Author Topic: SECURITY WARNINGS & Notices - Please post them here (Read 3083817 times)

Asyn · « **Reply #4920 on:** November 10, 2016, 08:08:52 AM »

Microsoft Security Bulletin Summary for November 2016
https://technet.microsoft.com/library/security/ms16-nov

Eddy · « **Reply #4921 on:** November 10, 2016, 09:10:51 AM »

Protecting users from repeatedly dangerous sites
https://security.googleblog.com/2016/11/protecting-users-from-repeatedly_8.html

I hope they also will maintain something like a "3 strikes and you are out" policy or..
first offend - 1 month out
second offend - 3 months out
third offend - out for ever

Be Secure · « **Reply #4922 on:** November 10, 2016, 02:04:32 PM »

Antivirus Fails to Stop Ransomware 100% of the Time
http://www.infosecurity-magazine.com/news/antivirus-fails-to-stop-ransomware/

Asyn · « **Reply #4923 on:** November 11, 2016, 02:51:54 PM »

OpenSSL Security Advisory [10 Nov 2016]
https://www.openssl.org/news/secadv/20161110.txt

polonus · « **Reply #4924 on:** November 13, 2016, 03:33:45 PM »

Is facebook rewarding cybercriminals here?:
Facebook buys black market passwords to keep your account safe
https://www.cnet.com/news/facebook-chief-security-officer-alex-stamos-web-summit-lisbon-hackers/

polonus

polonus · « **Reply #4925 on:** November 14, 2016, 02:40:18 PM »

Data breach on 421 million users:
https://www.leakedsource.com/blog/friendfinder
making this the largest hack of 2016.
The password 123456 brought 900.000 hits,
and so is the most popular and most insecure password of the planet.

Your security out of the window before you can count to ten

polonus

bob3160 · « **Reply #4926 on:** November 14, 2016, 02:46:43 PM »

It's always nice when you see a massive breach like this and know you aren't in any way effected.

polonus · « **Reply #4927 on:** November 14, 2016, 10:40:35 PM »

Threats on smartdevices mapped out for you.

Quote

'In order to fully address the inherent threats of mobile devices, a wider view of the mobile ecosystem is necessary. This repository contains the Mobile Threat Catalogue, which describes, identifies, and structures the threats posed to mobile information systems. Readers of the catalogue will notice there are gaps; some threats are not tied to a documented source or lack countermeasures, and other threats not identified here may exist. The National Cybersecurity Center of Excellence (NCCoE) seeks comment on current mobile threats addressed in the Catalogue as well as ideas for additional threats to add...........'

See: https://pages.nist.gov/mobile-threat-catalogue/

info link credits go to: cowboysec.

My advice to mitigate would be : https://daplie.github.io/browser-authenticator/ & https://www.authy.com/app/mobile/

polonus

polonus · « **Reply #4928 on:** November 15, 2016, 10:57:08 PM »

700 million mobile phones may have phoned home to Shanghai: http://www.prnewswire.com/news-releases/kryptowire-discovered-mobile-phone-firmware-that-transmitted-personally-identifiable-information-pii-without-user-consent-or-disclosure-300362844.html

pol

P.S. Funny as there is nothing here: http://toolbar.netcraft.com/site_report?url=http://bigdata.adups.com
Just the index default page and this for all the addresses Kryptowire discusses. Just the welcome to nginx/1.8.0. (port 80 (with a 404) and 443 only)

Is this some demonizing?
Certification for adups dot com - Root installed on the server. Global Trust CA & Rapid SSL256 -CA -G3
For best practices, remove the self-signed root from the server.
Registrar - Alibaba Group China aka Bo Zhang Store.

D

bob3160 · « **Reply #4929 on:** November 16, 2016, 09:40:12 PM »

http://blog.pch.com/blog/2013/04/05/5-ways-to-know-if-its-a-publishers-clearing-house-scam/

I just received one of these phone calls here in New Mexico. So the scammers are out there. Don't send any money and,
Sorry you're not a winner. You will be a big looser if you fall for this.

Be Secure · « **Reply #4930 on:** November 18, 2016, 04:57:24 AM »

Locky Ransomware being Distributed through Fake Flash Player Update Sites
http://www.bleepingcomputer.com/news/security/locky-ransomware-being-distributed-through-fake-flash-player-update-sites/

Pondus · « **Reply #4931 on:** November 19, 2016, 01:39:29 PM »

Billion-Dollar Scams: The Numbers Behind Business Email Compromise
http://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/billion-dollar-scams-the-numbers-behind-business-email-compromise

polonus · « **Reply #4932 on:** November 21, 2016, 03:05:24 PM »

Why Ghostery facilitates Google's profiling to be more profound?

Using Ghostery extension will enable Google to even better and more uniquely profiling you,
combining your use of the extension and other tracking and fingerprinting vectors.
Bad for the over one million users of the extension.

Check your browser here: https://panopticlick.eff.org/

You wanna read on this fingerprinting with Ghostery,
go to : https://blog.securitee.org/?p=277

A better extension to use is Tracker SSL telling you where,
insecure IDs tracking continues on "secure" SSL-websites.

Think that extensions are only tolerated in Google's Webshop,
when they do not interfere with Google's main income flow (ads and data-selling)

Firefox also does not much towards better end-user privacy,
despite of the fact they have all it takes under the hood in about:config.

Could it be they won't loose Google sponsoring their browser?

Check your factial tracking on certain websites here and you might feel shocked about the results:
https://tools.digitalmethods.net/beta/trackerTracker/

polonus

DavidR · « **Reply #4933 on:** November 21, 2016, 03:23:34 PM »

Quote from: polonus on November 21, 2016, 03:05:24 PM

Why Ghostery facilitates Google's profiling to be more profound?

Using Ghostery extension will enable Google to even better and more uniquely profiling you,
combining your use of the extension and other tracking and fingerprinting vectors.
Bad for the over one million users of the extension.
<snip>

I tried Ghostery a long time ago when it first came out (and I think you were promoting it), I never really liked it as it conflicted with one of my other add-ons. I preferred to stick with my security add-ons NoScript and RequestPolicy. Cookie Monster is another handy add-on to control cookies.

The main issue with some of these so called security add-ons is they require a degree of user management and that puts off many users.

So looks like I dodged that bullet.

polonus · « **Reply #4934 on:** November 21, 2016, 11:06:06 PM »

A lot ado about loosing the last remnants of our privacy.

Two new browsers with privacy at heart launched recently.
(We of course all know and have Avast SafeZone browser on the desktop).

New promising concepts are Firefox Focus versus Blaze.

Allthough the CEO at Blaze is being criticized for his Christian fundamental constitutional views,
he still is the inventor of Javascript and i.m.h.o. did a fine job on Blaze (Win64).
For Android I like his Blaze LinkBubble app.

The only "?" for such browsers is you cannot choose a privacy friendly search engine,
that forms a good alternative to google,
which search engine again turns the browser in one big ongoing tracking and profiling machine.

With Google it is like the Eagles sang: "You can check in but never leave".

polonus