SECURITY WARNINGS & Notices - Please post them here

[REDACTED]

Top result on Google for the phrase "avast online scan" shows this site:
http://www.getavast.net/support/online-scanner
Everything there screams SCAM to me.
Especially if you wcrool to the bottom where they write:
"Please note we are not an official AVAST website – that you can find at www.avast.com."
Funny thing is, the link for "www.avast.com" leads to "http://send.onenetworkdirect.net/z/25497/CD185233/"

[polonus]

Malware hides via Microsoft's Downloadservice BITS: http://community.websense.com/blogs/securitylabs/archive/2015/01/29/new-f0xy-malware-employs-cunning-stealth-amp-trickery.aspx

polonus

[Para-Noid]

The Password And You

https://blog.malwarebytes.org/online-security/2015/01/the-password-and-you/?utm_source=Gplus&utm_medium=social

[polonus]

@SnowmanDK,

Site has a  Moderate Risk status at BrightCloud, rep index yellow 60.
Not flagged here: http://www.scamvoid.com/check/getavast.net
The registrant is Petr Novak -> http://whois.domaintools.com/getavast.net  Head of ICT at LMC s.r.o.
Interest in Avast for Mac: http://macforum.cz/viewtopic.php?f=1&t=833
See: https://plus.google.com/117953609589883546929/posts/aTMxPnVjVm2
See: http://www.dnsinspect.com/scamvoid.com/1422715097
hostname: p3nlhg340c1340.shr.prod.phx3.secureserver.net
External link to: https://www.virustotal.com/nl/domain/vassg141.ocsp.omniroot.com/information/
Vuln.: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.getavast.net%2Fxmlrpc.php

Script there found to be benign: http://jsunpack.jeek.org/?report=a97329c7fb69672803283a0bee6679a1718e82af

An avast-fan site, not affiliated with avast but not a rogue site either.

Site security OK: http://sitecheck.sucuri.net/results/www.getavast.net

polonus (volunteer website security analyst and website error-hunter)

[abruptum]

The Pirate Bay Is Back Online!

  http://torrentfreak.com/pirate-bay-back-online-150131/

  https://thepiratebay.se/

[polonus]

Hi abruptum,

Now hosted in the U.S. of A. by Cloudflare: http://toolbar.netcraft.com/site_report?url=https://thepiratebay.se/
SOA issues: http://dnscheck.pingdom.com/?domain=thepiratebay.se&timestamp=1422751579&view=1

pol

[Asyn]

Trend Micro Discovers New Adobe Flash Zero-Day Exploit Used in Malvertisements
http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-new-adobe-flash-zero-day-exploit-used-in-malvertisements/

[abruptum]

Trend Micro Discovers New Adobe Flash Zero-Day Exploit Used in Malvertisements
http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-new-adobe-flash-zero-day-exploit-used-in-malvertisements/

Again.
This is not funny anymore.

[polonus]

Protection via exyension against WEbRTC leaking VPN IP addresses: WebRTC block.
https://chrome.google.com/webstore/detail/webrtc-block/nphkkbaidamjmhfanlpblblcadhfbkdm?hl=en

polonus

[mchain]

Trend Micro Discovers New Adobe Flash Zero-Day Exploit Used in Malvertisements
http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-new-adobe-flash-zero-day-exploit-used-in-malvertisements/

Again.
This is not funny anymore.

Never was.

If running Firefox, click Menu (three bars upper right)>Addons>Plugins>Adobe Flash (Shockwave Flash 16.0.0.296) or other flash and select 'Ask to activate' so you can control when it runs.  One of the many reasons YouTube is now running HTML5 instead of flash.  Google Chrome:  https://support.google.com/chrome/answer/108086?hl=en

[Para-Noid]

Google Chrome update Spam drops CTB Locker/Critroni Ransomware

https://blog.malwarebytes.org/social-engineering/2015/02/google-chrome-update-spam-drops-ctb-lockercritroni-ransomware/?utm_source=Gplus&utm_medium=social

Money Mule Scam Siphons $214Mn Worldwide

http://www.infosecurity-magazine.com/news/money-mule-scam-siphons-214mn/

[Asyn]

Major Internet Explorer Vulnerability - NOT Patched
http://seclists.org/fulldisclosure/2015/Feb/0

[bob3160]

Major Internet Explorer Vulnerability - NOT Patched
http://seclists.org/fulldisclosure/2015/Feb/0

Pretty vague since it doesn't state if this is a vulnerability in a specific version or all versions of IE.

[polonus]

We live in the Golden Age for Total Surveillance: http://www.theguardian.com/technology/2015/feb/02/pgp-phil-zimmermann-intelligence-agencies-encryption  link article author Stuart Dredge

polonus

[bob3160]

We live in the Golden Age for Total Surveillance: http://www.theguardian.com/technology/2015/feb/02/pgp-phil-zimmermann-intelligence-agencies-encryption  link article author Stuart Dredge

polonus

This shouldn't come as a surprise to anyone has followed this forum for any length of time.
"There is no such thing as privacy"