Author Topic: SECURITY WARNINGS & Notices - Please post them here  (Read 2365402 times)

0 Members and 2 Guests are viewing this topic.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37183
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #120 on: January 16, 2010, 07:31:17 PM »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33628
  • malware fighter
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #121 on: January 17, 2010, 04:53:35 PM »
FIX for the new IE vulnerability...

Recently a serious hole has been found in Internet Explorer to enable hackers to penetrate corporational networks.
The SANS-institute warns the code is being exploited in the wild:

http://www.dshield.org/diary.html?storyid=8002

One of MS advisories is enabling Data Execution Prevention (DEP) for Internet Explorer. In certain versions DEP is already installed and active, in other it is not. People do not need the FIX when on IE-8 on XP SP3 or Windows Vista SP1 of later versions. The list of vulnerable systems are in the MS list.

A FIX has now been published on the MS site, switching on DEP for IE so the exploit cannot be exploited.
The SANS institute does not expect an out-of-band patch to be launched, but the next round to be enrolled in February. So most sytems may stay vulnerable.

To overcome that time-frame install the FIXFIX. You can find it here:

http://support.microsoft.com/kb/979352

Put the installer onto the desktop and double click to install the FIX. Put the fix as a bookmark inside the browser, because when the patch arrives you can undo the patch coming February,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

news

  • Guest
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #122 on: January 17, 2010, 08:08:38 PM »
Thanks so much Polonus for the info. I've patched a few systems using this vital information. Great to see it published here on the avast! forum as well.

Offline .: L' arc :.

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1780
  • Thinking with Portals
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #123 on: January 18, 2010, 01:24:57 PM »
Google, Citing Attack, Threatens to Exit China
New York Times
Quote
     BEIJING — Google said Tuesday that it would stop cooperating with Chinese Internet censorship and consider shutting down its operations in the country altogether, citing assaults from hackers on its computer systems and China’s attempts to “limit free speech on the Web.”


Pop-Up Security Warnings Pose Threats
Federal Bureau of Investigation
Quote
     The FBI warned consumers today about an ongoing threat involving pop-up security messages that appear while they are on the Internet. The messages may contain a virus that could harm your computer, cause costly repairs or, even worse, lead to identity theft. The messages contain scareware, fake or rogue anti-virus software that looks authentic.
Windows 7 (64-bit) Home Premium SP1
avast! 9 RC1

Hermite15

  • Guest
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #124 on: January 18, 2010, 01:48:50 PM »
@ .: L' arc :.:
both are old news, the FBI warning from December 11, 2009 , and the undergoing Google vs China story is from January 12...and I started a thread on the 13th:
http://forum.avast.com/index.php?topic=53364.msg452547#msg452547

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33628
  • malware fighter
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #125 on: January 18, 2010, 07:09:08 PM »
Hi folks,

Demonstration of the Aurora IE Exploit on video:
http://praetorianprefect.com/archives/2010/01/the-aurora-ie-exploit-in-action/

domain names and files to check on for Aurora hack:
http://www.mcafee.com/us/local_content/reports/how_can_u_tell_v5.pdf

extended analysis of the Exploit: http://blog.threatexpert.com/2010/01/trojanhydraq-part-ii.html

Comment shows the effectiveness of social engineering in Exploits:
http://web2.sys-con.com/node/1248613

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33628
  • malware fighter
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #126 on: January 19, 2010, 03:42:35 PM »
Hi malware fighters,

Hackers promise the Aurora exploit to work with IE8 and DEP: http://twitter.com/DinoDaiZovi
He also expects to get a functionable exploit for XP and IE8:
The first attack outside the Aurora exploit cycle, was found here:
http://securitylabs.websense.com/content/Blogs/3530.aspx
The site was taken down. The heap spray exploit will be refined,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Chris Thomas

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1936
  • Christian Geek - aka 'born again' Geek
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #127 on: January 19, 2010, 03:44:28 PM »
@ polonus

Any precautionary measure?

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33628
  • malware fighter
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #128 on: January 19, 2010, 04:05:40 PM »
Hi Chris Thomas,

Not really at the moment. One could upgrade to IE8 according to the MS advice. Security experts say that the exploit can only be prevented through hardware DEP.
So we expect an out-of-band patch before Feb. 9 any moment now, emergency patch imminent:
http://blogs.technet.com/msrc/archive/2010/01/18/advisory-979352-update-for-monday-january-18.aspx
At the moment we have this MS fix to be used temporarily : http://go.microsoft.com/?linkid=9668626
Software DEP is no real DEP, only a form of '/SAFESEH' no effective means to stop this explot, according to MS.
MS security expert Ness remarks that there is a well-known attack that can circumvent DEP via .NET classes. "IE8 does not allow loading these .NET classes in the Internet Zone. In the Intranet zone they are allowed. That is why an attacker that hosts content on a network may circumvent DEP to successfully abuse the hole."
So for the moment refrain of using IE, shun BlueE until patched as many governments now say (Germany, France, Holland), and use Firefox or Flock browser with NoScript and RequestPolicy add-ons installed. Then you are 100% safe,

polonus

P.S. Check if your machine supports hardware DEP? http://support.microsoft.com/kb/912923

D
« Last Edit: January 19, 2010, 04:12:59 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

YoKenny

  • Guest
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #129 on: January 19, 2010, 04:16:36 PM »
@  polonus 

Quote
As we’ve previously reported, attacks remain targeted to a very limited number of corporations and are only effective against Internet Explorer 6.

We have not seen successful attacks on Internet Explorer 8. We continue to recommend customers upgrade to Internet Explorer 8 to benefit from the improved security protection it offers.


I am a FUD fighter:
http://en.wiktionary.org/wiki/FUD


Offline Chris Thomas

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1936
  • Christian Geek - aka 'born again' Geek
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #130 on: January 19, 2010, 04:23:07 PM »
@ Polonus

Thanks for keeping me updated

I won't be using IE and I have made my security settings very high

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33628
  • malware fighter
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #131 on: January 19, 2010, 04:27:36 PM »
Hi YoKenny,

Heap spray attacks are no FUD, and why would MS come up with an out of band emergency patch if there was nothing wrong. Why would governments like Germany, France and the Netherlands advise their citizens NOT to use IE for the moment. Just because of what you call FUD. No it is MS that can only secure their software through hardware measurements.
If someone could explain to me why GoogleChrome is better security wise as Firefox, I would drop Firefox every minute. Why IE users cannot come to terms with the idea that their browser has a long, long beard, IE concept is decennia old,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Hermite15

  • Guest

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37183
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #133 on: January 19, 2010, 10:12:46 PM »
D-Link issues fixes for router vulnerabilities

Taiwanese firm says flaw could allow hackers to access administrative settings
http://www.computerworld.com/s/article/9145139/D_Link_issues_fixes_for_router_vulnerabilities?taxonomyId=80

D-Link Routers: One Hack to Own Them All
http://www.sourcesec.com/2010/01/09/d-link-routers-one-hack-to-own-them-all/

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37183
Re: SECURITY WARNINGS Notices - Please post them here
« Reply #134 on: January 19, 2010, 10:18:47 PM »
Akamai: World Internet connection speeds on the rise; Russia, Brazil top cyberattack centers
http://blogs.zdnet.com/BTL/?p=29634


Russia, Brazil Lead Cyber Attack Barrage
http://www.esecurityplanet.com/features/article.php/3858971/From-Russia-With-Spam.htm
« Last Edit: January 19, 2010, 10:20:39 PM by Pondus »