SECURITY WARNINGS & Notices - Please post them here

[bob3160]

@bob3160

Very interesting, but I do find the response by many companies "Vendor does not publicly document their requirement for SMB1."  That is pretty poor and almost an admission that they do use it, this certainly doesn't help the user protect their system. 

I would be seriously looking to get rid of any program that doesn't comment on their use of SMBv1, if they do, then their users systems could be at risk. If they don't use it (or use a later version of SMBv?) then their users aren't at risk, but should still disable SMBv1.

I'm happy to report that disabling SMB1 has not effected my new Epson ET-2650 printer.

[polonus]

Another vulnerable Word Press plug-in reported by Sucuri's:

https://blog.sucuri.net/2017/11/sql-injection-bbpress.html

Check Word Press here: https://hackertarget.com/wordpress-security-scan/
and via domxssscanner.com/scan

polonus (volunteer website security analyst and website error-hunter)

[polonus]

White House announces their new zero-day announcement policy.

What to announce and  publish, what to patch and what to keep secret to use by government services,
hopefully  unknown to other parties.

https://www.whitehouse.gov/blog/2017/11/15/improving-and-making-vulnerability-equities-process-transparent-right-thing-do

Mind that zero-day info proliferation is always bad and especially
when eventually all knowledge will land into the hands of oponents or criminals (cyberthreats).

No zero-days and full transparency and a full secure and safe infrastructure should be the ideal we are after,
but that is outside a real world situation and does not suit common big government's  AI surveillance demands.

polonus

[bob3160]

@ Damien,
https://forum.avast.com/index.php?topic=66267.msg1431062#msg1431062
Better late than never.

[polonus]

Agree with you there, bob3160, a form of wising up.

Damian

[polonus]

ftp://Torbrowser, scripts and compromittal of nodes.

When using tor-browser for legit purposes, you do not want your entry nodes compromised.
What to do when all your entry nodes are exclusively US or UK nodes for instance?

Well you could set these settings in your config

StrictNodes 1
ExcludeNodes {US}

Quote info credits go to: alexey vesnin

Those that do not read-in sufficiently on protocols and settings and the inner workings of a tool
will be a danger to themselves and others on tor.

Lack of proper knowledge is an endangering neglicence.

That is one of the reasons why a lot of dumb criminals do not find a legit job,
as they will get caught for not paying attention.

Tor developers learned from Operation Onymous for instance
where the basic protection of tor was being compromised,
when ten exit nodes were being taken down at once,
and in Miami and Amsterdam three servers were confiscated.

Tor developers like to understand as how to better protect through entry guard.

Not that they wanna frustrate taking down illegal or criminal servers,
but they wanna protect against compromise through dictatorial regimes against journalists,
that seek to protect their privacy through the use via tools like tails and tor.

Always true however: "Do not do the crime, if you cannot do the time!".

Stay away from tor whenever you can avoid it
and do not share with the Internet what you do not wanna share with others.

polonus

[polonus]

Pentagon leaks data through Amazon S3 buckets

Read: https://www.upguard.com/breaches/cloud-leak-centcom

Unless the fact that Amazon introduced new warning for leakage measures:
https://aws.amazon.com/blogs/aws/new-amazon-s3-encryption-security-features/

Good to read further here: https://blog.detectify.com/2017/07/13/aws-s3-misconfiguration-explained-fix/

A misconfiguration in the cloud, could leave you with a lot of data-breach misery.

The six vulnerability schemes that were ('hopefully not any longer there'):
Amazon S3 bucket allows for full anonymous access
Amazon S3 bucket allows for arbitrary file listing
Amazon S3 bucket allows for arbitrary file upload and exposure
Amazon S3 bucket allows for blind uploads
Amazon S3 bucket allows arbitrary read/writes of objects
Amazon S3 bucket reveals ACP/ACL

"Yes, baby, it is a wild world on that infrastructure  ".

Amazon getting too big to fail will mean an advanced security risk.
More of a mono-culture will always mean more attack surface,
and that means increased targeted attacks and threats.

polonus

[REDACTED]

i don't know where to post this
so this is as good as any place
the new avast is deleting files that worked well for years and doesn't let me recover or exempt them from the deletion
if there is a way to fix it plz inform   otherwise i am on the hunt for another antivirus

[bob3160]

i don't know where to post this
so this is as good as any place
the new avast is deleting files that worked well for years and doesn't let me recover or exempt them from the deletion
if there is a way to fix it plz inform   otherwise i am on the hunt for another antivirus

In your own new topic in the following forum:
https://forum.avast.com/index.php?board=4.0
Describing when these files got deleted would help.
A screenshot would also be be of help.
Are those files now in the virus chest???

[DavidR]

i don't know where to post this
so this is as good as any place
the new avast is deleting files that worked well for years and doesn't let me recover or exempt them from the deletion
if there is a way to fix it plz inform   otherwise i am on the hunt for another antivirus

This topic and sub-forum is unrelated to your problem the Virusers & Worms sub forum.

This is where you report a suspected false positive. At the top of these forums is a New Topic button to start your own new topic.

You will need to give more information on the 'file name', 'location' and 'malware name' given in the detections.

[polonus]

Hundreds of very popular top sites will send all your keystrokes, mouse movements, scrollbehavior and content of visited pages to 3rd parties via so-called replay-scripts, and this without your consent or you even knowing. It is almost resembles someone shouldersurfing you all of the time.

Very personal private data you share with the Internet like your private medical data, your credit card data and/or other personal private data could literally all have flown 'out of the window' by now.

Read: https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-personal-data-by-session-replay-scripts/

Most adblock scripts do not cover (all of) such replay-scripts .
Launchers thereof also do not honor the DoNotTrack setting in browsers.

Big websites do not respect their end-users' integrity.

I hope this will come to bite them in the end and they will pay with popularity.

Time for NoScript, uMatrix or a key scrambler now?

polonus

[polonus]

This is the list of shame:

https://webtransparency.cs.princeton.edu/no_boundaries/session_replay_sites.html

We should not be run such scripts in clients.
Whatever they wanna do with code on their servers is their thing,
but keep it out of my browser please.

polonus

[Asyn]

Vulnerability Note VU#817544
Windows 8 and later fail to properly randomize every application if system-wide mandatory ASLR is enabled via EMET or Windows Defender Exploit Guard
https://www.kb.cert.org/vuls/id/817544

[polonus]

Already ongoing an eye for an eye hacking:  https://www.thedailybeast.com/inside-the-shadowy-world-of-revenge-hackers

Corporations do not propogate this officially of-course, but now these German cyber-ops wanna start hacking back:
 https://www.zitis.bund.de/DE/Home/home_node.html

Read: http://www.spiegel.de/netzwelt/netzpolitik/cyberwar-zitis-praesident-wilfried-karl-will-digitalen-gegenschlag-a-1179729.html

Translate from German using Google Translate please.

pol

[Asyn]

2016 Data Security Incident
https://www.uber.com/newsroom/2016-data-incident