Author Topic: SECURITY WARNINGS & Notices - Please post them here  (Read 2943673 times)

0 Members and 1 Guest are viewing this topic.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89329
  • No support PMs thanks
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #1575 on: September 20, 2011, 12:54:08 PM »
Serious yes, but I want to know if this POC would work on a site not hacked.

Quote
The stealthy piece of JavaScript works with a network sniffer to decrypt encrypted cookies a targeted website uses to grant access to restricted user accounts.

So there has to this network sniffer, piece of 'stealthy' javascript, where does it come from. It would either have to be inserted into the site page (hacked) or an off site loading/running of a script (cross site scripting XSS, again hacked site).

Well I'm looking at what protection can be offered in the form of the web shield (good on hacked sites and inserted script tags, etc.) and things like NoScript and RequestPolicy firefox add-ons to prevent local or XSS scripts from running (unless of course you gave permission).
Quote
“BEAST is like a cryptographic Trojan horse – an attacker slips a bit of JavaScript into your browser, and the JavaScript collaborates with a network sniffer to undermine your HTTPS connection,”

So again I don't see any mention in all of this of a systems local security software and how it plays out in this.

EDIT: incorrect formatting of quote.
« Last Edit: September 20, 2011, 08:05:47 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48645
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #1576 on: September 20, 2011, 07:36:28 PM »
Beginning to wonder if anything is safe any more.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v24H2 64bit, 32 Gig Ram, 1TB SSD, Avast Free 24.4.6112, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89329
  • No support PMs thanks
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #1577 on: September 20, 2011, 08:07:44 PM »
I think there is a degree of hype/fear-mongering in this when it doesn't take any account of users security measures or even mention methods of combating it.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Dwarden

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1793
  • Ideas, that's ocean without borders!
    • Bohemia Interactive
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #1578 on: September 20, 2011, 09:29:02 PM »
just note this PoC comes from researchers who already are responsible for another POC forcing Microsoft and Oracle to do out of band patch in past ...
so i would not understimate the seriousness ...
already it's discussed it takes only 5minutes to de-cypher and most sites has 10 minutes expire so this is nasty

also i hope this forces all websites to upgrade to 2nd revision of TLS 1.2 (SSL 3.3)
https://twitter.com/FoltynD , Tech. Community, Online Services & Distribution manager of Bohemia Interactive

CharleyO

  • Guest
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #1579 on: September 21, 2011, 04:04:47 AM »
***

Russian hacker sells home and cars to pay RBS

Quote

A Russian hacker who breached the security of RBS' WorldPay service and stole $9m (£6m) has had his property sold to compensate the bank.
Viktor Pleshchuk's two flats and two cars, a BMW and a Lada, were auctioned off in Saint Petersburg on Monday.
According to a Russian news portal RIA Novosti, the sale raised 10m roubles (£200,000).


http://www.bbc.co.uk/news/technology-14989264


***

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37608
  • Not a avast user
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #1580 on: September 22, 2011, 01:55:00 AM »
Botnets on discount!
Creating a botnet has become insanely easy and cheap
http://blog.gdatasoftware.com/blog/article/botnets-on-discount.html

CharleyO

  • Guest
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #1581 on: September 22, 2011, 04:37:01 AM »
***

New malicious email attachments come with accusations, threats

Quote

The latest social engineering trick to get victims to open malicious email attachments accuses them of being spammers and threatens to sue them if they don't stop. It's all in an attempt to get targets to open up the zip attachment by telling them it contains evidence of their spamming. Actually it's an .exe file that infects the machine but displays like a document.

The emails are dressed up to look like they come from real businesses that are upset because the recipient has been spamming them. "The emails even formally claims that legal action will be taken because of the spam you have sent," says the blog.


http://www.networkworld.com/news/2011/092111-malware-251104.html


***

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76032
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #1582 on: September 22, 2011, 10:01:12 AM »
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Dch48

  • Guest
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #1583 on: September 24, 2011, 06:17:03 AM »
I'm pretty sure nobody here would fall for it but I got an email purporting to be from Google about upgrading my gmail. The message was the following:

Quote
Dear Gmail Account User,

A DGTFX virus has been detected in your folders
Your email account has to be upgraded to our new
Secured DGTFX anti-virus 2011 version  to prevent
damages to our email log and your important
files.

Click your reply tab, Fill the columns below and
send back or your email account will be terminated
immediately to avoid spread of the virus.

USER ID:
PASSWORD:
PHONE NUMBER:
DATE OF BIRTH:

Gmail Technical Team
Note that your password will be encrypted with
1024-bit RSA keys for your password safety to
avoid any unauthorized user.

It said it was from upgrade @gmail.com but a thorough inspection of the header revealed that it actually came from somebody in Romania since it had a .ro at the end of the address.

« Last Edit: September 24, 2011, 06:18:35 AM by Dch48 »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76032
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #1584 on: September 24, 2011, 07:01:28 PM »
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

YoKenny

  • Guest
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #1585 on: September 24, 2011, 08:34:25 PM »
Mac trojan posing as a PDF file
http://www.f-secure.com/weblog/archives/00002241.html

Also
Quote
A new trojan has been released targeting the Macintosh Chinese-language user community.  The trojan appears to the user to be a PDF containing a Chinese language article on the long-running dispute over whether Japan or China owns the Diaoyu Islands. 
http://blog.eset.com/2011/09/23/pdf-trojan-appears-on-mac-os-x

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76032
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33929
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #1587 on: September 27, 2011, 03:57:38 PM »
Hi Asyn,

There is a FixIT - http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx (link from social.s-msft.com - link source author: swiat)

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76032
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #1588 on: September 27, 2011, 05:55:31 PM »
Hi Asyn,

There is a FixIT - http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx (link from social.s-msft.com - link source author: swiat)

polonus

Yes but sadly only for W7.

Quote
Chrome and Firefox use the Network Security Services (NSS), which only support TLS 1.0. Windows Vista, XP, 2000 and Server 2003 as well as Server 2008 are also incapable of using TLS 1.1 by default.
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76032
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0