Author Topic: SECURITY WARNINGS & Notices - Please post them here (Read 2904662 times)

polonus · « **Reply #4350 on:** December 21, 2015, 12:35:55 PM »

Webmasters, website admins and hosters should from time to time feel the pulse of their DNS health, like here at DNS Inspect: http://www.dnsinspect.com/
With a lot of issues this produces information to better target misconfigurations and reports for hosters etc. to cure where issues could occur or already have materialized.
The dark side of malcreants does not leave a chance pass to be able to cooperate to better be able to abuse. The good side's analysts and researchers often fail to spread such info and rather sit on their expertise or often have their hands bound on their backs by ignoring and restrictive management. Even some cold reconnaissance scannings of sorts could get them into problems if they haven't achieved explicit written permission to perform these. If we all do not change this, we will never get away from the situation at hand where the dark forces always will have the better of us all.

polonus (volunteer website security analyst and website error hunter)

Secondmineboy · « **Reply #4351 on:** December 21, 2015, 12:45:06 PM »

Quote from: polonus on December 21, 2015, 12:35:55 PM

Webmasters, website admins and hosters should from time to time feel the pulse of their DNS health, like here at DNS Inspect: http://www.dnsinspect.com/
With a lot of issues this produces information to better target misconfigurations and reports for hosters etc. to cure where issues could occur or already have materialized.
The dark side of malcreants does not leave a chance pass to be able to cooperate to better be able to abuse. The good side's analysts and researchers often fail to spread such info and rather sit on their expertise or often have their hands bound on their backs by ignoring and restrictive management. Even some cold reconnaissance scannings of sorts could get them into problems if they haven't achieved explicit written permission to perform these. If we all do not change this, we will never get away from the situation at hand where the dark forces always will have the better of us all.

polonus (volunteer website security analyst and website error hunter)

Pretty good Avast: http://www.dnsinspect.com/avast.com/1450698276

bob3160 · « **Reply #4352 on:** December 21, 2015, 02:53:48 PM »

Quote from: Steven Winderlich on December 21, 2015, 12:45:06 PM

Quote from: polonus on December 21, 2015, 12:35:55 PM
Webmasters, website admins and hosters should from time to time feel the pulse of their DNS health, like here at DNS Inspect: http://www.dnsinspect.com/
With a lot of issues this produces information to better target misconfigurations and reports for hosters etc. to cure where issues could occur or already have materialized.
The dark side of malcreants does not leave a chance pass to be able to cooperate to better be able to abuse. The good side's analysts and researchers often fail to spread such info and rather sit on their expertise or often have their hands bound on their backs by ignoring and restrictive management. Even some cold reconnaissance scannings of sorts could get them into problems if they haven't achieved explicit written permission to perform these. If we all do not change this, we will never get away from the situation at hand where the dark forces always will have the better of us all.

polonus (volunteer website security analyst and website error hunter)

Pretty good Avast: http://www.dnsinspect.com/avast.com/1450698276

Getting a good report is pretty easy.

http://www.dnsinspect.com/bob3160.com/1450705872

polonus · « **Reply #4353 on:** December 21, 2015, 10:28:13 PM »

Website Status 451, website cannot be visited because legally restricted. When the code is not shown it could be government censorship that one tries to hide (policor (social) media censorship etc. etc.) Another issue to reckon with on the free Interwebs.
Read about this new http statuscode: https://datatracker.ietf.org/doc/draft-ietf-httpbis-legally-restricted-status/
Why it was brought in, read: https://www.mnot.net/blog/2015/12/18/451

polonus

polonus · « **Reply #4354 on:** December 22, 2015, 07:30:09 AM »

Consumers should act against Big Data Slurpers: https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/big-data-protection/at_download/fullReport = ENISA's good practice in information security report.
Big Data Analytics means a big privacy risk. Only after Big Data Breaches anyone stirs a finger or rather all goes on as usual.
The general public is not aware of the privacy risks involved while growing dependant on using this Big Data Slurping Tools like PSM services. (Private Social Media, a contradictio in terminis).

polonus

polonus · « **Reply #4355 on:** December 22, 2015, 07:35:35 AM »

Some would not like such a policy and/or rather choose another vendor: http://www.ctvnews.ca/business/blackberry-ceo-it-s-a-social-responsibility-to-give-police-data-in-some-cases-1.2707179

polonus

Asyn · « **Reply #4356 on:** December 22, 2015, 11:44:06 AM »

Joomla! - [20151206] - Core - Session Hardening
https://developer.joomla.org/security-centre/639-20151206-core-session-hardening.html
-> https://www.joomla.org/announcements/release-news/5643-joomla-3-4-7.html

bob3160 · « **Reply #4357 on:** December 22, 2015, 03:35:02 PM »

Quote from: polonus on December 22, 2015, 07:35:35 AM

Some would not like such a policy and/or rather choose another vendor: http://www.ctvnews.ca/business/blackberry-ceo-it-s-a-social-responsibility-to-give-police-data-in-some-cases-1.2707179

polonus

No at any cost isn't always the wises choice. Yes without a just cause is just as incorrect. (IMHO)

polonus · « **Reply #4358 on:** December 22, 2015, 11:09:19 PM »

Hi bob3160,

Well software management cannot take the seat of a judge, as a software vendor cannot discriminate until a subject has been found guilty.
So who is to decide here that the police should get such data and on what grounds? You cannot take the law into their own hands.
Well at least not in Europe. Well and it also will backfire, a vendor that starts to do these kind of things will be left with no unique selling point left.

polonus

polonus · « **Reply #4359 on:** December 22, 2015, 11:13:20 PM »

Just like Google now Yahoo also to use users of suspected state-sponsored actor's attack:
https://yahoo-security.tumblr.com/post/135674131435/notifying-our-users-of-attacks-by-suspected

polonus

Para-Noid · « **Reply #4360 on:** December 24, 2015, 03:29:48 PM »

Angler EK Drops TeslaCrypt Via Recent Flash Exploit

https://blog.malwarebytes.org/exploits-2/2015/12/angler-ek-drops-ransomware-newexploit/?utm_source=gplus&utm_medium=social

HSBC Phish: “Your account is currently locked!”

https://blog.malwarebytes.org/fraud-scam/2015/12/hsbc-phish-your-account-is-currently-locked/?utm_source=gplus&utm_medium=social

polonus · « **Reply #4361 on:** December 25, 2015, 12:55:13 PM »

Very agressive adware disbles safebrowsing: https://blog.malwarebytes.org/online-security/2015/12/mintcast-pups-disable-safebrowsing-settings-in-firefox/

pol

polonus · « **Reply #4362 on:** December 25, 2015, 01:18:27 PM »

Kicking in of an open door sort of an existing correlation between botnet activity and file sharing activity : https://blog.bitsighttech.com/bitsight-insights-peer-to-peer-peril

pol

Asyn · « **Reply #4363 on:** December 25, 2015, 06:27:40 PM »

Hyatt Notifies Customers Of Malware Activity
http://newsroom.hyatt.com/news-releases?item=123450

Para-Noid · « **Reply #4364 on:** December 28, 2015, 04:11:00 PM »

How does anti-malware work?

https://www.malwarebytes.org/articles/how-does-anti-malware-work/?utm_source=gplus&utm_medium=social

THE TOP THREE ONLINE SECURITY MENACES YOU SHOULD WORRY ABOUT IN 2016

http://www.fastcompany.com/3054760/elasticity/the-top-three-online-security-menaces-you-should-worry-about-in-2016

Here's how to dispose, recycle or trade in your old laptop

http://mashable.com/2015/12/26/laptop-recycling/?utm_cid=mash-com-Tw-tech-link%23sd613jsnjlqd#Dp_QpwUmlqqu

Author Topic: SECURITY WARNINGS & Notices - Please post them here (Read 2904662 times)

polonus

Re: SECURITY WARNINGS & Notices - Please post them here

Secondmineboy

Re: SECURITY WARNINGS & Notices - Please post them here

bob3160

Re: SECURITY WARNINGS & Notices - Please post them here

polonus

Re: SECURITY WARNINGS & Notices - Please post them here

polonus

Re: SECURITY WARNINGS & Notices - Please post them here

polonus

Re: SECURITY WARNINGS & Notices - Please post them here

Asyn

Re: SECURITY WARNINGS & Notices - Please post them here

bob3160

Re: SECURITY WARNINGS & Notices - Please post them here

polonus

Re: SECURITY WARNINGS & Notices - Please post them here

polonus

Re: SECURITY WARNINGS & Notices - Please post them here

Para-Noid

Re: SECURITY WARNINGS & Notices - Please post them here

polonus

Re: SECURITY WARNINGS & Notices - Please post them here

polonus

Re: SECURITY WARNINGS & Notices - Please post them here

Asyn

Re: SECURITY WARNINGS & Notices - Please post them here

Para-Noid

Re: SECURITY WARNINGS & Notices - Please post them here