Author Topic: SECURITY WARNINGS & Notices - Please post them here  (Read 2861134 times)

0 Members and 4 Guests are viewing this topic.

Alan Baxter

  • Guest
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #510 on: June 17, 2010, 05:50:09 AM »
The XP hole found up by Google is now actively being abused, so apply the FixIt:
http://www.sophos.com/blogs/sophoslabs/?p=10045

Done just now.  Thank for for the update.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #511 on: June 18, 2010, 10:11:19 AM »
Disclose information about vulnerabilities? Yes/No/When?

http://www.norman.com/security_center/security_center_archive/2010/83782/en

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #512 on: June 18, 2010, 03:49:07 PM »
dont put your money here

Eastern European banks under attack by next-gen crime app
http://www.theregister.co.uk/2010/06/16/blackenergy2_ddos_attacks/



Researcher shows how to strike back at web assailants
Exploiting the exploiters
http://www.theregister.co.uk/2010/06/17/exploiting_online_attackers/

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #513 on: June 18, 2010, 04:01:27 PM »
Hi Pondus,

On the disclosure discussion front, i.m.o. the best remedy is to educate users to be fully protected against possible 0-days. That is to make use of appropriate in-browser protection like NS and RP (so code can not run and malicious requests are not being performed), use a normal user account so an exploit can not be maximized on the OS and in the registry. Use a combination of a fully upgraded resident AV solution together with some additional non-resident malware scanners (MBAM, SAS etc.) and check with Secunia's PSI for instance whether all third party software has been fully updated and patched.
As long as users are not educated into these precautionary practices the discussion between full, semi or responsible disclosure is a non-issue because the average user will still be a sitting duck for malcreants and cybercriminals alike,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #514 on: June 19, 2010, 04:17:31 AM »
Hi Pondus,

On the disclosure discussion front, i.m.o. the best remedy is to educate users to be fully protected against possible 0-days. That is to make use of appropriate in-browser protection like NS and RP (so code can not run and malicious requests are not being performed), use a normal user account so an exploit can not be maximized on the OS and in the registry. Use a combination of a fully upgraded resident AV solution together with some additional non-resident malware scanners (MBAM, SAS etc.) and check with Secunia's PSI for instance whether all third party software has been fully updated and patched.
As long as users are not educated into these precautionary practices the discussion between full, semi or responsible disclosure is a non-issue because the average user will still be a sitting duck for malcreants and cybercriminals alike,

polonus

+1 (100% agree..!!!)
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Hermite15

  • Guest
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #515 on: June 19, 2010, 01:10:14 PM »
guys stop dreaming, the average user will never ever use NS or similar, never. The average user wants his box to run like a TV, turn on, zap, turn off...browse the web, check hotmail, and basta. It's already hard to make them undertsand that they need an anti-virus at all (most of them running nothing, because the Norton trial expired ;D )....there's no such thing as educating the masses about computer and internet security. The masses are purely and simply rejecting the ideas: that 1st the web is not secure, and second that they need to be educated for their own sake. It's a dead end. Show user lambda that his system is infected, he'll still wonder why there's a need to clean it...not a joke ;)

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #516 on: June 19, 2010, 04:46:54 PM »
guys stop dreaming, ... <snip>

Never stop dreaming..!! ;)
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #517 on: June 19, 2010, 05:04:48 PM »
Hi Logos,

Still we have to go on educating, just for the guys and gals and kids that will pick this up, weren't we a bit like average users when we started out here. How may computers do you need that have been turned into a state of "no better than a door stopper" by malcoded script to finally glimpse at the idea that it is a PEBKAC problem mainly, and you can do something fundamentally about it. If I can get 100 users to further use NS and RP combined I feel a better human being for doing so,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #518 on: June 22, 2010, 11:05:35 AM »
From Omids`s Blog

A little note to the guys at ESET  http://boelectronic.blogspot.com/search/label/Fun

Offline mkis

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1618
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #519 on: June 22, 2010, 01:29:55 PM »
Go Omid! I liked the Windows updates thing in those earlier posts. I'm planning on 2012 ending for XP network followed by upgrade to whatever is best option then. Whenever the security updates cannot be kept up to cover potential or real vunerabilities. I've got two years avast! Pro on an XP Pro 32bit so I'll take my XP that far.
Avast7 Free, MBAM (on demand), MVPS Hosts

Intel DG41TY, Windows 7 Ultimate, IE9, Google Chrome, 4 GB ram, Secunia PSI, ccleaner, Foxit Reader, Faststone Image viewer, MWSnap.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #520 on: June 22, 2010, 02:12:40 PM »
also from Omid`s blog

Watch out for this dangerous hacker.....he may erase your hard drive.......... ;D ;D ;D
http://whatthehell.eu/hacker-story
« Last Edit: June 22, 2010, 04:13:52 PM by Pondus »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #521 on: June 22, 2010, 03:34:58 PM »
Hi Pondus,

And what would you think of this, malcreants signing their malcode with MS Authenticode, certified malware, who would believe this?
http://www.f-secure.com/weblog/archives/00001973.html

So look out, you good people, it is a nightmare out there or soon to be,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

spg SCOTT

  • Guest
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #522 on: June 22, 2010, 05:25:16 PM »
also from Omid`s blog

Watch out for this dangerous hacker.....he may erase your hard drive.......... ;D ;D ;D
http://whatthehell.eu/hacker-story

Must be DST... ;D ;D ;D ;D ;D...


« Last Edit: June 22, 2010, 05:27:31 PM by spg SCOTT »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #523 on: June 24, 2010, 12:53:33 AM »

YoKenny

  • Guest
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #524 on: June 24, 2010, 01:17:45 AM »
Testing Reveals Security Software Often Misses New Malware
http://www.cio.com/article/597263/Testing_Reveals_Security_Software_Often_Misses_New_Malware?taxonomyId=3089
Then there are those that feel the sky is falling ::)

There needs to be a sanity check! ???