Author Topic: SECURITY WARNINGS & Notices - Please post them here (Read 2881245 times)

polonus · « **Reply #4275 on:** November 23, 2015, 02:19:19 PM »

Dell Laptop self-signed root certificate phishiness?
Read: https://twitter.com/rotorcowboy/status/668485780038287360
Read: http://joenord.blogspot.com/2015/11/new-dell-computer-comes-with-edellroot.html
Dell will comment on this later to-day. Lenovo seems no longer alone

polonus

polonus · « **Reply #4276 on:** November 23, 2015, 02:39:45 PM »

Malvertising pays, while Google and Yahoo are looking away
Another reason to never visit the Interwebs without a decent adblocker.
Read from article author , Alexander J Martin: http://www.theregister.co.uk/2015/11/23/liability_chain_malvertising_advertising/

polonus

polonus · « **Reply #4277 on:** November 23, 2015, 06:27:12 PM »

Vonteera Adware BHO uses certificates to disable Anti-Malware: https://blog.malwarebytes.org/security-threat/2015/11/vonteera-adware-uses-certificates-to-disable-anti-malware/
Also AVAST Software a.s. certificate is being dropped as "Untrusted Certificate". It puts Google Chrome in silent “superpower” policy mode, together with opening a whole range of attack vectors. This adware has certainly stepped the line for us and could be termed as "a malcoded pest".

polonus

Para-Noid · « **Reply #4278 on:** November 23, 2015, 07:52:51 PM »

Vonteera Adware Uses Certificates to Disable Anti-Malware

https://blog.malwarebytes.org/security-threat/2015/11/vonteera-adware-uses-certificates-to-disable-anti-malware/?utm_source=Gplus&utm_medium=sociala

Catching Up With The ‘EITest’ Compromise, A Year Later

https://blog.malwarebytes.org/hacking-2/2015/11/catching-up-with-the-eitest-compromise-a-year-later/?utm_source=Gplus&utm_medium=social

polonus · « **Reply #4279 on:** November 23, 2015, 11:48:20 PM »

Test for the bad dell certificate here: https://edell.tlsfun.de/

pol

bob3160 · « **Reply #4280 on:** November 24, 2015, 12:10:05 AM »

Quote from: polonus on November 23, 2015, 11:48:20 PM

Test for the bad dell certificate here: https://edell.tlsfun.de/

pol

I have a Dell Inspiron 17 5000 Series.

So why is this coming up clean and why is he recommending changing over to Linux

polonus · « **Reply #4281 on:** November 24, 2015, 12:33:39 AM »

You do not have to worry, dear bob3160, when yours would have been ill-flagged,
you would have seen this: https://twitter.com/markloman/status/668842464913006592

It says at the bottom: Alternatively you can install Linux and delete Windows.
This is not what you should do, and maybe only someone like FreeWheelinFrank would advise such a measure,
as he is a Linux fan

So do not hold this against me, I did not make up that "edellweiss" root certificate test

At least -midnight felt rather relieved her Dell machine came up clean.

Damian

bob3160 · « **Reply #4282 on:** November 24, 2015, 01:48:25 AM »

Quote from: polonus on November 24, 2015, 12:33:39 AM

You do not have to worry, dear bob3160, when yours would have been ill-flagged,
you would have seen this: https://twitter.com/markloman/status/668842464913006592

It says at the bottom: Alternatively you can install Linux and delete Windows.
This is not what you should do, and maybe only someone like FreeWheelinFrank would advise such a measure,
as he is a Linux fan So do not hold this against me, I did not make up that "edellweiss" root certificate test
At least -midnight felt rather relieved her Dell machine came up clean.

Damian

Sounds like someone with an alternate agenda did.

polonus · « **Reply #4283 on:** November 24, 2015, 01:35:26 PM »

Instructions for all those that may have the dangerous Dell certificate of how to get rid of it:
https://dellupdater.dell.com/Downloads/APP009/eDellRootCertRemovalInstructions.docx

All new systems out will come without it now, according to Dell.

polonus

polonus · « **Reply #4284 on:** November 24, 2015, 01:40:24 PM »

Partners in Crime delivered FUD scan services to go under the anti-virus radar....
http://www.nationalcrimeagency.gov.uk/news/749-cyber-crime-partnership-results-in-two-arrests

P.S. FUD stands for Fully Un Detectable....

pol

Lisandro · « **Reply #4285 on:** November 24, 2015, 04:17:00 PM »

At least some Dell laptops are shipping with a trusted root certificate authority pre-installed, something that those who discovered the CA are comparing to the Superfish adware installed on Lenovo machines that left them open to man-in the-middle attacks.

“Note: Dell created their #eDellRoot certificate six months after Lenovo's Superfish scandal hit the news. No lessons learned.”

http://www.networkworld.com/article/3007811/security/dell-computers-shipping-with-potentially-dangerous-root-certificate-authority.html

polonus · « **Reply #4286 on:** November 24, 2015, 09:56:03 PM »

More dell sloppiness: http://www.laptopmag.com/articles/dell-certificate-security-flaw
Read: The root CA cert has the name "DSDTestProvider" -> http://www.kb.cert.org/vuls/id/925497

polonus

polonus · « **Reply #4287 on:** November 24, 2015, 10:56:03 PM »

Reckon 'the alledged backdoor talks with industry" we hear about, were somehow rather successful, and once in a while we stumble on one or two. We gonna hear more of this...

polonus

polonus · « **Reply #4288 on:** November 24, 2015, 11:38:52 PM »

On many, many, many scans for vulnerable website code I come across this library that should be retired, because vulnerable.
It is jquery - 1.7.1 : (active1) -https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
See why here: http://domstorm.skepticfx.com/modules?id=529bbe6e125fac0000000003
Also read here about jQuery security over https: http://security.stackexchange.com/questions/11278/javascript-and-jquery-not-secure-over-https

polonus

polonus · « **Reply #4289 on:** November 25, 2015, 12:18:42 PM »

Here some reasons why one should let Google host your jQuery for you: http://encosia.com/3-reasons-why-you-should-let-google-host-jquery-for-you/ link article author = Dave Ward.
A list of vulnerable jQuery Versions: http://domstorm.skepticfx.com/modules?id=529bbe6e125fac0000000003
Test: http://domstorm.skepticfx.com/modules/run?id=529bbe6e125fac0000000003
This is no guarantee however as the link site given above has a vulnerable library itself as analyzed this was:
-http://encosia.com/
Detected libraries:
jquery - 1.9.1 : -http://encosia.com/blog/wp-content/themes/encosia/js/vendor/jquery-1.9.1.min.js
jquery - 1.11.3 : (active1) -http://encosia.com/
jquery-migrate - 1.2.1 : -http://encosia.com/blog/wp-includes/js/jquery/jquery-migrate.min.js?ver=b2ee832f4b422db251d428d07d4b1c67
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
(active) - the library was also found to be active by running code
1 vulnerable library detected Word Press configuration at mentioned site seems OK.
I check sites with Detect jQuery
// @namespace http://www.top-info.de/thein
// @description Detect jQuery on every page
This runs in Google Chrome via tampermonkey extention!
Appspector extension also give this info for every page you visit.

polonus