Author Topic: SECURITY WARNINGS & Notices - Please post them here  (Read 2861142 times)

0 Members and 4 Guests are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #3525 on: March 27, 2015, 02:42:19 PM »
Thirteen year old hole in RC4 encryption algorithm now coming back to haunt us.
30% of TLS  sessions still use it
: http://investors.imperva.com/phoenix.zhtml?c=247116&p=irol-newsArticle&ID=2028880
Read from TheGoodlookingNerd (info credits go there): http://securityg33k.blogspot.nl/2013/12/ssltls-use-of-weak-rc4-cipher.html
One could test here: https://www.ssllabs.com/ssltest/analyze.html?d=
When you see RC4   Yes   WEAK (more info) there is danger.

pol
« Last Edit: March 27, 2015, 03:05:18 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6700
  • Trust only what you test yourself!
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #3527 on: March 27, 2015, 05:04:29 PM »
Almost no website is updating their existing JSQuery version. I have  installed the DetectJQuery user script in Google Chrome via my Tampermonkey extension and it alerts for JQuery and the respective installed JQuery version when JQuery is detected to run on a particular website I visit with the Chrome browser. Folks, the average results can be termed as shocking - JQuery version is often the version installed at website creation, sometimes so obsolete and also often also that vulnerable (to script injection and XSS exploits). Read about another researcher that found out about this unholy security situation in January 2014 (and let me tell you the overall situation has not changed much): http://erlend.oftedal.no/blog/?blogid=140
I alerted for the consequences of this situation here: https://forum.avast.com/index.php?topic=168633.0

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #3528 on: March 27, 2015, 10:41:53 PM »
Ad-fraud malware hijacks router - inject ads via google analytics:
http://aralabs.com/blog/2015/03/25/ad-fraud-malware-hijacks-router-dns-injects-ads-via-google-analytics/

link article author = Sergei Frankoff

You could test whether you are vulnerable here: https://www.ismydnshijacked.com/
courtesy of F-Secure

D
« Last Edit: March 27, 2015, 10:47:52 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6700
  • Trust only what you test yourself!
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #3529 on: March 27, 2015, 10:52:52 PM »
Ad-fraud malware hijacks router - inject ads via google analytics:
http://aralabs.com/blog/2015/03/25/ad-fraud-malware-hijacks-router-dns-injects-ads-via-google-analytics/

link article author = Sergei Frankoff

You could test whether you are vulnerable here: https://www.ismydnshijacked.com/
courtesy of F-Secure

D

And that is why I have Ghostery set to block Google Analytics among others.
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #3530 on: March 27, 2015, 11:51:36 PM »
Hi Para-Noid,

And rightly so, these threats make more and more users seek to block trackers.
From my Tracker tracker results you could establish the constant flow of ad, analytic and widget tracking that goes on under the hood of the browser. Now when these are being hijacked by fraudulous cybercriminals and it is not blocked we're done for. You can paste website links and external links (up to a 100) here: https://tools.digitalmethods.net/beta/trackerTracker/  to get a report. See example attached.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6700
  • Trust only what you test yourself!
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #3531 on: March 28, 2015, 03:12:19 PM »
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #3532 on: March 30, 2015, 05:50:17 AM »
Windows: Local WebDAV NTLM Reflection Elevation of Privilege
https://code.google.com/p/google-security-research/issues/detail?id=222
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6700
  • Trust only what you test yourself!
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #3535 on: April 01, 2015, 06:43:47 PM »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #3536 on: April 01, 2015, 07:36:30 PM »
Google bans 192 ad-injecting extensions from the browser because of ad-injecting malvertising:
http://www.pcworld.com/article/2904852/google-cracks-down-on-adinjecting-chrome-extensions.html
also read: http://googleonlinesecurity.blogspot.ro/2015/03/out-with-unwanted-ad-injectors.html

polonus

They could do with starting looking at the stuff on the Google Play store ;D
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #3537 on: April 01, 2015, 07:37:12 PM »
They could also block developer mode being enable by the extensions as well

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #3538 on: April 01, 2015, 09:50:59 PM »
Yes, essexboy, they use Programmatic Injection 
Quote
chrome.tabs.executeScript(null, {file: "content_script.js"});
-> https://developer.chrome.com/extensions/content_scripts

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6700
  • Trust only what you test yourself!
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.