Author Topic: SECURITY WARNINGS & Notices - Please post them here (Read 2922870 times)

polonus · « **Reply #4500 on:** February 20, 2016, 06:49:11 PM »

More and more adblocker nag screens being brought in during recent days here in the Netherlands.
Saw more and more messages pop-up that go something like the quote I give as an example.
I completely adblock solely because of security reasons and keep blocking because so far no one could convince me of the fact I will no longer be bothered by malicious ads or being exposed to adware. Now I have to look at nag screens like this for instance:

Quote

Dear visitor,

We noticed you use an adblocker so you can no longer see ads on website whatsever serving ads dot com. We think this is a pity, because you will have free access to this site also because of the ads we show. Will you exclude our website by whitelisiting our website?

Well this is not completely true because they will earn from my browser history, my ID tracking, my fingerprinting, my profiling, my cookies, so a thousand other ways than just the ads I block.
Why this conserted action then against adblocking? Why not try to take away the need for adblocking, so no more blackhat SEO redirects, no more fraudulent ad clicks, no more infestive malicious ads, no more browser hijacking. When earnest, upright and secure ads could be guaranteed I would be the first to hand in my ad- and script blocker, but inside the existing malcoded jungle I would not give up one of the last resorts to defend myself that I have got left.

polonus

polonus · « **Reply #4501 on:** February 21, 2016, 02:43:00 PM »

Linux Mint iso's hacked and backdoored Linux Mint 17.3 Cinnamon Edition links were uploaded : https://twitter.com/Linux_Mint/status/701222478178340864
and it goes further unto darkweb: https://twitter.com/ydklijnsma/status/701331196769394688
The hacked ISOs are hosted on 5.104.175.212 and the backdoor connects to absentvodka.com
And linux-mint was not even aware while they were being hacked twice.
The hackers allegedly abused WordPress and poor polonus and others,
here in "the virus and worms", warn about WordPress insecurity all of the time,
so all our efforts to make CMS less insecure until now are completely in vain
-WordPress insecurity continues grand time....

polonus

P.S. Why they did not check

: s https://help.ubuntu.com/community/VerifyIsoHowto.

D

polonus · « **Reply #4502 on:** February 21, 2016, 11:02:38 PM »

Look here: https://forum.avast.com/index.php?topic=127517.msg1294527#msg1294527
Another example of the fact that the majority of WordPress websites and websites with jQuery libraries have outdated and retirable or left code, have insecure configurations and form a daily threat to all users that visit such sites.
Many of these websites have become infested, compromised, hacked and defaced. And nobody outside a couple of forum users like our friends Pondus, Asyn, Eddy, others and little old me give this any attention.
......And of course Avast Team that does all in it's capacity to keep us out of harm's way......

polonus

polonus · « **Reply #4503 on:** February 22, 2016, 03:16:42 PM »

The implications from weak WordPress security and weak signatures for the Backdoored Linux distribution threat are now obvious.
Re: https://securelist.com/blog/incidents/73893/beware-of-backdoored-linux-mint-isos/ link article author = Stefan Ortloff
Also forum hacks seems to get more popularity as the Linux Munt Blog Forum was also hacked by the cybercriminal.

There should be more attention given to website security in general and folks that put users at risk knowingly, should be held responsible.
Now everybody just shrug their shoulders and continue as usual, often recklessly and utterly unconcerned of what happened. There is just quick money to cash and insecurity is not our main concern, when trapped we move elsewhere. Often sociopaths operate in such ways. Utterly irresponsible behavior sets them out and these characters often populate just the very regions where the decisions are being made and they are often very successful in the bliss of their total ignorance.

polonus

bob3160 · « **Reply #4504 on:** February 22, 2016, 09:08:13 PM »

Block details
Your IP: xx.xxx.xx.xxx
URL: hxxps://sitecheck.sucuri.net/results/j10futbol.us/plugins/interoffice.php
Your Browser: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.54 Safari/537.36
Block ID: BAK024
Block reason: Access to a backdoor or suspected location was denied.
Time: Mon, 22 Feb 2016 14:59:44 -0500
Server ID: cp14007
It's a dangerous world out there......

polonus · « **Reply #4505 on:** February 22, 2016, 11:21:30 PM »

Well Google Safebrowsing is getting better and better at alerting. Probably would have had notification of others as well, Bitdefender TrafficLight, as MBAM blocks links there to: -magicorganicmarket.ru and -medicalfirstmall.xyz
see: -https://urlquery.net/report.php?id=1456179224812 (I broke all the links for those that would get alerts1).

And when too much of the code (without payload) is shown inside a scan result, you'd get alerts. Avast Webshield does the same and also whenever there is a slight chance it is real malcode or not. Better safe than sorry, is the message here.

Look here why it is detected: -http://www.isithacked.com/check/http%3A%2F%2Fj10futbol.us%2Fplugins%2Finteroffice.php

There is a difference of 833 bytes between the version of the page you serve to Chrome and the version you serve to GoogleBot. This probably means some code is running on your site that's trying to hide from browsers but make Google think there's something else on the page. Link might be dangerous, and we already knew this from the blacklisting.

greets,

pol

Para-Noid · « **Reply #4506 on:** February 23, 2016, 03:59:35 PM »

Security This Week: Employers Are Paying Data Firms to Predict Your Health Risks

http://www.wired.com/2016/02/security-this-week-employers-are-paying-data-firms-to-predict-your-health-risks/

essexboy · « **Reply #4507 on:** February 23, 2016, 04:56:20 PM »

Major Geeks delists comodo http://www.majorgeeks.com/news/story/comodo_internet_security_removed_from_majorgeeks_downloads.html

bob3160 · « **Reply #4508 on:** February 23, 2016, 05:08:04 PM »

Quote from: essexboy on February 23, 2016, 04:56:20 PM

Major Geeks delists comodo http://www.majorgeeks.com/news/story/comodo_internet_security_removed_from_majorgeeks_downloads.html

Major Geeks has been a favorite download site of mine for a long time. Unlike Download.com and quite a few others, they have always remained a free
and secure place to download programs without any of the trickery we've by now have had to learn to avoid.
My view on Comodo doesn't need to be expressed. Just ask Comodo's fearless leader.

Eddy · « **Reply #4509 on:** February 24, 2016, 02:18:58 PM »

Malware for mobile devices tripled last year.
https://securelist.com/analysis/kaspersky-security-bulletin/73839/mobile-malware-evolution-2015/

polonus · « **Reply #4510 on:** February 24, 2016, 04:29:37 PM »

Vulnerable shared Baidu development kit creates privacy issues and security leaks for Baidu-browser:
https://citizenlab.org/2016/02/privacy-security-issues-baidu-browser/

Again in this report we see the cooperation with "ClownFlare's halfbaked-SSL" negatively being reported:

Quote

In July 2014, Baidu formed a partnership with U.S.-based Internet traffic management company CloudFlare, creating a service that leverages Baidu’s Chinese data centres with CloudFlare’s traffic management services to increase traffic speeds across China’s border. The service, called Baidu Yunjiasu (百度云加速) or “Cloud acceleration,” is primarily targeted at businesses seeking to speed up the flow of traffic across China’s inefficient, censorship-heavy network. Part 2 of our analysis below describes a feature of Baidu Browser that proxies traffic to certain websites hosted outside of China to improve performance.

More important is it to mention the vulnerable apps using Baidu Analytics SDK:

ES File Explorer File Manager [com.estrongs.android.pop]
Photo Wonder-Collage Maker [cn.jingling.motu.photowonder]
Azar-Video Chat & Call, Messenger [com.azarlive.android]
ES Task Manager (Task Killer) [com.estrongs.android.taskmanager]
???PPS [tv.pps.mobile]
Meipai [com.meitu.meipaimv]

? [com.baidu.BaiduMap]

? [com.baidu.searchbox]
Well File Manager [com.fihtdc.filemanager]
SingPlay: Karaoke your MP3s [com.nexstreaming.app.singplay]
Kwai, the best short video App [com.smile.gifmaker]
Mydol (STAR LOCKSCREEN) [com.wacompany.mydol]
Speedometer GPS [luo.speedometergps]
ES App Locker [com.estrongs.locker]

??HD [com.qiyi.video.pad]

polonus

polonus · « **Reply #4511 on:** February 24, 2016, 06:19:50 PM »

340 apps on Google Play make you click porn-sites. Developer cat and mouse game - rather large game app fraud campaign: http://www.welivesecurity.com/2016/02/24/google-play-porn-clicker-true-large-scale-campaign/
Google makes a good effort to take such apps off immedeately,

Quote

but in this particular case, the bad guys still have the upper hand.

- Quote from the ESET article by Lukáš Štefanko.

polonus

polonus · « **Reply #4512 on:** February 25, 2016, 03:05:10 PM »

Critical: Drupal core should be patched: https://www.drupal.org/SA-CORE-2016-001
Mind you 2% of websites globally runs this CMS.

polonus

Asyn · « **Reply #4513 on:** February 25, 2016, 03:11:55 PM »

[openssl-announce] Forthcoming OpenSSL releases
https://mta.openssl.org/pipermail/openssl-announce/2016-February/000063.html

polonus · « **Reply #4514 on:** February 25, 2016, 07:17:13 PM »

WorldPay too late to mitigate weak encryption on BTA's:
Read: https://groups.google.com/forum/?_escaped_fragment_=topic/mozilla.dev.security.policy/RHBHXJOG8Io
Read: https://blog.mozilla.org/security/2016/02/24/payment-processors-still-using-weak-crypto/
link article author = Richard barnes.
Insecurity condoned where security matters most?

polonus