Author Topic: SECURITY WARNINGS & Notices - Please post them here  (Read 2943630 times)

0 Members and 2 Guests are viewing this topic.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48645
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #1545 on: September 02, 2011, 02:54:09 PM »
Yes I do and I guess according to them, it's not a safe place to go.
Its definitly not a safe place to go according to OpenDNS!
I just removed that filter and now the site shows.
Apparently the blog likes to hide its whereabouts.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v24H2 64bit, 32 Gig Ram, 1TB SSD, Avast Free 24.4.6112, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5710
  • Spartan Warrior
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #1546 on: September 02, 2011, 07:26:09 PM »
***


Beladen Loads Hacked Web Sites With Badness

Quote

At least 40,000 Web sites recently were hacked and retrofitted with instructions that silently attempt to infest visitor PCs with malicious software, security experts warn.

Each hacked site redirects to Web sites that bombard the visitor's PC with about 20 different Web browser vulnerabilities and browser plug-in attacks, targeting older, insecure versions of several third-party applications like QuickTime and Winzip.

This latest mass Web site hack is thought to be separate from a similar recent incident referred to as "Gumblar," so named because an estimated 60,000 domains hijacked over several weeks redirected visitors to a malware-serving Web site named Gumblar.cn, among others.

If you were to visit one of these sites hacked with the Beladen code, you probably wouldn't notice anything amiss. In the background, though, malicious code inserted into the site would force your browser to invisibly contact google-analyt1cs.net (please don't visit this site either), which checks the name of the referring Web site, records the date and time stamp of the visit, and then forwards the victim on to the Beladen site, which then silently attempts to exploit a series of browser vulnerabilities.


http://voices.washingtonpost.com/securityfix/2009/06/beladen_loads_hacked_web_sites.html


***

CharlieO,

Just clicked the above link, and got a text page of some sort just before the intended site appeared and loaded as "Washington Post".  Do not know what I saw, but when I saw it, I went, oh no!, as this behavior may describe exactly the problem you are referring to.

As I run my browser sandboxed, it does not appear to be affected.

Do you see the same behavior?

mchain

XP Home Edition SP3 P4 2.8 2GB RAM Avast! Free 6.0.1203
Windows 10 Home 64-bit 22H2 Microsoft Windows Defender - Windows 11 Home 23H2 - Windows 11 Pro 23H2 Avast Premier Security version 24.4.6112 (build 24.4.9067.762) UI version 1.0.803

Gargamel360

  • Guest
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #1547 on: September 04, 2011, 06:44:56 AM »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37608
  • Not a avast user
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #1548 on: September 06, 2011, 01:26:14 AM »

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5710
  • Spartan Warrior
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #1549 on: September 06, 2011, 09:03:54 AM »
more on the above

Secure browsing turns insecure (again)
http://www.norman.com/security_center/security_center_archive/2011/secure_browsing_turns_insecure_again/en

Gargamel360 and Pondus,

Shoot, just when I mistakenly thought things might get better!  It would seem that what is needed is for most, if not all, ip traffic to be https: once the issues are worked out with security certificates.

I know, I know, then the model of an open internet would be lost, but how does the average user today protect themselves from a corrupt and malicious nation-state, or even be aware that such a problem or situation exists?

The original model of the internet was for, among other things, military security and communications in the beginning, but as time has gone by, and as things have changed and progressed, I am beginning to think that this original model is sordidly archaic and obsolete, and that very ominous and dark clouds and storms are just forming beyond the horizon, unseen, unheard, and unfelt.  These threats are becoming more real by the minute, and the need for those to preserve the world as a safe place for freedom is becoming more dire with each passing moment.  The only way to know for sure that you are talking to who you think you are is now intrinsically intertwined with the validity of a security certificate. And, even then....

And the Iranian government is denying this right to it's own citizens?  What, pray tell, is the value of a human life in Iran?  Let me guess....

Knowledge is a wonderful power if used judiciously and with fairness towards all.  Remember, it is for us, and for our children, and our children's children. They will inherit this world after us, and we should not let this darkness prevail or even descend upon, the lives of those innocent of this maliciousness, or for those that will follow. 

I say, Not on our watch.

Not if I can help it.

mchain
Windows 10 Home 64-bit 22H2 Microsoft Windows Defender - Windows 11 Home 23H2 - Windows 11 Pro 23H2 Avast Premier Security version 24.4.6112 (build 24.4.9067.762) UI version 1.0.803

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76032
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #1550 on: September 06, 2011, 09:23:10 AM »
Fraudulent certificate triggers blocking from software companies
https://www.eff.org/deeplinks/2011/08/iranian-man-middle-attack-against-google
http://www.microsoft.com/technet/security/advisory/2607712.mspx
http://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-certificate/
http://support.mozilla.com/en-US/kb/deleting-diginotar-ca-cert
http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html

Fake Google certificate is the result of a hack
http://www.h-online.com/open/news/item/Fake-Google-certificate-is-the-result-of-a-hack-1333728.html
http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx

More Info
http://www.h-online.com/security/news/item/Updated-Chrome-and-Firefox-for-fraudulent-Google-certificate-available-1333898.html
http://my.opera.com/securitygroup/blog/2011/08/30/when-certificate-authorities-are-hacked-2
http://www.f-secure.com/weblog/archives/00002228.html
http://nakedsecurity.sophos.com/2011/08/31/google-blacklists-247-certificates-is-it-related-to-diginotar-hacking-incident

The DigiNotar Debacle, and what you should do about it
https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-do-about-it
Slammed with a lifetime ban
http://www.theregister.co.uk/2011/09/03/diginotar_game_over/

DigiNotar Damage Disclosure
https://blog.torproject.org/blog/diginotar-damage-disclosure
https://www.govcert.nl/english/service-provision/knowledge-and-publications/factsheets/factsheet-fraudulently-issued-security-certificate-discovered.html
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89329
  • No support PMs thanks
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #1551 on: September 06, 2011, 02:31:33 PM »
<snip>
Shoot, just when I mistakenly thought things might get better!  It would seem that what is needed is for most, if not all, ip traffic to be https: once the issues are worked out with security certificates.
<snip>
mchain

For me that would be the worst possible security choice, as the Web Shield doesn't monitor HTTPS traffic; so wouldn't provide the same level of protection that it is very good at on HTTP traffic. Blocking malware at source, sniffing out exploits and hacked sites, this happens to lots of sites and just because you are using an HTTPS connection doesn't stop that.

You only need to take a browse round the viruses and worms forum to see just how beneficial its protection is. Many people only find out their site has been hacked after avast users tell them or if they come to the forums to report what they consider a false positive only to find the detection is good.

Be careful what you wish for ;D
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5710
  • Spartan Warrior
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #1552 on: September 06, 2011, 04:12:06 PM »
<snip>
Shoot, just when I mistakenly thought things might get better!  It would seem that what is needed is for most, if not all, ip traffic to be https: once the issues are worked out with security certificates.
<snip>
mchain

For me that would be the worst possible security choice, as the Web Shield doesn't monitor HTTPS traffic; so wouldn't provide the same level of protection that it is very good at on HTTP traffic. Blocking malware at source, sniffing out exploits and hacked sites, this happens to lots of sites and just because you are using an HTTPS connection doesn't stop that.

You only need to take a browse round the viruses and worms forum to see just how beneficial its protection is. Many people only find out their site has been hacked after avast users tell them or if they come to the forums to report what they consider a false positive only to find the detection is good.

Be careful what you wish for ;D

DavidR,

There is much I do not know.  This fact re WebShield was unknown to me.  Perhaps, when seen in the light of what you say, then, it is best to leave things as they are; but we also need to maintain and keep our awareness of exploits designed to hurt and cripple those who mean no harm to others.

Among all the other activities we do, this one, use of the Internet, is in but a smaller realm, but has become essential to, and is in part of, our structure of our modern world.  If we lose control of that, then our future may be not as easily foreseeable as it may be now.

Few may agree with my assessment; it is, however, meant in all sincerity.

Perhaps Avast! could monitor HTTPS traffic as well if need be.  That, I think, was an implied point in what I was trying to say, although it was never specifically directed towards Avast!.  I am sorry I did not make this clear; I was not aware of, and did not know of, some of the basic structures upon which the Internet is built upon.  I did not know Avast! did not monitor HTTPS traffic, for example.

What I wish for is something better than we now have.  I think the need is to find a way to prevent exploitative behavior in the first place.  How to do this I cannot say.

If I wanted to learn how, and I do, I think here in this forum would be an excellent place to begin.

mchain

XP Home Edition SP3 2GB RAM Avast! 6.0.1203
Windows 10 Home 64-bit 22H2 Microsoft Windows Defender - Windows 11 Home 23H2 - Windows 11 Pro 23H2 Avast Premier Security version 24.4.6112 (build 24.4.9067.762) UI version 1.0.803

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89329
  • No support PMs thanks
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #1553 on: September 06, 2011, 04:30:45 PM »
The whole point of HTTPS (secure encrypted connection) is to keep prying eyes out, including your AV and this is no different from most other AVs, that is the ones that even have web content scanning.

The problem being the avast web shield redirects http traffic through its 'localhost' proxy; so it would have to handle the secure connection in a similar way to Mail Shield does to possibly do this. Right now that doesn't/can't happen, but it is I believe something they are working on for a future version of avast (no point in asking dates, etc. as this isn't firm right now).
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76032
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #1554 on: September 06, 2011, 04:35:17 PM »
@mchain: If you want to discuss this further please open a new topic.
Thanks,
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

CharleyO

  • Guest
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #1555 on: September 07, 2011, 04:56:34 AM »
***

Some of the below has already been posted but there are some new items to be aware of in the slide show presentation.

10 Biggest Cyber Attacks In August

Quote

Anonymous hackers kicked off the month of August with a cyber attack against FBI contractor ManTech International, which they claimed compromised almost 400 megabytes of data from the managed cybersecurity provider and was part of its AntiSec campaign -- a collaborative effort between Anonymous and spin-off hacker group LulzSec.

Included in the stolen data were numerous documents belonging to NATO, the U.S. Army, the U.S Department of Homeland Security, the U.S. State Department and the U.S. Department of Justice, as well as other personnel information, the group said.


http://www.crn.com/slide-shows/security/231600608/10-biggest-cyber-attacks-in-august.htm;jsessionid=usMK7Z0OR4pmmNi6OATDcw**.ecappj02?cid=nl_sec


***

CharleyO

  • Guest
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #1556 on: September 07, 2011, 05:04:58 AM »
***

British Police Arrest Two More Anonymous Hacker Suspects

Quote

British police arrested two men Thursday allegedly affiliated with the global hacker collective Anonymous and spinoff group LulzSec.

British police arrested 20-year-old Christopher Weatherhead, from Northampton, and Ashley Rhodes, 26, from London, charging both individuals with computer crimes.

Also as part of the same crackdown, two other suspects -- 22-year-old Peter Bigson, as well as a 17-year-old from Chester -- have already been arrested and charged with computer crimes, which allegedly included cyber attacks against PayPal, Amazon (NSDQ:AMZN), MasterCard , Bank of America and Visa.


http://www.crn.com/news/security/231600764/british-police-arrest-two-more-anonymous-hacker-suspects.htm?cid=nl_sec


***

YoKenny

  • Guest
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #1557 on: September 07, 2011, 01:15:09 PM »
Microsoft Security Advisory (2607712)
Fraudulent Digital Certificates Could Allow Spoofing
http://www.microsoft.com/technet/security/advisory/2607712.mspx

Update available now through Windows update.

* A restart is required for all editions of Windows XP and of Windows Server 2003.

* A restart is not required for all editions of Windows Vista, of Windows 7, of Windows Server 2008, and of Windows Server 2008 R2. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.

CharleyO

  • Guest
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #1558 on: September 07, 2011, 05:45:43 PM »
***

Man Gets 6-Year Jail Term For 'Sextortion'

Quote

A California man was sentenced to six years in prison for hacking into dozens of computers, stealing personal information and demanding naked images from female victims in exchange for not releasing the stolen information.


http://www.wbaltv.com/r/29057215/detail.html


***

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76032
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #1559 on: September 08, 2011, 09:03:26 AM »
Fraudulent certificate triggers blocking from software companies
https://www.eff.org/deeplinks/2011/08/iranian-man-middle-attack-against-google
http://www.microsoft.com/technet/security/advisory/2607712.mspx
http://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-certificate/
http://support.mozilla.com/en-US/kb/deleting-diginotar-ca-cert
http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html

Fake Google certificate is the result of a hack
http://www.h-online.com/open/news/item/Fake-Google-certificate-is-the-result-of-a-hack-1333728.html
http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx

More Info
http://www.h-online.com/security/news/item/Updated-Chrome-and-Firefox-for-fraudulent-Google-certificate-available-1333898.html
http://my.opera.com/securitygroup/blog/2011/08/30/when-certificate-authorities-are-hacked-2
http://www.f-secure.com/weblog/archives/00002228.html
http://nakedsecurity.sophos.com/2011/08/31/google-blacklists-247-certificates-is-it-related-to-diginotar-hacking-incident

The DigiNotar Debacle, and what you should do about it
https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-do-about-it
Slammed with a lifetime ban
http://www.theregister.co.uk/2011/09/03/diginotar_game_over/

DigiNotar Damage Disclosure
https://blog.torproject.org/blog/diginotar-damage-disclosure
https://www.govcert.nl/english/service-provision/knowledge-and-publications/factsheets/factsheet-fraudulently-issued-security-certificate-discovered.html

DigiNotar breach due to disastrous security
http://www.h-online.com/security/news/item/DigiNotar-breach-due-to-disastrous-security-Update-1337573.html
http://www.rijksoverheid.nl/bestanden/documenten-en-publicaties/rapporten/2011/09/05/diginotar-public-report-version-1/rapport-fox-it-operation-black-tulip-v1-0.pdf

Browser makers update their DigiNotar disaster updates
http://www.h-online.com/security/news/item/Browser-makers-update-their-DigiNotar-disaster-updates-1338144.html
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0