SECURITY WARNINGS & Notices - Please post them here

[CharleyO]

***

Misplaced warning at this link :

http://forum.avast.com/index.php?topic=61138.msg516039#msg516039


***

[CharleyO]

***

Misplaced notice at this link :

http://forum.avast.com/index.php?topic=61279.msg517655#msg517655


***

[Pondus]

Critical udates for Adobe Acrobat and Reader
http://www.norman.com/security_center/security_center_archive/2010/84420/en

[polonus]

Hi malware fighters,

In Amsterdam a couple of important HTTP-protocol flaws will be revealed: the vulnerabilities are for all programs and services that make use of the HTTP-protocol, e.g. Internet Explorer, Firefox, Microsoft Office, buts also Twitter, Hotmail, Facebook and iPhone Apps. MS and Facebook could mend these flaws in their code, but closing the holes for the HTML-protocol itself won't be that easy and swift a task...
So that is why I use HTTPS-everywhere extension inside the Mozilla browser for now, NoScript will protect the user as well, so all my search queries go via encrypted.google.com, my good friends,

polonus

[bob3160]

Using HTTPS stops avast from being able to scan your web activity.
At this point, I'd rather depend on avast! to protect me.   (This is my opinion)

[DavidR]

Using HTTPS stops avast from being able to scan your web activity.
At this point, I'd rather depend on avast! to protect me.   (This is my opinion)

Couldn't agree more, why use the web shield if you are going to cripple it by using an add-on to use https.

Not to mention a point polonus makes that NoScript also protects you to a degree in firefox, by switching to https you are actually reducing that effectiveness as the rules in NS by default are different for https (active content in https connection, see image). So not only are you blocking avast you are also reducing the effectiveness of noscript, a poor swap in my opinion.

[polonus]

DavidR,

The avast shields keeps working I guessed, the https everywhere is only for a couple of sites that give this additional service (alas google via encrypted.google, because of the school filter circumvention issue), it would be a sad thing indeed that we weren't protected on/via https connections. Is that so? I have the extension now disabled for the mo, but like to hear a bit more on the issue why https is not protected by avast via their port 12080 shield connection,

polonus

[DavidR]

It isn't only for a couple of sites and they are looking at adding other sites, not to mention some of the sites they do include notably facebook (I believe, or some such social networking site/s), which are large targets for malware.

It is a simple fact https is encrypted and the web shield can't monitor/scan encrypted traffic so it doesn't even try. So you loose that level of protection on https pages, it may well be picked up by the file system shield, but that isn't assured and certainly not any hacked site, redirect, exploit issues.

You only need monitor the web shield whilst browsing an https site and you will see zero scanning of https pages/content. Why do you think I have been banging on about it every time you mention this add-on.

[Hermite15]

The avast shields keeps working I guessed...

polonus

I'm surprised to hear that from you Pol...how do you want to scan encrypted traffic remains that the file shield will interact at disk level...but hey that's not the same level of protection anymore This said there's no risk surfing on https on a few sites (allowing it), I do that myself, on twitter for instance, where there's nothing hosted >>> if malware is linked there it's out of twitter, so the webshield will interact again. I'd be more careful with Facebook (that I hate anyway), because stuff is hosted there, so yes there are definitely some sites where ssl is not advised at all.
 The main point of using ssl is to get the privacy that you can't get on http in the case that bad guys would be eavesdropping the network...but the downside is that "malwarewise", you're almost on your own there.

ps: but again, I think switching to ssl is fine on a very restricted number of sites, like Google docs (on your account) and as a rule on nothing shared from another account.

[iRonzel]

Hi guys!

One question,

Is Google search exploited, or is a FP from avast!?

my avast! found in many occasions a JS-ScripIP-inf trojan trying to download to my computer when I make searches through Google.   



iRanzel

attach: report file from Web Shield

[polonus]

Hi iRanzel,

It is w\Xw.google.com.pr that has been hacked: t's the Peace Crew, formerly known as Terrorist Crew, a group of politically motivated hackers supporting the Palestinian cause, who recently defaced the Microsoft New Zealand sites. Earlier this year, they attacked a number of Nato and US military websites.

The principal Peace Crew character is a hacker known as Agd_Scorp, allegedly of Turkish origin. Others prominent members are rx5 and Cr@zy_King.

I don't know just how exactly did they go about this hack, but it seems to have something to do with modifying the DNS records of the hacked domains, which in effect re-directs prospect visitors to a site designed by the hackers. This particular exploit is known as "SQL Injection vulnerability".
source(s):
Microsoft NZ Hack:
http://w0rm.us/tag/peace-crew
http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=1...

NATO Hack:
http://news.softpedia.com/news/Palestinian-Supporters-Hack-NATO-and-U-S-Arm...

DNS Record Types:
http://en.wikipedia.org/wiki/List_of_DNS_record_types

SQL Injection:
http://en.wikipedia.org/wiki/SQL_injection

Use for searches the encrypted.google.com serviced, that is https and not that easy to hack or do your searches at
Ixquick, they also do not retain your search queries, http://ixquick.com/do/metasearch.pl

But looking for keygens is the royal route into your computer for malcode, because it often comes bundled with it..


polonus

[polonus]

Hi malware fighters,

A FOOBAR by GoogleChrome as some take it - Flash Player installed a la default with their latest update of the browser, a security nightmare, Google says:  you, the user, do not have to install anything and maintain anything, we'll do that for you. The option to fall back on a player you installed yourself is still there in the browser, but for that you have to opt out, but even as Flash Player comes sandboxed in GoogleChrome, isn't it better to go on with HTML5 and let Flash die a silent death, it is and was a security nightmare, folks?

polonus

[iRonzel]

But looking for keygens is the royal route into your computer for malcode, because it often comes bundled with it..


polonus

Exactly, is the best way to find new malwares and send to avast! labs. I hate piracy.... is one of the causes of the recessions and crisis. Including lost jobs.  

Edit: Thanks for your info polonus.  

[Avastfan1]

Not sure if the Beeb was a little late reporting this... http://news.bbc.co.uk/2/hi/technology/10473495.stm

Has anybody used the workaround? http://support.microsoft.com/kb/2219475

[YoKenny]

Has anybody used the workaround? http://support.microsoft.com/kb/2219475

Installed ages ago on my XP Pro system when it was released June 14, 2010