SECURITY WARNINGS & Notices - Please post them here

[Para-Noid]

Russian Gang Amasses Over a Billion Internet Passwords

http://www.nytimes.com/2014/08/06/technology/russian-gang-said-to-amass-more-than-a-billion-stolen-internet-credentials.html?hp&action=click&pgtype=Homepage&version=LedeSum&module=first-column-region%C2%AEion=top-news&WT.nav=top-news&_r=0

More from CNN here http://money.cnn.com/2014/08/05/technology/security/russian-hackers-theft/index.html?hpt=hp_t1

[polonus]

Isn't it time to change your password whenever you visited one of these 420.000  sites, hacked via SQL injection flaws?
Read: http://www.holdsecurity.com/news/cybervor-breach/

polonus

[polonus]

Don't just trust any link on your smartphone: http://securelist.com/blog/virus-watch/65459/android-worm-on-chinese-valentines-day/
link article author = Securelist's Vigi Zhang.

polonus

[merckxist]

Isn't it time to change your password whenever you visited one of these 420.000  sites, hacked via SQL injection flaws?
Read: http://www.holdsecurity.com/news/cybervor-breach/

polonus

Since Hold Security isn't identifying the exploited sites so we know where its now safe to change a password (non-disclosure is such a convenient CYA mechanism), might we rely on AOS to check for "SQL injection flaws" before it puts that green check mark next to a site name?

[DavidR]

Isn't it time to change your password whenever you visited one of these 420.000  sites, hacked via SQL injection flaws?
Read: http://www.holdsecurity.com/news/cybervor-breach/

polonus

Since Hold Security isn't identifying the exploited sites so we know where its now safe to change a password (non-disclosure is such a convenient CYA mechanism), might we rely on AOS to check for "SQL injection flaws" before it puts that green check mark next to a site name?

Since SQL injection is outside of what AOS is actually monitoring, it isn't checking page content (script injection, etc.) as such, then No it won't. Adding 420,000 + sites to a list (like the known malicious sites) for checking it likely to impact on browsing.

The web shield is more likely to detect SQL injection as that is looking at source code, etc. Presumably this SQL injection would probably take you to (or run code on) another site. This is the sort of thing that the web shield is looking at.

[polonus]

Hi merckxist,

Apart from the SQL threat, considering the overall website security situation of sites on the Interwebs to-day -
it is a good policy to change passwords once in a while over time.
Once bitten  twice shy, ( where I point at what happened to these support forums recently)
Your reaction shows that you are fully aware of the present password security situation.

polonus

P.S.
DavidR and I are using script blocking on sites (e.g. No Script) as a good form of protection against third party threats.

[Pondus]

Researchers release CryptoLocker decryption tool
https://www.virusbtn.com/blog/2014/08_06.xml

https://forum.avast.com/index.php?topic=153229.0

[Asyn]

WordPress 3.9.2 Security Release
http://wordpress.org/news/2014/08/wordpress-3-9-2/

[polonus]

Google will give a better ranking to https sites over http sites.
This as a security priority. Or is this security through obscurity measure?
So it will be high time av scanners could scan within SSL sites now.
Read on the Google Blog: http://googleonlinesecurity.blogspot.ca/2014/08/https-as-ranking-signal_6.html

polonus

[Pondus]

IE plays security catch-up, will block outdated Java plug-ins
http://www.computerworld.com/s/article/9250209/IE_plays_security_catch_up_will_block_outdated_Java_plug_ins?taxonomyId=85

[Pondus]

Windows 8.1 biz users face patch freeze as Microsoft sets critical updates
http://www.computerworld.com/s/article/9250240/Windows_8.1_biz_users_face_patch_freeze_as_Microsoft_sets_critical_updates?taxonomyId=85

[polonus]

Cybercrime only costs a fraction of the damage it does.


polonus

[Asyn]

Microsoft Security Bulletin Advance Notification for August 2014
https://technet.microsoft.com/library/security/ms14-aug

[polonus]

Is your neighbor's cat gone a-wardriving, is this a normal flea band or one going to break into your WiFi router?
Read: https://defcon.org/html/defcon-22/dc-22-speakers.html#Bransfield  Gene Bransfieldlink article author =
What is out there on the hot tin roof?

pol

[REDACTED]

Does Avast fix or remove Powelik?