Author Topic: SECURITY WARNINGS & Notices - Please post them here  (Read 2861129 times)

0 Members and 4 Guests are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #60 on: January 05, 2010, 06:22:54 PM »
Hi malware fighters,

Threat for website defacements through XSS flaws on blogsites is reported here: http://forum.avast.com/index.php?topic=53082.msg449946#msg449946

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #61 on: January 05, 2010, 06:24:27 PM »
Hi malware fighters,

Threat for website defacements through XSS flaws on blogsites is reported here: http://forum.avast.com/index.php?topic=53082.msg449946#msg449946

polonus
So now we have 2 posts for the same item...  :)
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #62 on: January 05, 2010, 06:26:50 PM »
Hi bob3160,

One full posting and one small additional link here. While you alerted for it..

Damian
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Hermite15

  • Guest
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #63 on: January 05, 2010, 06:31:53 PM »
Hi bob3160,

One full posting and one small additional link here. While you alerted for it..

Damian

agree with that, so that those who'd want to comment can go to the other thread and not clutter this one here.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #64 on: January 05, 2010, 07:13:58 PM »
Unfortunately that only creates more clutter so we now create 2 posts instead on one.
It defeats the whole purpose.
At this point, just make your separate posts, it's getting harder and harder to follow all the entries anyway.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

YoKenny

  • Guest
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #65 on: January 05, 2010, 07:40:18 PM »
Unfortunately that only creates more clutter so we now create 2 posts instead on one.
It defeats the whole purpose.
At this point, just make your separate posts, it's getting harder and harder to follow all the entries anyway.

+1

One post plus comments  8)

One post in SECURITY WARNINGS then 2 topics to follow ::)

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #66 on: January 07, 2010, 02:13:05 PM »
Encryption busted on popular USB flash drives

A word of warning to those of you who rely on hardware-based encrypted USB flash drives. Security firm SySS has reportedly cracked the
AES 256-bit hardware-based encryption used on flash drives manufactured by Kingston, SanDisk and Verbatim.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Hermite15

  • Guest
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #67 on: January 07, 2010, 02:27:55 PM »
Encryption busted on popular USB flash drives

A word of warning to those of you who rely on hardware-based encrypted USB flash drives. Security firm SySS has reportedly cracked the
AES 256-bit hardware-based encryption used on flash drives manufactured by Kingston, SanDisk and Verbatim.


bob you should have added this too, they didn't crack the algorithm, they used a security flaw in the encryption/decryption program:
Quote
The crack relies on a weakness so astoundingly bone-headed that it’s almost hard to believe. While the data on the drive is indeed encrypted using 256-bit crypto, there’s a huge failure in the authentication program. When the correct password is supplied by the user, the authentication program always send the same character string to the drive to decrypt the data no matter what the password used. What’s also staggering is that this character string is the same for Kingston, SanDisk and Verbatim USB flash drives.

 if they had cracked AES 256, which is hardly to happen anytime soon, it would have made the headlines on a few sites and mags  ;D ...but well, the program flaw is bad enough to be mentioned.
 But there are alternatives, TrueCrypt and now Bitlocker (Windows 7 version) that can be used to encrypt USB drives as well.
« Last Edit: January 07, 2010, 02:30:23 PM by Logos »

Hermite15

  • Guest
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #68 on: January 07, 2010, 03:42:28 PM »
Hacker pierces hardware firewalls with web page
http://forum.avast.com/index.php?topic=53163.msg450630#msg450630

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #69 on: January 08, 2010, 12:12:20 AM »
Encryption busted on popular USB flash drives

A word of warning to those of you who rely on hardware-based encrypted USB flash drives. Security firm SySS has reportedly cracked the
AES 256-bit hardware-based encryption used on flash drives manufactured by Kingston, SanDisk and Verbatim.


bob you should have added this too, they didn't crack the algorithm, they used a security flaw in the encryption/decryption program:
Quote
The crack relies on a weakness so astoundingly bone-headed that it’s almost hard to believe. While the data on the drive is indeed encrypted using 256-bit crypto, there’s a huge failure in the authentication program. When the correct password is supplied by the user, the authentication program always send the same character string to the drive to decrypt the data no matter what the password used. What’s also staggering is that this character string is the same for Kingston, SanDisk and Verbatim USB flash drives.

 if they had cracked AES 256, which is hardly to happen anytime soon, it would have made the headlines on a few sites and mags  ;D ...but well, the program flaw is bad enough to be mentioned.
 But there are alternatives, TrueCrypt and now Bitlocker (Windows 7 version) that can be used to encrypt USB drives as well.
Logos,
I supplied the link which gave that information. :) I spent the time reading it and so did you so why shouldn't the rest of those that where interested.   ;D
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

hello123

  • Guest
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #70 on: January 08, 2010, 02:37:10 AM »

Quote
Juniper Networks is warning customers of a critical flaw in its gateway routers that allows attackers to crash the devices by sending them small amounts of easily-spoofed traffic.


http://www.theregister.co.uk/2010/01/07/juniper_critical_router_bug/

hello123

  • Guest

Hermite15

  • Guest
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #72 on: January 08, 2010, 10:47:07 AM »
Logos,
I supplied the link which gave that information. :) I spent the time reading it and so did you so why shouldn't the rest of those that where interested.   ;D

the first lines of the article were misleading, and you quoted them, and just them, here's why...some might NOT read the article and but your post here.

YoKenny

  • Guest
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #73 on: January 08, 2010, 03:02:45 PM »
Quote
Office.Microsoft.Com Search Results Can Lead To Rogue Anti-Virus
Date:01.08.2010
Threat Type: Malicious Web Site / Malicious Code

Websense Security Labs™ ThreatSeeker™ Network has detected that search results on office.microsoft.com can lead users to a Rogue AV page.
http://securitylabs.websense.com/content/Alerts/3519.aspx

YoKenny

  • Guest
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #74 on: January 08, 2010, 03:18:32 PM »
Quote
Some Observations on Rootkits

Getting hit by a live rootkit infection is among the more unfortunate fates that can befall an unsuspecting computer user.

Parting thoughts
• Keep real-time protection enabled
• Run 64-bit Windows
http://blogs.technet.com/mmpc/archive/2010/01/07/some-observations-on-rootkits.aspx