SECURITY WARNINGS & Notices - Please post them here

[polonus]

Do not continue using Java 7: http://www.infoworld.com/article/2909685/application-development/oracle-cutting-publicly-available-security-fixes-for-java-7-this-month.html  link article author = Paul Krill.
Do not use Java when you do not need java, else update manually to Java 8.
Also consider the Ask toolbar that Java bundles, you might not like to have it on your OS!

polonus

[bob3160]

"Also consider the Ask toolbar that Java bundles, you might not like to have it on your OS!"
If you've got Unchecky installed, it will automatically uncheck the installation of the Ask Toolbar,
even if you happen to miss that nasty addition.

[Para-Noid]

Steam Introduce Limited User Accounts

https://blog.malwarebytes.org/online-security/2015/04/steam-introduce-limited-user-accounts/?utm_source=Gplus&utm_medium=social

TeslaCrypt: Video game Safety 101

https://blog.malwarebytes.org/security-threat/2015/04/teslacrypt-videogame-safety-101/?utm_source=Gplus&utm_medium=social

Moral of the story...Be careful on which games you play online, especially MMORPG's.

[abruptum]

Massive optional Microsoft Patch-Day Incoming

  http://www.ghacks.net/2015/04/21/massive-optional-microsoft-patch-day-incoming/

[Staticguy]

Good to see Avast! Antivirus Free doing well and coming in third place

http://www.expertreviews.co.uk/software/internet-security/1403106/kaspersky-and-norton-top-latest-home-security-tests

 

[Asyn]

Security Advisory: XSS Vulnerability Affecting Multiple WordPress Plugins
https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html

[Pondus]

Still Bleeding One Year Later—Heartbleed 2015 Research
https://www.venafi.com/blog/post/still-bleeding-one-year-laterheartbleed-2015-research

[Pondus]

Failed Apple Rootpipe Fix Leaves Backdoor On All Macs, Researchers Claim
http://www.forbes.com/sites/thomasbrewster/2015/04/19/apple-fails-to-patch-rootpipe/

1,500 iOS apps have HTTPS-crippling bug. Is one of them on your device?
http://arstechnica.com/security/2015/04/1500-ios-apps-have-https-crippling-bug-is-one-of-them-on-your-device/


and i thought Mac`s was fault free   

[polonus]

Implimenting HTTPS Everywhere will make malvertisers harder to detect.
Also read: https://threatpost.com/ad-networks-ripe-for-abuse-via-malvertising/111840

polonus

[bob3160]

Implimenting HTTPS Everywhere will make malvertisers harder to detect.
Also read: https://threatpost.com/ad-networks-ripe-for-abuse-via-malvertising/111840

polonus

I remember when HTTPS Everywhere was all the rage. (It wasn't that long ago either.....)

[DavidR]

Implimenting HTTPS Everywhere will make malvertisers harder to detect.
Also read: https://threatpost.com/ad-networks-ripe-for-abuse-via-malvertising/111840

polonus

I remember when HTTPS Everywhere was all the rage. (It wasn't that long ago either.....)

And I remember I was raging against its use

For a very short time I considered changing my position as avast now scans https content (but not on all OSes), but I'm still of the same position on forcing https. There are some areas where it can help combat 'man in the middle attacks,' but now see there are other compromising issues.

[polonus]

Hi bob3160 and DavidR,

Encryption is fine, but when there is malicious code and it comes in in an encrypted way and you can not scan or check this in advance. What then? And what you say, bob3160, what about https sites with plain txt log-ins. I see a lot of these still. A lot of implementation of https everywhere adopted sites is also weak - not to say rather insecure- , and so here we go again. What looks right at a first glance, should not always be so in practice.
Well, do you see the problem there? Moreover these malvertising campaigns, lately through an obscure Bulgarian domain, only lasts a couple of hours, but could make an awful lot of victim. A decent adblocker is a must nowadays.

polonus

[bob3160]

Hi bob3160 and DavidR,

Encryption is fine, but when there is malicious code and it comes in in an encrypted way and you can not scan or check this in advance. What then? And what you say, bob3160, what about https sites with plain txt log-ins. I see a lot of these still. A lot of implementation of https everywhere adopted sites is also weak - not to say rather insecure- , and so here we go again. What looks right at a first glance, should not always be so in practice.
Well, do you see the problem there? Moreover these malvertising campaigns, lately through an obscure Bulgarian domain, only lasts a couple of hours, but could make an awful lot of victim. A decent adblocker is a must nowadays.

polonus

I like David, always warned against using HTTPS Everywhere. I haven't changed my mind.

[polonus]

Hi bob3160,

US users come under special malvertisement threat during U.S. federal holidays and three-day weekends,
Malvertisers from other part of the world have calenders up to just pick these days.
Google removes hundreds of million bad ads, but of course always some will slip through.

polonus

[Para-Noid]

Please enlighten me, what's wrong with HTTPS Everywhere?