Author Topic: SECURITY WARNINGS & Notices - Please post them here (Read 2886010 times)

polonus · « **Reply #3855 on:** July 02, 2015, 05:05:52 PM »

What about the risks when you combine this feature with an access risk at distance like ProxHam?
Why you have to combine the "_optout"-suffix MS thinks you should add to your SSID with Google's alternative "_nomap"-suffix Google comes up with. This knowing a SSID has only a maximum of 32 positions and only "_nodrive_optout" is almost half of that number? MS this is a very bad idea.
Don't these Redmond boys have a qualty validation department to keep such bad security features out?
Again MS is choosing user friendliness over a definite security risk? (info credits from a thread started by Anak Krakatau)

polonus

Para-Noid · « **Reply #3856 on:** July 02, 2015, 09:30:08 PM »

The Grey Side of Mobile Advertising

https://blog.malwarebytes.org/mobile-2/2015/07/the-grey-side-of-mobile-advertising/?utm_source=Gplus&utm_medium=social

Lisandro · « **Reply #3857 on:** July 03, 2015, 02:43:05 AM »

Quote from: Para-Noid on July 02, 2015, 09:30:08 PM

The Grey Side of Mobile Advertising

https://blog.malwarebytes.org/mobile-2/2015/07/the-grey-side-of-mobile-advertising/?utm_source=Gplus&utm_medium=social

Something related to this was published before on Avast blog... If I'm not wrong...

abruptum · « **Reply #3858 on:** July 03, 2015, 03:22:37 PM »

Microsoft Moves to Kill Silverlight, Tells Everyone to Stop Using It

http://news.softpedia.com/news/microsoft-moves-to-kill-silverlight-tells-everyone-to-stop-using-it-485970.shtml

DavidR · « **Reply #3859 on:** July 03, 2015, 03:43:26 PM »

Quote from: abruptum on July 03, 2015, 03:22:37 PM

Microsoft Moves to Kill Silverlight, Tells Everyone to Stop Using It

http://news.softpedia.com/news/microsoft-moves-to-kill-silverlight-tells-everyone-to-stop-using-it-485970.shtml

And there was me thinking they never started to use it - another MS idea/solution looking for a problem to solve.

Pondus · « **Reply #3860 on:** July 03, 2015, 04:44:04 PM »

Plex has been hacked, so be sure to change your passwords
www.phandroid.com/2015/07/02/plex-hacked/

Plex blog https://blog.plex.tv/

polonus · « **Reply #3861 on:** July 03, 2015, 09:26:15 PM »

Migrate now before it is too late: Deadline July 14th of 2015 MS does no longer support security patches for Server 2003. The best choice depending on circumstances is to migrate to Windows Server 2012 R2.

polonus

Para-Noid · « **Reply #3862 on:** July 04, 2015, 08:00:06 PM »

Facebook Phishing via Apps is Alive and Well

https://blog.malwarebytes.org/fraud-scam/2015/07/facebook-phishing-via-apps-is-alive-and-well/?utm_source=Gplus&utm_medium=social

REDACTED · « **Reply #3863 on:** July 04, 2015, 08:36:17 PM »

Hi all,

i'm new to these forums, but decided to make an account because i noticed some alarming email addresses on my avast homepage. i have avast installed on 3 of my computers, and i notice the email address is different on each of my computers. they use suspicious addresses like "gmai.com" or "gamil.com". i'm pretty sure these are scam email addresses, but i'm wondering why they're appearing on my avast homepage. is anyone else experiencing this? and is this something i should be worried about?

bob3160 · « **Reply #3864 on:** July 04, 2015, 08:43:00 PM »

Please don't post the same thing in several threads.
Your question was answered in the other thread.
https://forum.avast.com/index.php?topic=173195.msg1229946#msg1229946

DavidR · « **Reply #3865 on:** July 04, 2015, 08:53:25 PM »

Quote from: khalie_nne on July 04, 2015, 08:36:17 PM

Hi all,

i'm new to these forums, but decided to make an account because i noticed some alarming email addresses on my avast homepage. i have avast installed on 3 of my computers, and i notice the email address is different on each of my computers. they use suspicious addresses like "gmai.com" or "gamil.com". i'm pretty sure these are scam email addresses, but i'm wondering why they're appearing on my avast homepage. is anyone else experiencing this? and is this something i should be worried about?

This shouldn't be in this topic but one of its own, in the my.avast.com I see you have one in the General sub-forum, I will respond to that one.

abruptum · « **Reply #3866 on:** July 06, 2015, 05:02:16 PM »

Hackers hacked: Malware firm's data leaked, ties with regimes exposed

http://rt.com/news/271855-italian-hacker-firm-hacked/

Asyn · « **Reply #3867 on:** July 07, 2015, 12:30:47 PM »

[openssl-announce] Forthcoming OpenSSL releases
https://mta.openssl.org/pipermail/openssl-announce/2015-July/000037.html

polonus · « **Reply #3868 on:** July 07, 2015, 12:45:36 PM »

Network security and website security needs technical IT to get us more secure.

Security specialist should better protect against a full range of security breaches (vulnerabilities, exploits, bugs), common attackers just need one workable tiny hole to worm through to be able to compromise a full network/website and do their evil deeds. Just had a discussion to-day with some technical IT people and they confirmed what I post here.

As I experience from my daily cold reconnaissance scanning the situation is that critical, that something needs to be done (education, secure coding, secure configuration etc. etc.). Protocols and platforms are introduced before they have been properly secured and are invariably rather insecure (virtual insecure code, features over security, user friendliness that creates security issues).

For instance we make the transition to https only while the configuration and settings are basically insecure - loads of website still with a log-in where log-in data go over the wire in plain txt, no security headers implemented.

polonus (volunteer website security analyst and website error-hunter)

polonus · « **Reply #3869 on:** July 07, 2015, 02:14:56 PM »

Pre-patch announcement for Openssl: https://mta.openssl.org/pipermail/openssl-announce/2015-July/000037.html
Curious whether LibreSSL was more secure in these respects

polonus