Author Topic: Avira official website seems hacked  (Read 11770 times)

0 Members and 1 Guest are viewing this topic.

Offline NON

  • Japanese User
  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 4704
  • Whatever will be, will be.
Avira official website seems hacked
« on: October 08, 2013, 01:21:28 PM »
 :( :o
Main: Win10 Pro 20H2 64bit / Core i5-7400 3.0GHz / 16GB RAM / Avast 21 Premier Beta / Evorim Free Firewall (testing)
Mobile: Win10 Pro 20H2 32bit, Vista SP2 32bit / Core 2 Duo SU9300 1.2GHz / 4GB RAM / Avast 20 Free / Windows Firewall Control

Avast の設定について解説しています。よろしければご覧ください。

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36992
Re: Avira official website seems hacked
« Reply #1 on: October 08, 2013, 01:26:54 PM »
Quote
Avira official website seems hacked
official where? .....  avast.com works fine here

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31332
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Avira official website seems hacked
« Reply #2 on: October 08, 2013, 01:28:47 PM »
Pondus, he says Avira not Avast :P

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33061
  • malware fighter
Re: Avira official website seems hacked
« Reply #3 on: October 08, 2013, 01:53:04 PM »
Here is what happened an Egyptian hacker found a tiny little XSS hole and "wormed" through it to hack avira: http://thehackernews.com/2013/04/minor-flaw-allows-hacker-to-hijack_12.html
This time it was XSS flaws (not enough input/output validation performed, or not enough server hardening).

The next enormous wave of hacked sites will be because of evil DNS manipulation
(C&C via TOR), reporting an example with two different AS MX here: http://forum.avast.com/index.php?topic=136266.0
Believe me folks this is going to be a new trend.

Van Wallenstein warned against three forms of DNS hijacking:
1. DNS-cache poisoning, as Dan Kaminsky opened our eyes to this form of attack and the DNS-weakness involved (via recursor abuse for instance).
2. Then the authoritive nameserver can be hijacked with a worldwide effect as DNS records are being altered. Acess Control Lists and Extra Strong Passwords are to defense against this form of attack. Staff should be trained not to fall for so-called social engineering tactics.
3. The worst attack is changing the domain registration at the registrar's. If the cache cannot be emptied in time the attack can go on for hours or days even because of the TTL as a DNS server cache lasts for 86.400 sec as a rule. Protection according to Brenton Van Dyn is to preferably have the control over the nameservers inside the organization - in-house (attack 1-3).
Types of DNS manipulation info I got thanks to an article by Steve Ragan (credits - Steve Ragan).

Conclusion: avast! team should already be aware to this and put up internal  team training to avoid such situations.

polonus
« Last Edit: October 08, 2013, 01:57:49 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36992
Re: Avira official website seems hacked
« Reply #4 on: October 08, 2013, 02:05:13 PM »
Pondus, he says Avira not Avast :P
aha .....yea.... hmmm   ::)    '

well  avira.com sure display that pic   urlQuery report    http://urlquery.net/report.php?id=6452449


« Last Edit: October 08, 2013, 02:11:19 PM by Pondus »

Offline SpeedyPC

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3312
  • Avast shall conquer the whole world
Re: Avira official website seems hacked
« Reply #5 on: October 08, 2013, 02:36:53 PM »
Who cares about Avira official website has been hacked and it's their bloody problem, I only worry about Avast if this does happen and I'm sure they won't because our guys are far to smart for Avira ;D
ASUS G75VX-T4153H | Avast Premium v21.2.2455 | Avast SecureLine VPN | Avast Secure Browser | Avast Driver Updater | Avast BreachGuard | W8.1 64bit | Firefox 64bit | Thunderbird 64bit | MBAM Premium | Adguard Premium | CryptoPrevent Premium | CCleaner Portable | MCShield | Macrium Reflect | 7-Zip

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33061
  • malware fighter
Re: Avira official website seems hacked
« Reply #6 on: October 08, 2013, 03:00:11 PM »
Would like to hear Omid"s reaction.
Far too much excessive header info spread to the world and hackers:
Hack via htxp://avira.com/404testpage4525d2fdc -now I get: [8-October-2013 9:15:10] PHP Fatal error: File not found
System Details:
Running on: Apache/2.2.24
System info: (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635


polonus
« Last Edit: October 08, 2013, 03:16:31 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline NON

  • Japanese User
  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 4704
  • Whatever will be, will be.
Re: Avira official website seems hacked
« Reply #7 on: October 08, 2013, 03:08:02 PM »
I just hope avast administrator tighten their server security more up.
Don't let hackers invade avast servers.
Main: Win10 Pro 20H2 64bit / Core i5-7400 3.0GHz / 16GB RAM / Avast 21 Premier Beta / Evorim Free Firewall (testing)
Mobile: Win10 Pro 20H2 32bit, Vista SP2 32bit / Core 2 Duo SU9300 1.2GHz / 4GB RAM / Avast 20 Free / Windows Firewall Control

Avast の設定について解説しています。よろしければご覧ください。

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33061
  • malware fighter
Re: Avira official website seems hacked
« Reply #8 on: October 08, 2013, 03:26:12 PM »
Hi NON,

As you see from this scan, some insecurity still exists: https://asafaweb.com/Scan?Url=http://forum.avast.com/index.php
Excessive header warning was thwarted by using Avast Website Server - a non-existing server...

2 cookies are being set without the "HttpOnly" flag being set (name : value):

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: Avira official website seems hacked
« Reply #9 on: October 08, 2013, 04:23:05 PM »
AVG was hacked as well

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3651
Re: Avira official website seems hacked
« Reply #10 on: October 08, 2013, 04:25:09 PM »
And dont forget Whatsapp

They got hacked too.
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11664
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Avira official website seems hacked
« Reply #11 on: October 08, 2013, 07:05:38 PM »
I can also confirm that there was a hacker attempt against our site (avast.com) earlier today (probably by the same group) but it was thankfully contained.

Cheers,
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3651
Re: Avira official website seems hacked
« Reply #12 on: October 08, 2013, 07:12:06 PM »
I hope you are good protected down there in Prague. ;)

Kaspersky gets attacked almost every day.

Aviras Website is still down at the moment, they attacked the DNS Servers not Avira directely by the way.
« Last Edit: October 08, 2013, 07:17:39 PM by Steven Winderlich »
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11664
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Avira official website seems hacked
« Reply #13 on: October 08, 2013, 07:21:35 PM »
Well, they need to operate their DNS servers, that's all I can say... The fact that they don't isn't a very good excuse. :)
If at first you don't succeed, then skydiving's not for you.

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3651
Re: Avira official website seems hacked
« Reply #14 on: October 08, 2013, 07:23:34 PM »
Thats now their problem. :)
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10