SECURITY WARNINGS & Notices - Please post them here

[bob3160]

Yes I do and I guess according to them, it's not a safe place to go.

Its definitly not a safe place to go according to OpenDNS!

I just removed that filter and now the site shows.
Apparently the blog likes to hide its whereabouts.

[mchain]

***


Beladen Loads Hacked Web Sites With Badness

At least 40,000 Web sites recently were hacked and retrofitted with instructions that silently attempt to infest visitor PCs with malicious software, security experts warn.

Each hacked site redirects to Web sites that bombard the visitor's PC with about 20 different Web browser vulnerabilities and browser plug-in attacks, targeting older, insecure versions of several third-party applications like QuickTime and Winzip.

This latest mass Web site hack is thought to be separate from a similar recent incident referred to as "Gumblar," so named because an estimated 60,000 domains hijacked over several weeks redirected visitors to a malware-serving Web site named Gumblar.cn, among others.

If you were to visit one of these sites hacked with the Beladen code, you probably wouldn't notice anything amiss. In the background, though, malicious code inserted into the site would force your browser to invisibly contact google-analyt1cs.net (please don't visit this site either), which checks the name of the referring Web site, records the date and time stamp of the visit, and then forwards the victim on to the Beladen site, which then silently attempts to exploit a series of browser vulnerabilities.

http://voices.washingtonpost.com/securityfix/2009/06/beladen_loads_hacked_web_sites.html


***

CharlieO,

Just clicked the above link, and got a text page of some sort just before the intended site appeared and loaded as "Washington Post".  Do not know what I saw, but when I saw it, I went, oh no!, as this behavior may describe exactly the problem you are referring to.

As I run my browser sandboxed, it does not appear to be affected.

Do you see the same behavior?

mchain

XP Home Edition SP3 P4 2.8 2GB RAM Avast! Free 6.0.1203

[Gargamel360]

Fraudulent certificate triggers blocking from software companies
https://www.eff.org/deeplinks/2011/08/iranian-man-middle-attack-against-google
http://www.microsoft.com/technet/security/advisory/2607712.mspx
http://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-certificate/
http://support.mozilla.com/en-US/kb/deleting-diginotar-ca-cert
http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html

Fake Google certificate is the result of a hack
http://www.h-online.com/open/news/item/Fake-Google-certificate-is-the-result-of-a-hack-1333728.html
http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx

More Info
http://www.h-online.com/security/news/item/Updated-Chrome-and-Firefox-for-fraudulent-Google-certificate-available-1333898.html
http://my.opera.com/securitygroup/blog/2011/08/30/when-certificate-authorities-are-hacked-2
http://www.f-secure.com/weblog/archives/00002228.html
http://nakedsecurity.sophos.com/2011/08/31/google-blacklists-247-certificates-is-it-related-to-diginotar-hacking-incident

The DigiNotar Debacle, and what you should do about it
https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-do-about-it

Slammed with a lifetime ban
http://www.theregister.co.uk/2011/09/03/diginotar_game_over/

[Pondus]

more on the above

Secure browsing turns insecure (again)
http://www.norman.com/security_center/security_center_archive/2011/secure_browsing_turns_insecure_again/en

[mchain]

more on the above

Secure browsing turns insecure (again)
http://www.norman.com/security_center/security_center_archive/2011/secure_browsing_turns_insecure_again/en

Gargamel360 and Pondus,

Shoot, just when I mistakenly thought things might get better!  It would seem that what is needed is for most, if not all, ip traffic to be https: once the issues are worked out with security certificates.

I know, I know, then the model of an open internet would be lost, but how does the average user today protect themselves from a corrupt and malicious nation-state, or even be aware that such a problem or situation exists?

The original model of the internet was for, among other things, military security and communications in the beginning, but as time has gone by, and as things have changed and progressed, I am beginning to think that this original model is sordidly archaic and obsolete, and that very ominous and dark clouds and storms are just forming beyond the horizon, unseen, unheard, and unfelt.  These threats are becoming more real by the minute, and the need for those to preserve the world as a safe place for freedom is becoming more dire with each passing moment.  The only way to know for sure that you are talking to who you think you are is now intrinsically intertwined with the validity of a security certificate. And, even then....

And the Iranian government is denying this right to it's own citizens?  What, pray tell, is the value of a human life in Iran?  Let me guess....

Knowledge is a wonderful power if used judiciously and with fairness towards all.  Remember, it is for us, and for our children, and our children's children. They will inherit this world after us, and we should not let this darkness prevail or even descend upon, the lives of those innocent of this maliciousness, or for those that will follow. 

I say, Not on our watch.

Not if I can help it.

mchain

[Asyn]

Fraudulent certificate triggers blocking from software companies
https://www.eff.org/deeplinks/2011/08/iranian-man-middle-attack-against-google
http://www.microsoft.com/technet/security/advisory/2607712.mspx
http://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-certificate/
http://support.mozilla.com/en-US/kb/deleting-diginotar-ca-cert
http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html

Fake Google certificate is the result of a hack
http://www.h-online.com/open/news/item/Fake-Google-certificate-is-the-result-of-a-hack-1333728.html
http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx

More Info
http://www.h-online.com/security/news/item/Updated-Chrome-and-Firefox-for-fraudulent-Google-certificate-available-1333898.html
http://my.opera.com/securitygroup/blog/2011/08/30/when-certificate-authorities-are-hacked-2
http://www.f-secure.com/weblog/archives/00002228.html
http://nakedsecurity.sophos.com/2011/08/31/google-blacklists-247-certificates-is-it-related-to-diginotar-hacking-incident

The DigiNotar Debacle, and what you should do about it
https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-do-about-it

Slammed with a lifetime ban
http://www.theregister.co.uk/2011/09/03/diginotar_game_over/

DigiNotar Damage Disclosure
https://blog.torproject.org/blog/diginotar-damage-disclosure
https://www.govcert.nl/english/service-provision/knowledge-and-publications/factsheets/factsheet-fraudulently-issued-security-certificate-discovered.html

[DavidR]

<snip>
Shoot, just when I mistakenly thought things might get better!  It would seem that what is needed is for most, if not all, ip traffic to be https: once the issues are worked out with security certificates.
<snip>
mchain

For me that would be the worst possible security choice, as the Web Shield doesn't monitor HTTPS traffic; so wouldn't provide the same level of protection that it is very good at on HTTP traffic. Blocking malware at source, sniffing out exploits and hacked sites, this happens to lots of sites and just because you are using an HTTPS connection doesn't stop that.

You only need to take a browse round the viruses and worms forum to see just how beneficial its protection is. Many people only find out their site has been hacked after avast users tell them or if they come to the forums to report what they consider a false positive only to find the detection is good.

Be careful what you wish for

[mchain]

<snip>
Shoot, just when I mistakenly thought things might get better!  It would seem that what is needed is for most, if not all, ip traffic to be https: once the issues are worked out with security certificates.
<snip>
mchain

For me that would be the worst possible security choice, as the Web Shield doesn't monitor HTTPS traffic; so wouldn't provide the same level of protection that it is very good at on HTTP traffic. Blocking malware at source, sniffing out exploits and hacked sites, this happens to lots of sites and just because you are using an HTTPS connection doesn't stop that.

You only need to take a browse round the viruses and worms forum to see just how beneficial its protection is. Many people only find out their site has been hacked after avast users tell them or if they come to the forums to report what they consider a false positive only to find the detection is good.

Be careful what you wish for

DavidR,

There is much I do not know.  This fact re WebShield was unknown to me.  Perhaps, when seen in the light of what you say, then, it is best to leave things as they are; but we also need to maintain and keep our awareness of exploits designed to hurt and cripple those who mean no harm to others.

Among all the other activities we do, this one, use of the Internet, is in but a smaller realm, but has become essential to, and is in part of, our structure of our modern world.  If we lose control of that, then our future may be not as easily foreseeable as it may be now.

Few may agree with my assessment; it is, however, meant in all sincerity.

Perhaps Avast! could monitor HTTPS traffic as well if need be.  That, I think, was an implied point in what I was trying to say, although it was never specifically directed towards Avast!.  I am sorry I did not make this clear; I was not aware of, and did not know of, some of the basic structures upon which the Internet is built upon.  I did not know Avast! did not monitor HTTPS traffic, for example.

What I wish for is something better than we now have.  I think the need is to find a way to prevent exploitative behavior in the first place.  How to do this I cannot say.

If I wanted to learn how, and I do, I think here in this forum would be an excellent place to begin.

mchain

XP Home Edition SP3 2GB RAM Avast! 6.0.1203

[DavidR]

The whole point of HTTPS (secure encrypted connection) is to keep prying eyes out, including your AV and this is no different from most other AVs, that is the ones that even have web content scanning.

The problem being the avast web shield redirects http traffic through its 'localhost' proxy; so it would have to handle the secure connection in a similar way to Mail Shield does to possibly do this. Right now that doesn't/can't happen, but it is I believe something they are working on for a future version of avast (no point in asking dates, etc. as this isn't firm right now).

[Asyn]

@mchain: If you want to discuss this further please open a new topic.
Thanks,
asyn

[CharleyO]

***

Some of the below has already been posted but there are some new items to be aware of in the slide show presentation.

10 Biggest Cyber Attacks In August

Anonymous hackers kicked off the month of August with a cyber attack against FBI contractor ManTech International, which they claimed compromised almost 400 megabytes of data from the managed cybersecurity provider and was part of its AntiSec campaign -- a collaborative effort between Anonymous and spin-off hacker group LulzSec.

Included in the stolen data were numerous documents belonging to NATO, the U.S. Army, the U.S Department of Homeland Security, the U.S. State Department and the U.S. Department of Justice, as well as other personnel information, the group said.

http://www.crn.com/slide-shows/security/231600608/10-biggest-cyber-attacks-in-august.htm;jsessionid=usMK7Z0OR4pmmNi6OATDcw**.ecappj02?cid=nl_sec


***

[CharleyO]

***

British Police Arrest Two More Anonymous Hacker Suspects

British police arrested two men Thursday allegedly affiliated with the global hacker collective Anonymous and spinoff group LulzSec.

British police arrested 20-year-old Christopher Weatherhead, from Northampton, and Ashley Rhodes, 26, from London, charging both individuals with computer crimes.

Also as part of the same crackdown, two other suspects -- 22-year-old Peter Bigson, as well as a 17-year-old from Chester -- have already been arrested and charged with computer crimes, which allegedly included cyber attacks against PayPal, Amazon (NSDQ:AMZN), MasterCard , Bank of America and Visa.

http://www.crn.com/news/security/231600764/british-police-arrest-two-more-anonymous-hacker-suspects.htm?cid=nl_sec


***

[YoKenny]

Microsoft Security Advisory (2607712)
Fraudulent Digital Certificates Could Allow Spoofing
http://www.microsoft.com/technet/security/advisory/2607712.mspx

Update available now through Windows update.

* A restart is required for all editions of Windows XP and of Windows Server 2003.

* A restart is not required for all editions of Windows Vista, of Windows 7, of Windows Server 2008, and of Windows Server 2008 R2. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.

[CharleyO]

***

Man Gets 6-Year Jail Term For 'Sextortion'

A California man was sentenced to six years in prison for hacking into dozens of computers, stealing personal information and demanding naked images from female victims in exchange for not releasing the stolen information.

http://www.wbaltv.com/r/29057215/detail.html


***

[Asyn]

Fraudulent certificate triggers blocking from software companies
https://www.eff.org/deeplinks/2011/08/iranian-man-middle-attack-against-google
http://www.microsoft.com/technet/security/advisory/2607712.mspx
http://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-certificate/
http://support.mozilla.com/en-US/kb/deleting-diginotar-ca-cert
http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html

Fake Google certificate is the result of a hack
http://www.h-online.com/open/news/item/Fake-Google-certificate-is-the-result-of-a-hack-1333728.html
http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx

More Info
http://www.h-online.com/security/news/item/Updated-Chrome-and-Firefox-for-fraudulent-Google-certificate-available-1333898.html
http://my.opera.com/securitygroup/blog/2011/08/30/when-certificate-authorities-are-hacked-2
http://www.f-secure.com/weblog/archives/00002228.html
http://nakedsecurity.sophos.com/2011/08/31/google-blacklists-247-certificates-is-it-related-to-diginotar-hacking-incident

The DigiNotar Debacle, and what you should do about it
https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-do-about-it

Slammed with a lifetime ban
http://www.theregister.co.uk/2011/09/03/diginotar_game_over/

DigiNotar Damage Disclosure
https://blog.torproject.org/blog/diginotar-damage-disclosure
https://www.govcert.nl/english/service-provision/knowledge-and-publications/factsheets/factsheet-fraudulently-issued-security-certificate-discovered.html

DigiNotar breach due to disastrous security
http://www.h-online.com/security/news/item/DigiNotar-breach-due-to-disastrous-security-Update-1337573.html
http://www.rijksoverheid.nl/bestanden/documenten-en-publicaties/rapporten/2011/09/05/diginotar-public-report-version-1/rapport-fox-it-operation-black-tulip-v1-0.pdf

Browser makers update their DigiNotar disaster updates
http://www.h-online.com/security/news/item/Browser-makers-update-their-DigiNotar-disaster-updates-1338144.html