PM
USB driver bug exposed as "Linux plug&pwn"
http://www.h-online.com/open/news/item/USB-driver-bug-exposed-as-Linux-plug-pwn-1203617.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: CharleyO on March 09, 2011, 03:13:51 PM
***

Q4 Malware Update: Significant Rise in Malvertising Attacks, Social Networking Sites Easy Distribution Platforms for Malware

Quote

THE Q4 HIGHLIGHTS WERE:

* Malvertising is on a significant rise, having doubled from Q3 to Q4 2010.
* More than one million web sites were estimated to be infected in Q4 2010.
* The probability that an average Internet user will hit an infected page after three months of web browising is 95%.
* The top attacker domain was ipq.com, a free DNS forwarding service.
* Most social media networks are prone to being used as distribution platforms for malware.


The rest of the story is at the link below:

http://blog.dasient.com/2011/03/dasient-q4-malware-update-significant.html


***
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on March 10, 2011, 09:57:27 AM
Apple releases Java security updates
http://www.h-online.com/security/news/item/Apple-releases-Java-security-updates-1204690.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on March 10, 2011, 03:36:35 PM
Anonymous now attacks the US music industry
http://www.h-online.com/security/news/item/Anonymous-now-attacks-the-US-music-industry-1205391.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on March 10, 2011, 03:42:47 PM
Anonymous now attacks the US music industry
http://www.h-online.com/security/news/item/Anonymous-now-attacks-the-US-music-industry-1205391.html

Their methods may not be expectable but I don't know if their message is totally off track.
I haven't always agree with the methods used by RIAA either. ;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on March 12, 2011, 05:10:17 PM
MHTML vulnerability under active exploitation
http://googleonlinesecurity.blogspot.com/2011/03/mhtml-vulnerability-under-active.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on March 13, 2011, 05:46:12 PM
Photobucket Spoofing email scam. (http://blog.photobucket.com/blog/2011/03/spoofing-email-scam-notification.html)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on March 15, 2011, 09:48:40 AM
Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat
http://www.adobe.com/support/security/advisories/apsa11-01.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on March 15, 2011, 10:18:11 PM
not a warning against anything in particular but a good move from Twitter:
http://blog.twitter.com/2011/03/making-twitter-more-secure-https.html

this was already possible manually, now this can be permanently set on your account (if you have one), just like Google does it with Gmail.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on March 16, 2011, 10:08:12 AM
Click-jacking is spreading on Facebook
http://www.h-online.com/security/news/item/Click-jacking-is-spreading-on-Facebook-1207312.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on March 16, 2011, 10:36:37 AM
Click-jacking is spreading on Facebook
http://www.h-online.com/security/news/item/Click-jacking-is-spreading-on-Facebook-1207312.html

They mentioned IE7 as the browser that made this work. Wonder if IE9 is also susceptible and how about Chrome ???
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on March 16, 2011, 10:40:06 AM
Click-jacking is spreading on Facebook
http://www.h-online.com/security/news/item/Click-jacking-is-spreading-on-Facebook-1207312.html

They mentioned IE7 as the browser that made this work. Wonder if IE9 is also susceptible and how about Chrome ???

Don't know about IE9, but Chrome seems to be ok.

Quote
While the trick worked smoothly in Internet Explorer 7 under Windows XP, clicking in Firefox or Chrome did not result in a Facebook status post.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on March 16, 2011, 04:13:53 PM
CanSecWest: game consoles spread viruses within LANs
http://www.h-online.com/security/news/item/CanSecWest-game-consoles-spread-viruses-within-LANs-1209069.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on March 17, 2011, 02:00:14 PM
"Phishers Have No Mercy for Japan"

http://www.symantec.com/connect/blogs/phishers-have-no-mercy-japan
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on March 17, 2011, 03:29:20 PM
And more Japan scam

Not surprisingly - nevertheless disgusting - the recent events in Japan have inspired shameless exploitations by cybercriminals.

http://www.norman.com/security_center/security_center_archive/2011/shamelessly_exploiting_disasters/no
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on March 17, 2011, 03:58:33 PM
"Privacy group demands answers from Skype"

http://www.theregister.co.uk/2011/03/16/skype_security_holes/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on March 18, 2011, 08:03:31 AM
Phishing Scam in an HTML Attachment
http://labs.m86security.com/2011/03/phishing-scam-in-an-html-attachment/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on March 18, 2011, 01:10:44 PM
I know this is very old (2004), but I just found it and this is so funny ;D


Quote
Passwords revealed by sweet deal
More than 70% of people would reveal their computer password in exchange for a bar of chocolate, a survey has found.

http://news.bbc.co.uk/2/hi/technology/3639679.stm


Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on March 19, 2011, 07:39:44 AM
RSA hack could endanger the security of SecurID tokens
http://www.h-online.com/security/news/item/RSA-hack-could-endanger-the-security-of-SecurID-tokens-1210393.html
http://forum.avast.com/index.php?topic=74077.0
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on March 19, 2011, 11:22:46 AM
RSA hack could endanger the security of SecurID tokens
http://www.h-online.com/security/news/item/RSA-hack-could-endanger-the-security-of-SecurID-tokens-1210393.html
http://forum.avast.com/index.php?topic=74077.0


http://forum.avast.com/index.php?topic=74077.msg614434#msg614434
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on March 19, 2011, 04:54:20 PM
Hmmm...??? I already linked to your thread. ;)
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on March 21, 2011, 06:37:57 PM
PHP developer wiki server hacked
http://www.h-online.com/open/news/item/PHP-developer-wiki-server-hacked-1211874.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on March 22, 2011, 12:11:35 PM
I wonder who is the first to make an AV for cars   :o

With hacking, music can take control of your car
http://www.itworld.com/security/139794/with-hacking-music-can-take-control-your-car

Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on March 22, 2011, 12:52:35 PM
Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat
http://www.adobe.com/support/security/advisories/apsa11-01.html

Security updates available for Adobe Reader and Acrobat
http://www.adobe.com/support/security/bulletins/apsb11-06.html

Edit: For Flash Player see here: http://forum.avast.com/index.php?topic=9671.msg616370#msg616370
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: SpeedyPC on March 22, 2011, 01:07:38 PM
Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat
http://www.adobe.com/support/security/advisories/apsa11-01.html

Security updates available for Adobe Reader and Acrobat
http://www.adobe.com/support/security/bulletins/apsb11-06.html

Edit: For Flash Player see here: http://forum.avast.com/index.php?topic=9671.msg616370#msg616370


OT: You're better off not installing Adobe Reader because of security holes every time you update the patch, and you'll be a lot safer using PDF-XChange Viewer or something better that has less problems and yes you still have to update the Flash Player.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on March 22, 2011, 01:10:57 PM
OT: You're better off not installing Adobe Reader because of security holes every time you update the patch, and you'll a lot safer using PDF-XChange Viewer or something better that has less problems and yes you still have to update the Flash Player.

You're right, that's OT, but much more important: it's true.!! :)
I also use PDF-XChange Viewer... ;)
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on March 22, 2011, 01:40:40 PM
yeah I was wondering, couldn't find the Adobe Reader 10.0.2 update for Windows,just for Mac... it's really not clear at all ::)

Quote
Adobe recommends users of Adobe Acrobat X (10.0.1) for Windows and Macintosh update to Adobe Acrobat X (10.0.2)

Quote
Because Adobe Reader X Protected Mode would prevent an exploit of this kind from executing, we are planning to address this issue in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for June 14, 2011.

... wondering what they've been smoking lately @Adobe ::)

and then this thread here:

http://forums.adobe.com/thread/825916


Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on March 23, 2011, 12:27:37 PM
Security flaw in RealPlayer
http://www.h-online.com/security/news/item/Security-flaw-in-RealPlayer-1213044.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: doktornotor on March 24, 2011, 12:20:23 AM
Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat
http://www.adobe.com/support/security/advisories/apsa11-01.html

Wow, their patch policy rocks...  ::)

Quote
Because Adobe Reader X Protected Mode would prevent an exploit of this kind from executing, we are planning to address this issue in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for June 14, 2011

For those who still have not abandoned the junk: PDF-XChange Viewer (http://www.tracker-software.com/product/pdf-xchange-viewer) (available also in native 64bit variant) or Foxit Reader (http://www.foxitsoftware.com/pdf/reader/addons.php/) (if you are after something fast and small).
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on March 25, 2011, 09:02:11 AM
666.624 IPv4 addresses sold for $7.5M to Microsoft
http://www.norman.com/security_center/blog/righard_zwienenberg/144541/en-us
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on March 26, 2011, 08:36:04 PM
Google Picasa Insecure Library Loading Vulnerability
http://secunia.com/advisories/43853/

Quote
Solution
Update to version 3.8.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on March 26, 2011, 09:06:12 PM
Google Picasa Insecure Library Loading Vulnerability
http://secunia.com/advisories/43853/

Quote
Solution
Update to version 3.8.
Already up to date.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: spg SCOTT on March 29, 2011, 07:12:32 PM
Spotify ads hit by malware attack

http://www.bbc.co.uk/news/technology-12891182

Also links to avast and websense blogs on the subject in the article
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on March 29, 2011, 08:11:57 PM
Spotify ads hit by malware attack

http://www.bbc.co.uk/news/technology-12891182

Also links to avast and websense blogs on the subject in the article
Also on avast! blog:
Malware stops the music at Spotify.com
https://blog.avast.com/2011/03/28/malware-stops-the-music-at-spotify-com
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on March 30, 2011, 09:55:44 AM
When buffer overflows in printers become a risk
http://www.h-online.com/security/news/item/When-buffer-overflows-in-printers-become-a-risk-1217292.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on March 31, 2011, 12:20:13 AM
VMware Security Advisory - VMware vmrun utility local privilege escalation
https://www.vmware.com/security/advisories/VMSA-2011-0006.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on April 01, 2011, 01:44:43 PM
Is Samsung Installing Keyloggers on New Laptops ???
You be the judge! (http://chris.pirillo.com/is-samsung-installing-keyloggers-on-new-laptops/)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on April 01, 2011, 01:48:31 PM
Is Samsung Installing Keyloggers on New Laptops ???
You be the judge! (http://chris.pirillo.com/is-samsung-installing-keyloggers-on-new-laptops/)

http://forum.avast.com/index.php?topic=75041.msg621801#msg621801
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on April 01, 2011, 01:51:49 PM
Is Samsung Installing Keyloggers on New Laptops ???
You be the judge! (http://chris.pirillo.com/is-samsung-installing-keyloggers-on-new-laptops/)

yep... I went too fast yesterday when referring to the fact that CNet didn't find the keylogger, and the statement about a Vipre FP ... don't know what I was thinking of ::) forgot that indeed Samsung themselves, at least a rep, admitted it, they they indeed installed that crap on laptops.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on April 01, 2011, 01:52:33 PM
Is Samsung Installing Keyloggers on New Laptops ???
You be the judge! (http://chris.pirillo.com/is-samsung-installing-keyloggers-on-new-laptops/)

http://forum.avast.com/index.php?topic=75041.msg621801#msg621801


Asyn that doesn't make sense, Samsung acknowledged the presence of the keylogger.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on April 01, 2011, 02:08:47 PM
Asyn that doesn't make sense, Samsung acknowledged the presence of the keylogger.

http://www.samsungtomorrow.com/1071
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on April 01, 2011, 02:13:18 PM
Asyn that doesn't make sense, Samsung acknowledged the presence of the keylogger.

http://www.samsungtomorrow.com/1071


again, a samsung rep acknowledged the existence of the keylogger before anyone there mentioned a Vipre FP.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on April 01, 2011, 02:14:42 PM
again, a samsung rep acknowledged the existence of the keylogger before anyone there mentioned a Vipre FP.

We should discuss this in the other thread, if needed. ;)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: AdrianH on April 01, 2011, 04:08:04 PM
http://www.theinquirer.net/inquirer/news/2039497/thousands-websites-infected-sql-injection-attack


Thousands of websites infected by SQL injection attack

Around 1.5 million URLs infected



Quote
AN SQL INJECTION ATTACK campaign is spreading like wildfire, with 28,000 URLs that were initially reported to have infected code increasing to around 1.5 million within about four days.

In its latest update, Websense said that 1.5 million URLs have the same structure as the original attack. Although the figures only count URLs rather than individual domains or websites, the number of websites that have been compromised is likely to be in the thousands by now.

The first domain that Websense saw infected with bad code on 29 March was called Lizamoon.com. From there the infected script spreads to other websites through SQL injection, a technique that exploits insecure code through the database backend of a website.............(more)

More here
http://www.theregister.co.uk/2011/03/31/lizamoon_mass_injection_attack/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on April 01, 2011, 04:56:49 PM
Thousands of websites infected by SQL injection attack

No idea, which browser you're using...
But, if you use FF, add NoScript - problem solved..! :)
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nmb on April 01, 2011, 05:00:25 PM
Dissecting the Massive SQL Injection Attack Serving Scareware

Wonderful stuff by Dancho. Must read

http://ddanchev.blogspot.com/2011/03/dissecting-massive-sql-injection-attack.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: DavidR on April 01, 2011, 06:26:31 PM
Thousands of websites infected by SQL injection attack

No idea, which browser you're using...
But, if you use FF, add NoScript - problem solved..! :)
asyn

The SQL injection has nothing to do with your browser as the injection is into the page source code. We have seen several instances of the lizamoon . com injected scripts being blocked by the Web Shield as win32:Script-inf detection.

Whilst NoScript should stop the script being run (so should NotScript for Chrome), unless you have very lax NoScript settings, so it isn't guaranteed.

So for now be thankful that the web shield is your protector in these injected scripts.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on April 01, 2011, 06:32:45 PM
1. Whilst NoScript should stop the script being run ... so it isn't guaranteed.
2. So for now be thankful that the web shield is your protector in these injected scripts.

1. It is. ;)
2. I/we am/are. :)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: spg SCOTT on April 01, 2011, 09:33:45 PM
Interesting, this ur.php file also featured in another thread.

http://community.websense.com/blogs/securitylabs/archive/2011/03/31/update-on-lizamoon-mass-injection.aspx

Thread is here: http://forum.avast.com/index.php?topic=75016.msg621057#msg621057
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on April 02, 2011, 02:41:39 AM
I just received this:

"Kroger wants you to know that the data base with our customers' names and email addresses has been breached by someone outside of the company. This data base contains the names and email addresses of customers who voluntarily provided their names and email addresses to Kroger. We want to assure you that the only information that was obtained was your name and email address. As a result, it is possible you may receive some spam email messages. We apologize for any inconvenience."

So if you shop at Kroger or Smith's and supplied them with your email address,
expect an increase in your spam and not the kind you eat either.

I wanted to ask them if they'll give us a discount on Spam the next time we do our shopping.... ;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on April 04, 2011, 01:31:48 PM
RSA hack could endanger the security of SecurID tokens
http://www.h-online.com/security/news/item/RSA-hack-could-endanger-the-security-of-SecurID-tokens-1210393.html
http://forum.avast.com/index.php?topic=74077.0

Anatomy of an Attack
http://blogs.rsa.com/rivner/anatomy-of-an-attack/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on April 04, 2011, 05:40:19 PM
I just received this:

"Kroger wants you to know that the data base with our customers' names and email addresses has been breached by someone outside of the company. This data base contains the names and email addresses of customers who voluntarily provided their names and email addresses to Kroger. We want to assure you that the only information that was obtained was your name and email address. As a result, it is possible you may receive some spam email messages. We apologize for any inconvenience."

So if you shop at Kroger or Smith's and supplied them with your email address,
expect an increase in your spam and not the kind you eat either.

Millions of email addresses exposed in Epsilon breach
http://www.h-online.com/security/news/item/Millions-of-email-addresses-exposed-in-Epsilon-breach-1221307.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: SafeSurf on April 06, 2011, 09:51:29 AM
Millions of email addresses exposed in Epsilon breach
http://www.h-online.com/security/news/item/Millions-of-email-addresses-exposed-in-Epsilon-breach-1221307.html
It gets worse by the day:
Epsilon Security Breach Spreads:
https://threatpost.com/en_us/blogs/epsilon-data-breach-expands-include-capital-one-disney-others-040411 (https://threatpost.com/en_us/blogs/epsilon-data-breach-expands-include-capital-one-disney-others-040411)
http://threatpost.com/en_us/blogs/list-companies-hit-epsilon-breach-040511 (http://threatpost.com/en_us/blogs/list-companies-hit-epsilon-breach-040511)

Update to those affected by this breach: To those living within the US, the phone number to call Epsilon for additional information regarding this breach is 1-866-595-4896.  However, Epsilon is a global company.   I contacted them and was told that hackers gained information from Epsilon, however the only information they gained were email addresses.  The concern is that the hackers are now sending out email to the emails the obtained with malicious codes (they would not offer when pressed what malware is involved or where the hackers originated from as they "could not disclose that information" to me), and Epsilon is advising users when you contact them to not open up emails you do not recognize and to keep your antivirus and firewall up to date.  Epsilon refuses to disclose additional information and will not offer free ID Theft to users who were affected as of contacting them 4/05/11.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on April 06, 2011, 11:55:18 AM
Millions of email addresses exposed in Epsilon breach
http://www.h-online.com/security/news/item/Millions-of-email-addresses-exposed-in-Epsilon-breach-1221307.html
It gets worse by the day:
Epsilon Security Breach Spreads:
https://threatpost.com/en_us/blogs/epsilon-data-breach-expands-include-capital-one-disney-others-040411 (https://threatpost.com/en_us/blogs/epsilon-data-breach-expands-include-capital-one-disney-others-040411)
http://threatpost.com/en_us/blogs/list-companies-hit-epsilon-breach-040511 (http://threatpost.com/en_us/blogs/list-companies-hit-epsilon-breach-040511)

Additional info here: http://krebsonsecurity.com/2011/04/epsilon-breach-raises-specter-of-spear-phishing/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on April 06, 2011, 12:20:58 PM
and more about Epsilon here

To the Millions and Millions of people… How not to warn the Millions!
http://norman.com/security_center/blog/righard_zwienenberg/144731/en-us
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on April 06, 2011, 12:29:25 PM
Google Chrome to warn of malicious Windows executables

http://www.theregister.co.uk/2011/04/05/google_malicious_executables_warning/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on April 06, 2011, 08:46:49 PM
and more about Epsilon here

To the Millions and Millions of people… How not to warn the Millions!
http://norman.com/security_center/blog/righard_zwienenberg/144731/en-us
A list of the companies who used Epsilon Services:
http://www.databreaches.net/?p=17374 (http://www.databreaches.net/?p=17374)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Dim@rik on April 06, 2011, 09:14:34 PM
LiveJournal under attack

DDoS attack - Optima/Darkness DDoS bot


http://www.securelist.com/en/blog/442/LiveJournal_under_attack
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Left123 on April 06, 2011, 11:37:53 PM
Monthly Malware Statistics, March 2011

http://www.securelist.com/en/analysis/204792170/Monthly_Malware_Statistics_March_2011

A new chinese bootkit http://www.securelist.com/en/blog/434/The_Chinese_bootkit
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on April 07, 2011, 08:03:24 AM
DHCP client allows shell command injection
http://www.h-online.com/security/news/item/DHCP-client-allows-shell-command-injection-1222805.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on April 07, 2011, 03:53:56 PM
The PlayStation 3 controversy - Anonymous enters the scene
http://www.norman.com/security_center/security_center_archive/2011/playstation_3_controversy_anonymous_enters_the_scene/en-us
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on April 07, 2011, 03:55:57 PM
"Successful" Twitter malware proves it once more
http://www.norman.com/security_center/blog/per_olav_forland/144829/en-us
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on April 07, 2011, 04:00:14 PM
The PlayStation 3 controversy - Anonymous enters the scene
http://www.norman.com/security_center/security_center_archive/2011/playstation_3_controversy_anonymous_enters_the_scene/en-us

http://anonnews.org/?p=press&a=item&i=797
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on April 07, 2011, 04:10:37 PM
Malware baddies crank up Trojan production
http://www.theregister.co.uk/2011/04/06/malware_trends/

Quote
During the first three months of 2011 an average of 73,000 new strains of malware have been created every day: 10,000 more than during the same period last year, according to stats from Panda Security. Around 70 per cent of these malware strains were Trojans, with viruses making up 17 per cent of the sample, the second most common category.



Google Chrome to warn of malicious Windows executables
http://www.theregister.co.uk/2011/04/05/google_malicious_executables_warning/
Quote
Google says it's expanding its blacklist of malicious websites to include those that use deceptive claims to push harmful Windows programs.


Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: koam on April 07, 2011, 09:07:42 PM
Lots of flags on Hotmail / Windows Live site today. I'm not alone.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on April 07, 2011, 09:12:12 PM
Lots of flags on Hotmail / Windows Live site today. I'm not alone.

It was FP and has been solved meanwhile...!!! ;)
http://forum.avast.com/index.php?topic=75653.0
Doesn't really fit here, btw.
asyn
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on April 07, 2011, 10:56:29 PM
Microsoft Security Bulletin Advance Notification for April 2011
This is an advance notification of security bulletins that Microsoft is intending to release on April 12, 2011.
http://www.microsoft.com/technet/security/bulletin/ms11-apr.mspx
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on April 08, 2011, 01:17:14 PM
VLC Media Player susceptible to buffer overflow vulnerability
http://www.h-online.com/security/news/item/VLC-Media-Player-susceptible-to-buffer-overflow-vulnerability-1224431.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on April 10, 2011, 03:09:52 AM
Dropbox authentication: insecure by design
http://dereknewton.com/2011/04/dropbox-authentication-static-host-ids/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on April 12, 2011, 07:52:55 AM
A new security flaw hits VLC
http://www.h-online.com/security/news/item/A-new-security-flaw-hits-VLC-1225820.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on April 12, 2011, 10:58:28 AM
Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat
http://www.adobe.com/support/security/advisories/apsa11-02.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on April 12, 2011, 04:13:24 PM
Facebook fixes bug affecting Hotmail users
http://news.cnet.com/8301-27080_3-20052926-245.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on April 12, 2011, 04:45:31 PM
A new security flaw hits VLC
http://www.h-online.com/security/news/item/A-new-security-flaw-hits-VLC-1225820.html

VLC Media Player 1.1.9 closes security holes
http://www.h-online.com/security/news/item/VLC-Media-Player-1-1-9-closes-security-holes-1226673.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on April 13, 2011, 10:56:48 AM
Ransomware claims to lock Windows licence
http://www.h-online.com/security/news/item/Ransomware-claims-to-lock-Windows-licence-1226789.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: scythe944 on April 13, 2011, 04:36:08 PM
Ransomware claims to lock Windows licence
http://www.h-online.com/security/news/item/Ransomware-claims-to-lock-Windows-licence-1226789.html


Oh, that would suck.  Can't wait to have to fix a system with this installed.  I have a feeling a lot of old people are going to be falsely opening up their wallets for this one.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nmb on April 14, 2011, 05:30:41 AM
Ransomware claims to lock Windows licence
http://www.h-online.com/security/news/item/Ransomware-claims-to-lock-Windows-licence-1226789.html


Oh, that would suck.  Can't wait to have to fix a system with this installed.  I have a feeling a lot of old people are going to be falsely opening up their wallets for this one.

Just use the code : 1351236 More here (http://www.f-secure.com/weblog/archives/00002139.html).
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Left123 on April 14, 2011, 10:53:24 AM
Ransomware claims to lock Windows licence
http://www.h-online.com/security/news/item/Ransomware-claims-to-lock-Windows-licence-1226789.html


Oh, that would suck.  Can't wait to have to fix a system with this installed.  I have a feeling a lot of old people are going to be falsely opening up their wallets for this one.

Just use the code : 1351236 More here (http://www.f-secure.com/weblog/archives/00002139.html).

Also http://xylibox.blogspot.com/2011/03/trojanransom-windows-license-locked.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on April 14, 2011, 11:47:19 AM
WordPress - Security Incident
http://en.blog.wordpress.com/2011/04/13/security/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on April 14, 2011, 11:51:16 AM
WordPress - Security Incident
http://en.blog.wordpress.com/2011/04/13/security/


yeah on a side note, they sent that via mail to all their users, which I find rather fair and professional.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: spg SCOTT on April 14, 2011, 12:55:03 PM
yeah on a side note, they sent that via mail to all their users, which I find rather fair and professional.

.com or .org? I didn't get one...and I use the .com service...
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on April 14, 2011, 01:33:32 PM
yeah on a side note, they sent that via mail to all their users, which I find rather fair and professional.

.com or .org? I didn't get one...and I use the .com service...

.com ... but okay, I wanted to post back here. I opened a blog there very recently and subscribed to their blog at the same time (was offered during the registration process). What I got via mail is just the last post from their blog.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: spg SCOTT on April 14, 2011, 01:35:14 PM
yeah on a side note, they sent that via mail to all their users, which I find rather fair and professional.

.com or .org? I didn't get one...and I use the .com service...

.com ... but okay, I wanted to post back here. I opened a blog there very recently and subscribed to their blog at the same time (was offered during the registration process). What I got via mail is just the last post from their blog.

Ah, that explains it, I haven't subscribed...think I have the rss feed somewhere though :D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on April 14, 2011, 06:23:41 PM
Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat
http://www.adobe.com/support/security/advisories/apsa11-02.html

Adobe to patch Flash Player hole Friday
http://blogs.adobe.com/psirt/2011/04/update-on-security-advisory-for-adobe-flash-player-adobe-reader-and-acrobat-apsa11-02.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on April 15, 2011, 03:05:30 PM
Problem with PowerPoint update
Security Update for PowerPoint 2003 (KB2464588)
http://support.microsoft.com/kb/2464588
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on April 16, 2011, 05:19:31 PM
Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat
http://www.adobe.com/support/security/advisories/apsa11-02.html

Adobe to patch Flash Player hole Friday
http://blogs.adobe.com/psirt/2011/04/update-on-security-advisory-for-adobe-flash-player-adobe-reader-and-acrobat-apsa11-02.html

Adobe releases security update for Flash Player
http://www.h-online.com/security/news/item/Adobe-releases-security-update-for-Flash-Player-1228930.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Silk0 on April 19, 2011, 11:48:25 AM
iTunes 10.2.2 closes security holes
http://www.h-online.com/security/news/item/iTunes-10-2-2-closes-security-holes-1229838.html (http://www.h-online.com/security/news/item/iTunes-10-2-2-closes-security-holes-1229838.html)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on April 19, 2011, 04:22:27 PM
Ashampoo hacked (http://www.ashampoo.com/en/usd/dth)  :'(
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Lisandro on April 20, 2011, 03:07:17 AM
Ashampoo hacked (http://www.ashampoo.com/en/usd/dth)  :'(
Sad... My email/name were stolen :'(
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on April 20, 2011, 04:26:13 AM
Ashampoo hacked (http://www.ashampoo.com/en/usd/dth)  :'(
Sad... My email/name were stolen :'(
I'm sure your not alone. I also use some of their excellent products.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: DavidR on April 20, 2011, 04:49:09 AM
Yes I have their handy little screen capture tool AshampooSnap3 on my win7 netbook. Not quite as good as SnagIt on my main system but then it is free ;D

Can't say I have noticed any spam, etc. I opted out of their email promotions early on.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Omid Farhang on April 20, 2011, 09:40:32 AM
Yes I have their handy little screen capture tool AshampooSnap3 on my win7 netbook. Not quite as good as SnagIt on my main system but then it is free ;D
I use Snipping Tool which comes built-in with windows 7

Can't say I have noticed any spam, etc. I opted out of their email promotions early on.
Same here  :-\
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: DavidR on April 20, 2011, 03:33:22 PM
Yes I have their handy little screen capture tool AshampooSnap3 on my win7 netbook. Not quite as good as SnagIt on my main system but then it is free ;D
I use Snipping Tool which comes built-in with windows 7
<snip>

I have never used it, but I rather doubt it has the functionality of AshampooSnap3, which has image editing and a slew of other functions than you can shake a stick at.

One that I particularly like is the image capture and a save output directly to email, video capture, capture scrolling window (text & Web site) and the annotations are very varied, etc..
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Omid Farhang on April 20, 2011, 04:03:22 PM
One that I particularly like is the image capture and a save output directly to email
No

video capture
No..

capture scrolling window (text & Web site)
Nooooo

and the annotations are very varied, etc..
No no no nooooooooo!


 ;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: NON on April 21, 2011, 10:07:16 AM
FakeAV names itself BitDefender
http://www.bleepingcomputer.com/virus-removal/remove-bitdefender-2011

Or AVG :D
http://siri-urz.blogspot.com/2011/01/fake-avg-anti-virus.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on April 21, 2011, 03:49:24 PM
Oracle Critical Patch Update Advisory - April 2011
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on April 21, 2011, 11:52:14 PM
Digital Life after death - Online   ???
http://www.norman.com/security_center/blog/per_olav_forland/145976/en

Digital Afterlife: How to Safeguard Online Accounts After Death
http://www.securitynewsdaily.com/digital-afterlife-how-to-safeguard-online-accounts-after-death-0707/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on April 23, 2011, 04:57:34 PM
PlayStation Network & Qriocity services turned off
http://blog.eu.playstation.com/2011/04/23/update-on-playstation-network-qriocity-services/

Update: http://anonops.blogspot.com/2011/04/we-didnt-do-it-sony-incompetent.html
Update: http://blog.eu.playstation.com/2011/04/24/latest-update-for-psnqriocity-services/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on April 26, 2011, 09:22:14 PM
Malwarebytes with new WebSite  http://malwarebytes.org/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on April 26, 2011, 09:33:56 PM
Microsoft now disclosing third party vulnerabilities
http://www.h-online.com/security/news/item/Microsoft-now-disclosing-third-party-vulnerabilities-1233047.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on April 26, 2011, 09:58:19 PM
Link not working.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on April 26, 2011, 10:00:41 PM
Link not working.

Are you refering to my post, Bob..??
If so, it's working from here...

Microsoft now disclosing third party vulnerabilities
http://www.h-online.com/security/news/item/Microsoft-now-disclosing-third-party-vulnerabilities-1233047.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on April 26, 2011, 10:11:04 PM
Link not working.
It helps to say what Link is not working.  ;)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Omid Farhang on April 26, 2011, 10:14:15 PM
Microsoft now disclosing third party vulnerabilities
http://www.h-online.com/security/news/item/Microsoft-now-disclosing-third-party-vulnerabilities-1233047.html

very interesting! Does it may happen that Microsoft become a secure platform? ;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: essexboy on April 26, 2011, 10:24:13 PM
Actually I find windows(7) quite secure - most flaws are from third party software - Adobe - Flash - Java etc..
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Omid Farhang on April 26, 2011, 10:32:54 PM
Actually I find windows(7) quite secure - most flaws are from third party software - Adobe - Flash - Java etc..
I will not call it secure until windows core/source become really solid and un-touchable like you feel every file or program you run is being opened in a sandbox, when you uninstall a program no leftover remain or no kind of input being able change anything from windows core. (Emmm, like a Chrome Extension which cannot change the way whole browser works, or like a JAVA mobile OS which applications cannot change the way mobile OS works)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: essexboy on April 26, 2011, 10:37:30 PM
I do say quite secure...  ;D  But a lot of the problems are dependant on the third party software manufactures to get their act together - Like as you say Chrome.  Windows cannot be locked up tight though as long as third party software is used 
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: YoKenny on April 26, 2011, 10:48:15 PM
I do say quite secure...  ;D  But a lot of the problems are dependant on the third party software manufactures to get their act together - Like as you say Chrome.  Windows cannot be locked up tight though as long as third party software is used 
Like Avira.  ;)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on April 27, 2011, 09:39:33 AM
PlayStation Network & Qriocity services turned off
http://blog.eu.playstation.com/2011/04/23/update-on-playstation-network-qriocity-services/

Update: http://anonops.blogspot.com/2011/04/we-didnt-do-it-sony-incompetent.html
Update: http://blog.eu.playstation.com/2011/04/24/latest-update-for-psnqriocity-services/

Update on PSN Service Outages
http://faq.en.playstation.com/cgi-bin/scee_gb.cfg/php/enduser/std_adp.php?locale=en_GB&p_faqid=5593

Quote
We believe that an unauthorized person has obtained the following information that you provided: name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity password, login, password security answers, and handle/PSN online ID...
...If you have provided your credit card data through PlayStation Network or Qriocity, it is possible that your credit card number (excluding security code) and expiration date may also have been obtained.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on April 27, 2011, 04:04:57 PM
PlayStation Network & Qriocity services turned off
http://blog.eu.playstation.com/2011/04/23/update-on-playstation-network-qriocity-services/

Update: http://anonops.blogspot.com/2011/04/we-didnt-do-it-sony-incompetent.html
Update: http://blog.eu.playstation.com/2011/04/24/latest-update-for-psnqriocity-services/

Update on PSN Service Outages
http://faq.en.playstation.com/cgi-bin/scee_gb.cfg/php/enduser/std_adp.php?locale=en_GB&p_faqid=5593

Quote
We believe that an unauthorized person has obtained the following information that you provided: name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity password, login, password security answers, and handle/PSN online ID...
...If you have provided your credit card data through PlayStation Network or Qriocity, it is possible that your credit card number (excluding security code) and expiration date may also have been obtained.

Even if you aren't a gamer (such as I) but used your Playstation to obtain other services like Netflix, then consider yourself hacked.  :'(
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on April 27, 2011, 04:19:32 PM
Even if you aren't a gamer (such as I) but used your Playstation to obtain other services like Netflix, then consider yourself hacked.  :'(

Some already consider this the biggest all-time data theft. :(
(80+ millions possible victims)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on April 27, 2011, 04:27:00 PM
there's been a sarcastic statement from MS somewhere... saying they "really" were sorry for Sony, but hey thanks god players still have the Xbox network to rely on ;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on April 27, 2011, 04:30:59 PM
there's been a sarcastic statement from MS somewhere... saying they "really" were sorry for Sony, but hey thanks god players still have the Xbox network to rely on ;D

Seems they see it as an unique promotion chance. ;)
Do you have a link for that, Logos..??
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on April 27, 2011, 04:59:53 PM
SpyEye Targets Opera, Google Chrome Users
http://krebsonsecurity.com/2011/04/spyeye-targets-opera-google-chrome-users/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on April 27, 2011, 05:32:31 PM
Problem with PowerPoint update
Security Update for PowerPoint 2003 (KB2464588)
http://support.microsoft.com/kb/2464588

Hotfix available: http://support.microsoft.com/kb/2543241/en-us
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on April 27, 2011, 05:48:00 PM
Zeus trojan adds fake investment adverts
http://www.h-online.com/security/news/item/Zeus-trojan-adds-fake-investment-adverts-1233415.html
http://www.trusteer.com/blog/zeus-adds-investment-fraud-its-bag-tricks
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on April 27, 2011, 08:47:46 PM
Not sure if this has already been posted....

apr 26-2011  Update on PlayStation Network and Qriocity
http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on April 27, 2011, 08:52:23 PM
a digital thriller book review  ;)

Zero Day - a review
http://www.norman.com/security_center/blog/per_olav_forland/145996/en
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on April 27, 2011, 08:54:46 PM
Not sure if this has already been posted....

Not the US version, but everything else is here:
http://forum.avast.com/index.php?topic=52252.msg638566#msg638566
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on April 28, 2011, 09:18:11 AM
A Second MSRT Release in April
http://blogs.technet.com/b/mmpc/archive/2011/04/26/a-second-msrt-release-in-april.aspx
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on April 28, 2011, 03:31:24 PM
Cisco Security Advisory

Multiple Vulnerabilities in Cisco Unified Communications Manager
http://www.cisco.com/warp/public/707/cisco-sa-20110427-cucm.shtml

Cisco Wireless LAN Controllers Denial of Service Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20110427-wlc.shtml
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on April 28, 2011, 03:37:40 PM
PlayStation Network & Qriocity services turned off
http://blog.eu.playstation.com/2011/04/23/update-on-playstation-network-qriocity-services/

Update: http://anonops.blogspot.com/2011/04/we-didnt-do-it-sony-incompetent.html
Update: http://blog.eu.playstation.com/2011/04/24/latest-update-for-psnqriocity-services/

Update on PSN Service Outages
http://faq.en.playstation.com/cgi-bin/scee_gb.cfg/php/enduser/std_adp.php?locale=en_GB&p_faqid=5593

Q&A #1 for PlayStation Network and Qriocity Services
http://blog.us.playstation.com/2011/04/27/qa-1-for-playstation-network-and-qriocity-services/

Attack on the PlayStation Network: what customers should now watch out for
http://www.h-online.com/security/news/item/Attack-on-the-PlayStation-Network-what-customers-should-now-watch-out-for-1233905.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on April 28, 2011, 04:39:41 PM
A Second MSRT Release in April
http://blogs.technet.com/b/mmpc/archive/2011/04/26/a-second-msrt-release-in-april.aspx


probably related to the same infection:
Feds to remotely delete Coreflood from infected PCs
http://www.digitaltrends.com/computing/feds-to-remotely-delete-coreflood-from-infected-pcs/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: DavidR on April 28, 2011, 05:33:41 PM
Great, sign a consent form to have the Feds rummage around in your computer. Not sure which would be more attractive in your system, the botnet or the Feds ;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on April 28, 2011, 05:35:09 PM
Great, sign a consent form to have the Feds rummage around in your computer. Not sure which would be more attractive in your system, the botnet or the Feds ;D

they say they won't spy ??? ;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on April 29, 2011, 08:21:06 AM
Nikon Image Authentication System: Compromised
http://blog.crackpassword.com/2011/04/nikon-image-authentication-system-compromised/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on April 29, 2011, 08:28:39 AM
FBI warns of fraudulent bank transfers to China
http://www.h-online.com/security/news/item/FBI-warns-of-fraudulent-bank-transfers-to-China-1234421.html
http://www.ic3.gov/media/2011/ChinaWireTransferFraudAlert.pdf
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: yongsua on April 29, 2011, 09:53:49 AM
Iran: Country under attack by second computer virus
http://malwareresearchgroup.com/2011/04/iran-country-under-attack-by-second-computer-virus/ (http://malwareresearchgroup.com/2011/04/iran-country-under-attack-by-second-computer-virus/)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on April 29, 2011, 10:43:42 AM
Iran: Country under attack by second computer virus
http://malwareresearchgroup.com/2011/04/iran-country-under-attack-by-second-computer-virus/ (http://malwareresearchgroup.com/2011/04/iran-country-under-attack-by-second-computer-virus/)

not much to complain about ;D
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on April 29, 2011, 04:37:18 PM
Dropbox authentication: insecure by design
http://dereknewton.com/2011/04/dropbox-authentication-static-host-ids/

Dropbox experiment with update to solve security vulnerability
http://www.h-online.com/security/news/item/Dropbox-experiment-with-update-to-solve-security-vulnerability-1234815.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on April 29, 2011, 04:42:16 PM
Dropbox authentication: insecure by design
http://dereknewton.com/2011/04/dropbox-authentication-static-host-ids/

Dropbox experiment with update to solve security vulnerability
http://www.h-online.com/security/news/item/Dropbox-experiment-with-update-to-solve-security-vulnerability-1234815.html


yeah I've installed that yesterday, that's a forum build, ie you'll only get the link from their forums ;)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on April 29, 2011, 04:44:43 PM
yeah I've installed that yesterday, that's a forum build, ie you'll only get the link from their forums ;)

Ok, so just in case: http://forums.dropbox.com/topic.php?id=37258&%2037258
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on April 30, 2011, 04:28:12 PM
Iran: Country under attack by second computer virus
http://malwareresearchgroup.com/2011/04/iran-country-under-attack-by-second-computer-virus/ (http://malwareresearchgroup.com/2011/04/iran-country-under-attack-by-second-computer-virus/)

not much to complain about ;D

This might interest you then. ;)
http://anonnews.org/?p=press&a=item&i=873
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on May 01, 2011, 10:00:35 PM
careful guys, for those of you using LastPass, the version available on Mozilla add-ons web site is outdated, it's 1.72:
https://addons.mozilla.org/en-US/firefox/addon/lastpass-password-manager/

 while the latest has been 1.73 for a while. Get it here:
https://lastpass.com/misc_download.php
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on May 03, 2011, 12:09:35 PM
PlayStation Network & Qriocity services turned off
http://blog.eu.playstation.com/2011/04/23/update-on-playstation-network-qriocity-services/

Update: http://anonops.blogspot.com/2011/04/we-didnt-do-it-sony-incompetent.html
Update: http://blog.eu.playstation.com/2011/04/24/latest-update-for-psnqriocity-services/

Update on PSN Service Outages
http://faq.en.playstation.com/cgi-bin/scee_gb.cfg/php/enduser/std_adp.php?locale=en_GB&p_faqid=5593

Q&A #1 for PlayStation Network and Qriocity Services
http://blog.us.playstation.com/2011/04/27/qa-1-for-playstation-network-and-qriocity-services/

Attack on the PlayStation Network: what customers should now watch out for
http://www.h-online.com/security/news/item/Attack-on-the-PlayStation-Network-what-customers-should-now-watch-out-for-1233905.html

Another 25 million Sony users compromised
http://www.h-online.com/security/news/item/Another-25-million-Sony-users-compromised-1236397.html
http://www.soe.com/securityupdate/pressrelease.vm
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on May 03, 2011, 02:26:01 PM
Coming soon to a Mac near you: serious malware (http://www.zdnet.com/blog/bott/coming-soon-to-a-mac-near-you-serious-malware/3212?tag=nl.e589)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on May 03, 2011, 03:15:56 PM
Osama Bin Laden's Death Ups Risk for Cyber Scams

Quote
In the day following the big news, Baumgartner said cybercriminals started using top search results related to bin Laden in Google Images to redirect people to pages filled with malware.

http://abcnews.go.com/Technology/osama-bin-ladens-death-leads-cyber-scams-spam/story?id=13513179
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: DavidR on May 03, 2011, 03:54:37 PM
Not unexpected, as this is the usual jump on whatever news bandwagon happens to be passing and get into the search engine rankings.

What surprises me is how they manage to get so high in the actual search engine page results. Of course they also purchase keyword search result ranking, but google were meant to be cracking down on that little ploy/scam.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on May 04, 2011, 10:48:22 AM
again:

Osama malware scams spread to Facebook
http://www.theregister.co.uk/2011/05/03/osama_malware_scams/
http://countermeasures.trendmicro.eu/osama-lives-again-on-facebook/

Quote
It is also worth noting that this is not the only Osama scam currently spreading on Facebook, I also spotted many iterations of a second attack that uses clickjacking in the form of a bogus CAPTCHA to fool users into posting the bait to their own walls.

(http://countermeasures.trendmicro.eu/wp-content/uploads/2011/05/math-400x320.png)

Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on May 04, 2011, 03:57:32 PM
VLC Media Player vulnerable to buffer overflow exploits
http://www.h-online.com/security/news/item/VLC-Media-Player-vulnerable-to-buffer-overflow-exploits-1237404.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on May 05, 2011, 07:43:12 AM
Vulnerabilities in Zyxel's ZyWall products
http://www.h-online.com/security/news/item/Vulnerabilities-in-Zyxel-s-ZyWall-products-1237316.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Omid Farhang on May 05, 2011, 09:59:15 AM
Damn! why whatever I use should get Vulnerabilities? Even I dropped many programs like VLC which often get problem and is possible to replace with more secure programs to -at least- get a 100% rating by secunia for secure browsing. but I cannot replace hardware easily! hope their new firmware will remain safe!
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on May 05, 2011, 11:34:56 AM
LastPass Security Notification
http://blog.lastpass.com/2011/05/lastpass-security-notification.html

Quote
We noticed an issue yesterday and wanted to alert you to it. As a precaution, we're also forcing you to change your master password.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on May 05, 2011, 10:11:59 PM
LastPass Security Notification
http://blog.lastpass.com/2011/05/lastpass-security-notification.html

Quote
We noticed an issue yesterday and wanted to alert you to it. As a precaution, we're also forcing you to change your master password.


yeah and now their forums are down, not their main site though.
New blog notification here:
http://blog.lastpass.com/2011/05/lastpass-security-notification.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Marc57 on May 06, 2011, 07:28:18 AM
Osama Bin Laden's Death Ups Risk for Cyber Scams

Quote
In the day following the big news, Baumgartner said cybercriminals started using top search results related to bin Laden in Google Images to redirect people to pages filled with malware.

http://abcnews.go.com/Technology/osama-bin-ladens-death-leads-cyber-scams-spam/story?id=13513179


Here's a look at some Malware for the Mac.

http://www.youtube.com/watch?v=L6cvUY4CGp0&feature=feedu
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Chris Thomas on May 06, 2011, 07:45:03 AM
LastPass Security Notification
http://blog.lastpass.com/2011/05/lastpass-security-notification.html

Quote
We noticed an issue yesterday and wanted to alert you to it. As a precaution, we're also forcing you to change your master password.


yeah and now their forums are down, not their main site though.
New blog notification here:
http://blog.lastpass.com/2011/05/lastpass-security-notification.html


LOL, i kinda cannot log in, it seems they changed my password
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on May 07, 2011, 01:17:59 AM
Coming soon to a Mac near you: serious malware (http://www.zdnet.com/blog/bott/coming-soon-to-a-mac-near-you-serious-malware/3212?tag=nl.e589)
more on MacMalware...

FakeAV for Mac 
http://isc.sans.edu/diary/More+on+MAC+OSX+Malware+-+MACDefender+Fake+Antivirus/10813
http://www.macrumors.com/2011/05/02/new-macdefender-malware-threat-for-mac-os-x/
http://www.norman.com/security_center/security_center_archive/2011/cybercriminals_focus_on_new_targets/en-us
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Gargamel360 on May 07, 2011, 08:14:08 AM
Nobody Beats Aaron's, Nobody!  a fact helped by them pre-installing spyware on their customers laptops?
http://www.consumeraffairs.com/news04/2011/05/suit-aaron-s-rent-to-own-spies-on-customers.html (http://www.consumeraffairs.com/news04/2011/05/suit-aaron-s-rent-to-own-spies-on-customers.html)

If you happen to own a laptop from Aaron's, maybe someone is watching you right now  ;)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on May 07, 2011, 08:58:06 AM
Third attack against Sony planned
http://news.cnet.com/8301-31021_3-20060227-260.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on May 07, 2011, 09:02:12 AM
Scammers Swap Google Images for Malware
http://krebsonsecurity.com/2011/05/scammers-swap-google-images-for-malware/
http://isc.sans.edu/diary/More%2Bon%2BGoogle%2Bimage%2Bpoisoning/10822
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on May 07, 2011, 09:17:10 AM
Update for BIND server patches DoS hole
https://www.isc.org/software/bind
https://www.isc.org/CVE-2011-1907
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: SafeSurf on May 07, 2011, 10:43:07 AM


Slack Bank Practice Creates Opportunity for Phone Phishing Scams:
http://www.theregister.co.uk/2011/05/05/bank_practices_open_door_to_phone_phishing/ (http://www.theregister.co.uk/2011/05/05/bank_practices_open_door_to_phone_phishing/)

This doesn't have to be from a bank, it can be from any type of business.

Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Dwarden on May 07, 2011, 03:50:34 PM
Unpatched DLL bugs let hackers exploit Windows 7 and IE9, says researcher
http://www.computerworld.com/s/article/9216483/Unpatched_DLL_bugs_let_hackers_exploit_Windows_7_and_IE9_says_researcher

i hope MS nails this before or with the next monthly update
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on May 07, 2011, 05:08:31 PM
Security update for Check Point for SSL-VPN clients
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk62410
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on May 07, 2011, 05:12:03 PM
i hope MS nails this before or with the next monthly update

No, not now. :-\
https://www.microsoft.com/technet/security/bulletin/ms11-may.mspx
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on May 07, 2011, 06:02:09 PM
Critical hole in the Exim Mail server closed
http://www.h-online.com/security/news/item/Critical-hole-in-the-Exim-Mail-server-closed-1239543.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on May 07, 2011, 08:42:38 PM
PlayStation Network & Qriocity services turned off
http://blog.eu.playstation.com/2011/04/23/update-on-playstation-network-qriocity-services/

Update: http://anonops.blogspot.com/2011/04/we-didnt-do-it-sony-incompetent.html
Update: http://blog.eu.playstation.com/2011/04/24/latest-update-for-psnqriocity-services/

Update on PSN Service Outages
http://faq.en.playstation.com/cgi-bin/scee_gb.cfg/php/enduser/std_adp.php?locale=en_GB&p_faqid=5593

Q&A #1 for PlayStation Network and Qriocity Services
http://blog.us.playstation.com/2011/04/27/qa-1-for-playstation-network-and-qriocity-services/

Attack on the PlayStation Network: what customers should now watch out for
http://www.h-online.com/security/news/item/Attack-on-the-PlayStation-Network-what-customers-should-now-watch-out-for-1233905.html

Another 25 million Sony users compromised
http://www.h-online.com/security/news/item/Another-25-million-Sony-users-compromised-1236397.html
http://www.soe.com/securityupdate/pressrelease.vm

Sony delays PSN reopening
http://blog.us.playstation.com/2011/05/06/service-restoration-update/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: logos on May 09, 2011, 10:04:11 AM
Fake certificate attack targets Facebook users in Syria
http://www.theregister.co.uk/2011/05/06/syria_fake_certificate_facebook_attack/

Quote
A man-in-the-middle attack is being run against users of the secure version of Facebook in Syria, the Electronic Frontier Foundation (EFF) warns.

The semi-professional attack against the HTTPS version of the Facebook site relies on a digital certificate unsigned by any Certificate Authority and probable re-routing of traffic by the Syrian Telecom Ministry. The ongoing attack has been detected against multiple Syrian ISPs.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Lisandro on May 09, 2011, 01:46:48 PM
Fake certificate attack targets Facebook users in Syria
http://www.theregister.co.uk/2011/05/06/syria_fake_certificate_facebook_attack/

Quote
A man-in-the-middle attack is being run against users of the secure version of Facebook in Syria, the Electronic Frontier Foundation (EFF) warns.

The semi-professional attack against the HTTPS version of the Facebook site relies on a digital certificate unsigned by any Certificate Authority and probable re-routing of traffic by the Syrian Telecom Ministry. The ongoing attack has been detected against multiple Syrian ISPs.
Who is the CA (Certificate Authority) behind the htpps of Facebook?

Edited: found "some" answer.
This is very much an amateur attempt at attacking Facebook's HTTPS site. The certificate was not signed by a Certificate Authority that was trusted by users' web browsers. Unfortunately, Certificate Authorities are under the direct or indirect control of numerous governments, and many governments therefore have the capability to perform versions of this attack that do not raise any errors or warnings.
https://www.eff.org/deeplinks/2011/05/syrian-man-middle-against-facebook
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: romar on May 10, 2011, 12:33:15 AM
Hi,

I have the paid versions of both Avast and MalwareBytes on my desktop.

Almost with out exception every time I open my browser and visit a site I get an Malwarebytes error message about being blocked and showing the following in the error message - avastsvc.exe.  ???

It makes no difference whether I just open a blank browser or Google or some other site.

These are both great programs - why can't they work together?

It is getting extremely tiresome! :-[

Thanks,
Bob
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Lisandro on May 10, 2011, 02:40:06 AM
These are both great programs - why can't they work together?
Add one to the exclusion list of the other and vice-versa.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Llanziel on May 10, 2011, 04:38:02 AM
Bin Laden Home Videos Feed Google Image Attacks (http://threatpost.com/en_us/blogs/bin-laden-home-videos-feed-google-image-attacks-050911?utm_source=Newsletter_050911&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=&CID=)

Skype Planning Patch for Mac OS X Client Flaw (http://threatpost.com/en_us/blogs/skype-planning-patch-mac-os-x-client-flaw-050911?utm_source=Newsletter_050911&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=&CID=)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on May 10, 2011, 02:00:08 PM
Chrome exploit for Windows passes every security hurdle
http://www.h-online.com/security/news/item/Chrome-exploit-for-Windows-passes-every-security-hurdle-1240508.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on May 10, 2011, 11:08:45 PM
LastPass Security Notification
http://blog.lastpass.com/2011/05/lastpass-security-notification.html

Quote
We noticed an issue yesterday and wanted to alert you to it. As a precaution, we're also forcing you to change your master password.


yeah and now their forums are down, not their main site though.
New blog notification here:
http://blog.lastpass.com/2011/05/lastpass-security-notification.html


Just received the following:

(http://my.jetscreenshot.com/2701/m_20110510-xvrt-80kb.jpg) (http://my.jetscreenshot.com/2701/20110510-xvrt-80kb)
Title: Chrome successfully hacked
Post by: Dch48 on May 10, 2011, 11:58:58 PM
According to this notice, the latest version of Chrome has been hacked--http://www.zdnet.com/blog/security/google-chrome-hacked-with-sophisticated-exploit/8626?tag=nl.e589 (http://www.zdnet.com/blog/security/google-chrome-hacked-with-sophisticated-exploit/8626?tag=nl.e589)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on May 11, 2011, 11:11:49 AM
Facebook Applications Accidentally Leaking Access to Third Parties
http://www.symantec.com/connect/blogs/facebook-applications-accidentally-leaking-access-third-parties
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on May 11, 2011, 02:53:19 PM
Facebook Applications Accidentally Leaking Access to Third Parties
http://www.symantec.com/connect/blogs/facebook-applications-accidentally-leaking-access-third-parties

Precisely why I always stress not using 3rd party apps in Facebook.
Title: Re: Chrome successfully hacked
Post by: Llanziel on May 11, 2011, 09:14:40 PM
According to this notice, the latest version of Chrome has been hacked--http://www.zdnet.com/blog/security/google-chrome-hacked-with-sophisticated-exploit/8626?tag=nl.e589 (http://www.zdnet.com/blog/security/google-chrome-hacked-with-sophisticated-exploit/8626?tag=nl.e589)

Maybe this can be related with WebGL Standard (including Firefox, Chrome, Opera, Safari):

Researchers Warn of Security Issues in WebGL Standard (http://threatpost.com/en_us/blogs/researchers-warn-security-issues-webgl-standard-051111?utm_source=Newsletter_051111&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=&CID=&CID=)

Four things you should know about LastPass (http://blogs.computerworld.com/18265/four_things_you_should_know_about_lastpass)
Title: Re: Chrome successfully hacked
Post by: Dch48 on May 11, 2011, 09:17:28 PM
According to this notice, the latest version of Chrome has been hacked--http://www.zdnet.com/blog/security/google-chrome-hacked-with-sophisticated-exploit/8626?tag=nl.e589 (http://www.zdnet.com/blog/security/google-chrome-hacked-with-sophisticated-exploit/8626?tag=nl.e589)

Maybe this can be related with WebGL Standard (including Firefox, Chrome, Opera, Safari):

Researchers Warn of Security Issues in WebGL Standard (http://threatpost.com/en_us/blogs/researchers-warn-security-issues-webgl-standard-051111?utm_source=Newsletter_051111&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=&CID=&CID=)

Four things you should know about LastPass (http://blogs.computerworld.com/18265/four_things_you_should_know_about_lastpass)
When you read the article, you see that what they did was a series of sophisticated exploits that would be highly unlikely to ever really happen.
Title: Re: Chrome successfully hacked
Post by: Llanziel on May 11, 2011, 09:27:06 PM
According to this notice, the latest version of Chrome has been hacked--http://www.zdnet.com/blog/security/google-chrome-hacked-with-sophisticated-exploit/8626?tag=nl.e589 (http://www.zdnet.com/blog/security/google-chrome-hacked-with-sophisticated-exploit/8626?tag=nl.e589)

Maybe this can be related with WebGL Standard (including Firefox, Chrome, Opera, Safari):

Researchers Warn of Security Issues in WebGL Standard (http://threatpost.com/en_us/blogs/researchers-warn-security-issues-webgl-standard-051111?utm_source=Newsletter_051111&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=&CID=&CID=)

Four things you should know about LastPass (http://blogs.computerworld.com/18265/four_things_you_should_know_about_lastpass)
When you read the article, you see that what they did was a series of sophisticated exploits that would be highly unlikely to ever really happen.

You are right. But, I said a POSSIBLE cause, NOT the real cause. Also, they not specified what security product were installed at the moment of the video, they showed the update Chrome, but not the Windows update, if the firewall was on or off. Personally, the video is incomplete, we can't predict what was the real thing. I only said (the above mentioned) a possible reason. A vulnerable WebGL standard.    
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Dch48 on May 11, 2011, 10:51:22 PM
I don't think it had to do with WebGL but if it did, I'm safe. WebGL is disabled in Chrome for XP.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Llanziel on May 12, 2011, 04:48:35 AM
IE9 Safe from WebGL Woes (http://news.softpedia.com/news/IE9-Safe-from-WebGL-Woes-199832.shtml)

Quote
browsers supporting WebGL put customers at risk
  :-[

Quote
“US-CERT is aware of reports indicating that WebGL contains multiple significant security issues. The impact of these issues includes arbitrary code execution, denial of service, and cross-domain attacks. WebGL is a new web standard that is enabled by default in Firefox 4 and Google Chrome and is included in Safari,”


Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on May 12, 2011, 09:24:37 AM
ZeuS source code freely available on the net
http://www.h-online.com/security/news/item/ZeuS-source-code-freely-available-on-the-net-1241417.html
http://www.csis.dk/en/csis/blog/3229
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Dch48 on May 12, 2011, 10:48:09 AM
IE9 Safe from WebGL Woes (http://news.softpedia.com/news/IE9-Safe-from-WebGL-Woes-199832.shtml)

Quote
browsers supporting WebGL put customers at risk
  :-[

Quote
“US-CERT is aware of reports indicating that WebGL contains multiple significant security issues. The impact of these issues includes arbitrary code execution, denial of service, and cross-domain attacks. WebGL is a new web standard that is enabled by default in Firefox 4 and Google Chrome and is included in Safari,”



Chrome on XP is also safe because WebGL is disabled.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Llanziel on May 12, 2011, 07:33:52 PM
Google doodle takes you to scareware sites (http://www.h-online.com/security/news/item/Google-doodle-takes-you-to-scareware-sites-1242208.html)

Quote
The infected system could no longer be used in any meaningful way.

Hackers versus Apple (http://www.h-online.com/security/features/Hackers-versus-Apple-1202598.html)

Quote
However, experience shows me that OS X probably has more bugs than a Windows browser
Ouch! :-[
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: spg SCOTT on May 13, 2011, 12:13:08 AM
Google doodle takes you to scareware sites (http://www.h-online.com/security/news/item/Google-doodle-takes-you-to-scareware-sites-1242208.html)

Well, lets face it, clicking the doodle only takes you to a google search on that subject. That will invariably include images, and as we all know, the whole google image search thing (especially with certain other people) leads to malware.
That title is a little misleading IMHO...
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on May 13, 2011, 07:02:52 PM
Scams utilizing Google Music beta
http://www.norman.com/security_center/blog/per_olav_forland/146376/en-us
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on May 13, 2011, 07:47:24 PM
Scams utilizing Google Music beta
http://www.norman.com/security_center/blog/per_olav_forland/146376/en-us
As usual, "If it seems to good to be true, it probably is."
If you didn't apply for the invitation at Google and the reply didn't come directly from Google,
then don't go near the invitation.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: SafeSurf on May 16, 2011, 07:33:24 AM

Win7 Machines Harder Hit with Infection Rates Recently:
http://www.theregister.co.uk/2011/05/13/ms_threat_landscape_survey/ (http://www.theregister.co.uk/2011/05/13/ms_threat_landscape_survey/)

-   Java-based exploits and phishing on social networks dominate

Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nmb on May 16, 2011, 08:42:09 AM
Windows 7 more malware-resistant than XP/Vista

Quote
Windows XP SP3 32-bit has an infection rate of 15.9 per thousand systems, while Windows Vista SP2 32-bit has half this infection rate, 7.5 per thousand. Windows 7 32-bit nearly halves this again to 3.8 per thousand, while Windows 7 64-bit managed to get the infection rate per thousand down to 2.5.

http://www.zdnet.com/blog/hardware/windows-7-more-malware-resistant-than-xpvista/12786
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: nmb on May 16, 2011, 06:08:55 PM
Win32/Alureon brings back old school virus techniques, enhanced

Quote
While working recently on different Win32/Alureon samples, we noticed some behaviour that deviated from what we’ve seen before. A particular set of files was taking longer to exhibit malicious behaviour than others. We started looking for why this was so, and ended up with a blast from the past. This time the malware was using Win32/Crypto-style decryption to elude anti-virus scanners.

Microsoft Malware Protection Center (http://blogs.technet.com/b/mmpc/archive/2011/05/15/win32-alureon-brings-back-old-school-virus-techniques-enhanced.aspx)

[via (http://threatpost.com/en_us/blogs/new-version-alureon-ups-ante-encryption-051611)]
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Llanziel on May 16, 2011, 07:35:04 PM


Trojan Feigns Failures to Increase Rogue Defragger Sales (http://www.symantec.com/connect/blogs/trojan-feigns-failures-increase-rogue-defragger-sales)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: SpeedyPC on May 19, 2011, 11:53:05 AM
Hackers getting smarter

One-in-14 downloads malicious: Microsoft:

http://www.theage.com.au/technology/security/onein14-downloads-malicious-microsoft-20110519-1etrg.html (http://www.theage.com.au/technology/security/onein14-downloads-malicious-microsoft-20110519-1etrg.html)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on May 19, 2011, 12:07:55 PM
Sony PSN again
http://sony.nyleveia.com/2011/05/17/warning-all-psn-users-your-accounts-are-still-not-safe/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: scythe944 on May 19, 2011, 06:46:00 PM
Sony PSN again
http://sony.nyleveia.com/2011/05/17/warning-all-psn-users-your-accounts-are-still-not-safe/


Na, not really: http://blog.us.playstation.com/2011/05/18/update-on-psn-password-reset-process/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on May 20, 2011, 01:02:13 PM
Sony PSN again
http://sony.nyleveia.com/2011/05/17/warning-all-psn-users-your-accounts-are-still-not-safe/

Na, not really: http://blog.us.playstation.com/2011/05/18/update-on-psn-password-reset-process/

Wouldn't feel too safe with Sony... ;)
http://www.f-secure.com/weblog/archives/00002160.html

Quote
Basically this means that Sony has been hacked, again.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on May 20, 2011, 01:08:37 PM
Mac scareware becomes more visible
http://www.h-online.com/security/news/item/Mac-scareware-becomes-more-visible-1246693.html
http://www.bleepingcomputer.com/virus-removal/remove-mac-protector
http://www.bleepingcomputer.com/virus-removal/remove-mac-defender
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Llanziel on May 21, 2011, 12:07:06 AM

New 64-Bit Rootkit Being Used to Steal Banking Credentials (http://threatpost.com/en_us/blogs/new-64-bit-rootkit-being-used-steal-banking-credentials-052011?utm_source=Newsletter_052011&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=&CID=&CID=)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on May 21, 2011, 07:40:04 AM
Apple's Mac App Store Puts Users At Risk
http://security.thejoshmeister.com/2011/05/apples-mac-app-store-puts-users-at-risk.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on May 21, 2011, 07:55:02 AM
Mac scareware becomes more visible
http://www.h-online.com/security/news/item/Mac-scareware-becomes-more-visible-1246693.html
http://www.bleepingcomputer.com/virus-removal/remove-mac-protector
http://www.bleepingcomputer.com/virus-removal/remove-mac-defender

Winwebsec gang responsible for FakeMacdef?
http://blogs.technet.com/b/mmpc/archive/2011/05/17/winwebsec-gang-responsible-for-fakemacdef.aspx
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on May 24, 2011, 09:25:08 AM
LinkedIn SSL Cookie Vulnerability
http://www.wtfuzz.com/blogs/linkedin-ssl-cookie-vulnerability/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on May 24, 2011, 12:50:38 PM
Kaspersky: Android is the new Windows
http://www.h-online.com/security/news/item/Kaspersky-Android-is-the-new-Windows-1248329.html
http://www.securelist.com/en/analysis/204792176/IT_Threat_Evolution_for_Q1_2011
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on May 24, 2011, 01:32:56 PM
Black Hole Exploit Kit Available for Free
http://threatpost.com/en_us/blogs/black-hole-exploit-kit-available-free-052311
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: SafeSurf on May 25, 2011, 06:07:56 AM

New Hack on Comodo Reseller Exposes Private Data:
http://www.theregister.co.uk/2011/05/24/comodo_reseller_hacked/ (http://www.theregister.co.uk/2011/05/24/comodo_reseller_hacked/)

Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on May 25, 2011, 05:36:46 PM

New Hack on Comodo Reseller Exposes Private Data:
http://www.theregister.co.uk/2011/05/24/comodo_reseller_hacked/ (http://www.theregister.co.uk/2011/05/24/comodo_reseller_hacked/)



Comodo president and CEO, Melih Abdulhayoglu, said Comodo systems were never compromised. He also said no certificates were issued as a result of the breach, and that the reseller had no access to Comodo databases.

“So as a summary: its an SQL attack (fairly common) on a company in Brazil who sells some of our products.” he wrote in an email. “Nothing to report really.”
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Llanziel on May 25, 2011, 09:01:19 PM

Apple Plans Update to Address MacDefender Malware (http://threatpost.com/en_us/blogs/apple-plans-update-address-macdefender-malware-052511?utm_source=Newsletter_052511&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=&CID=&CID=)

Study: Android App Authentication Bug Affecting 99% of Users (http://threatpost.com/en_us/blogs/study-android-app-authentication-bug-affecting-99-users-052411?utm_source=Newsletter_052511&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=&CID=&CID=)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on May 26, 2011, 03:51:46 PM
Mac scareware becomes more visible
http://www.h-online.com/security/news/item/Mac-scareware-becomes-more-visible-1246693.html
http://www.bleepingcomputer.com/virus-removal/remove-mac-protector
http://www.bleepingcomputer.com/virus-removal/remove-mac-defender

Winwebsec gang responsible for FakeMacdef?
http://blogs.technet.com/b/mmpc/archive/2011/05/17/winwebsec-gang-responsible-for-fakemacdef.aspx

Apple publishes Mac Defender removal details, promises fix
http://www.h-online.com/security/news/item/Apple-publishes-Mac-Defender-removal-details-promises-fix-1250118.html

Mac Defender variant doesn't require admin password
http://blog.intego.com/2011/05/25/intego-security-memo-new-mac-defender-variant-macguard-doesnt-require-password-for-installation/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on May 26, 2011, 03:55:00 PM
Sony PSN again
http://sony.nyleveia.com/2011/05/17/warning-all-psn-users-your-accounts-are-still-not-safe/

Na, not really: http://blog.us.playstation.com/2011/05/18/update-on-psn-password-reset-process/

Wouldn't feel too safe with Sony... ;)
http://www.f-secure.com/weblog/archives/00002160.html

Quote
Basically this means that Sony has been hacked, again.

Attacks on Sony continue
http://www.h-online.com/security/news/item/Attacks-on-Sony-continue-1250130.html
http://www.pcworld.com/article/228597/sony_says_hacker_stole_2000_records_from_canadian_site.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on May 26, 2011, 04:57:10 PM
Internet Explorer: cookie theft made easy
http://www.h-online.com/security/news/item/Internet-Explorer-cookie-theft-made-easy-1250938.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: bob3160 on May 27, 2011, 01:01:05 AM
Internet Explorer: cookie theft made easy
http://www.h-online.com/security/news/item/Internet-Explorer-cookie-theft-made-easy-1250938.html

Since you can't eat these cookies, what exactly is he going to do with them ???
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on May 27, 2011, 10:11:54 AM
Since you can't eat these cookies, what exactly is he going to do with them ???

Quote
Hackers can exploit the flaw to access a data file stored inside the browser known as a "cookie," which holds the login name and password to a web account, Valotta said via email

Once a hacker has that cookie, he or she can use it to access the same site, said Valotta, who calls the technique "cookiejacking."
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: SafeSurf on May 27, 2011, 10:35:18 AM

Google’s Chrome Web Store Quietly Removes Nosy Apps that Read Invade Your Privacy:
http://www.theregister.co.uk/2011/05/26/google_web_store_privacy_threats/ (http://www.theregister.co.uk/2011/05/26/google_web_store_privacy_threats/)

Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on May 27, 2011, 02:27:27 PM
Student collects 15 million Gmail addresses
http://www.h-online.com/security/news/item/Student-collects-15-million-Gmail-addresses-1251356.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on May 27, 2011, 03:32:04 PM
Large RRSIG RRsets and Negative Caching can crash named
http://www.isc.org/software/bind/advisories/cve-2011-1910
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on May 27, 2011, 04:58:04 PM
Allied Telesis divulges secret backdoor
http://www.h-online.com/security/news/item/Allied-Telesis-divulges-secret-backdoor-1251556.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on May 27, 2011, 05:30:30 PM
Chrome app security model is broken
http://blog.mobilephonesecurity.org/2011/05/chrome-app-security-model-is-broken.html
http://www.securitynewsdaily.com/data-swiping-super-mario-games-infiltrate-chrome-web-store-0818/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Left123 on May 27, 2011, 05:51:45 PM
Sony PSN again
http://sony.nyleveia.com/2011/05/17/warning-all-psn-users-your-accounts-are-still-not-safe/

Na, not really: http://blog.us.playstation.com/2011/05/18/update-on-psn-password-reset-process/

Wouldn't feel too safe with Sony... ;)
http://www.f-secure.com/weblog/archives/00002160.html

Quote
Basically this means that Sony has been hacked, again.

Attacks on Sony continue
http://www.h-online.com/security/news/item/Attacks-on-Sony-continue-1250130.html
http://www.pcworld.com/article/228597/sony_says_hacker_stole_2000_records_from_canadian_site.html

Poor sony :'(
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on May 27, 2011, 05:56:27 PM
Poor sony :'(

Sorry, but are you serious..???
They should have better protected their servers, imo.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: autumn on May 29, 2011, 03:08:24 PM
My avast anti virus when i try automatic updates i get a message saying that it can not connect to server this was 3 days ago its still doing it.then reads a885he.avast.com then (85.10.210.108.8080 to those updates can anyone be of help i tried typing it in google but cant find them????? thanks in advance...
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: DavidR on May 29, 2011, 03:48:04 PM
My avast anti virus when i try automatic updates i get a message saying that it can not connect to server this was 3 days ago its still doing it.then reads a885he.avast.com then (85.10.210.108.8080 to those updates can anyone be of help i tried typing it in google but cant find them????? thanks in advance...

- Please start a New Topic of your own as this is unrelated to the original subject and will just confuse the topic and we will try to help.  
- Go to this link, http://forum.avast.com/index.php?board=2.0 (http://forum.avast.com/index.php?board=2.0).  Click the New Topic button (see image, click to expand) at the top of the list and post there.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on May 29, 2011, 03:51:38 PM
- Please start a New Topic of your own...

Guess he/she did the best possible..!?? ;)
http://forum.avast.com/index.php?topic=78405.msg650914#msg650914
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on May 29, 2011, 03:57:54 PM
Hackers break into Lockheed Martin
http://www.h-online.com/security/news/item/Hackers-break-into-Lockheed-Martin-1251978.html
http://www.reuters.com/article/2011/05/28/usa-defense-hackers-idUSN2717936920110528
http://www.reuters.com/article/2011/05/29/us-usa-defense-hackers-idUSTRE74Q6VY20110529?irpc=932
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: SafeSurf on May 30, 2011, 08:53:56 AM

Aussie Banks Cancel Credit Cards Due to Security Breach:
http://www.theregister.co.uk/2011/05/29/aus_banks_cancel_credit/ (http://www.theregister.co.uk/2011/05/29/aus_banks_cancel_credit/)

Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on May 31, 2011, 09:41:09 AM
Skype installs third party software against users' wishes
http://www.h-online.com/security/news/item/Skype-installs-third-party-software-against-users-wishes-1252543.html
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Pondus on May 31, 2011, 12:13:43 PM
How many viruses are made by anti-virus companies?
http://www.emsisoft.com/en/kb/articles/tec110601/?utm_source=newsletter&utm_medium=newsletter&utm_content=tec110601&utm_campaign=news110525
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Left123 on May 31, 2011, 01:46:34 PM
Poor sony :'(

Sorry, but are you serious..???
They should have better protected their servers, imo.

Yes they should,but what can they do against 32402134 hackers who targeting their company ;D,reminds me of 300,the movie. ;D.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Lisandro on May 31, 2011, 01:52:00 PM
How many viruses are made by anti-virus companies?
http://www.emsisoft.com/en/kb/articles/tec110601/?utm_source=newsletter&utm_medium=newsletter&utm_content=tec110601&utm_campaign=news110525
Good article. By the end, the argument could be the same as police and bad guys.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on May 31, 2011, 01:56:21 PM
...but what can they do against 32402134 hackers who targeting their company ;D,reminds me of 300,the movie. ;D.

These were no DoS attacks. ;)
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: Asyn on May 31, 2011, 02:24:45 PM
Honda Canada loses 283,000+ records, now faces lawsuit
http://nakedsecurity.sophos.com/2011/05/29/honda-canada-loses-283000-records-now-faces-lawsuit/
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: DavidR on May 31, 2011, 02:39:42 PM
Skype installs third party software against users' wishes
http://www.h-online.com/security/news/item/Skype-installs-third-party-software-against-users-wishes-1252543.html

We have already seen one topic on the forums where this EasyBits Go inclusion caused concerns of malware on a user system.
Title: Re: SECURITY WARNINGS & Notices - Please post them here
Post by: DavidR on May 31, 2011, 02:46:17 PM
How many viruses are made by anti-virus companies?
http://www.emsisoft.com/en/kb/articles/tec110601/?utm_source=newsletter&utm_medium=newsletter&utm_content=tec110601&utm_campaign=news110525

I think that the article is nothing more than marketing hype, otherwise why is there the dirty big advert showing emsisoft getting 100% in an old MRG test from q3-q4 2010