The Official Internet/Computer Security News Discussion Thread
#1
Sanest Florida Man
Thread Starter
The Official Internet/Computer Security News Discussion Thread
I've been meaning to make this thread for a while. I'd like this to be where we can discuss the latest trends in malware, phishing attacks, social engineering attacks, etc. Also things to look out for, how to configure your computer to enhance security and where people can come and get help if they need it.
#2
Sanest Florida Man
Thread Starter
First up, MS found that Java exploits are greatly on the rise!
<div> <table style="display: inline; border-collapse: collapse; font-size: 1em" border="1" cellspacing="2" cellpadding="2" width="532"><tbody> <tr> <td style="vertical-align: top" class="ms-rtetablecells" width="64"> <div><strong>CVE</strong></div> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="54"> <div align="right"><strong>Attacks</strong></div> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="67"> <div align="right"><strong>Computers</strong></div> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="335"> <div><strong>Description</strong></div> </td> </tr> <tr> <td style="vertical-align: top" class="ms-rtetablecells" width="64"> <div>CVE-2008-5353</div> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="58"> <div align="right">3,560,669</div> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="71"> <div align="right">1,196,480</div> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="328"> <div>A deserialization issue in vulnerable versions of JRE (Java Runtime Environment) allows remote code execution through Java-enabled browsers on multiple platforms, such as Microsoft Windows, Linux, and Apple Mac OS X.</div> </td> </tr> <tr> <td style="vertical-align: top" class="ms-rtetablecells" width="63"> <div>CVE-2009-3867</div> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="62"> <p align="right">2,638,311</p> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="75"> <div align="right">1,119,191</div> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="323"> <div>Another remote code execution, multi-platform issue caused by improper parsing of long file:// URL arguments.</div> </td> </tr> <tr> <td style="vertical-align: top" class="ms-rtetablecells" width="62"> <div>CVE-2010-0094</div> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="65"> <p align="right">213,502</p> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="78"> <div align="right">173,123</div> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="319"> <div>Another deserialization issue, very similar to CVE-2008-5353.</div> </td> </tr> </tbody></table> </div>
Which if I borrow from Alex2364 here's a screenshot of MSE on his PC
Now luckily of you've been updating your Java you're ok cause these have all been patched
I was on my brother's PC a couple days ago and saw some of the similar exploits, I'm not sure if they were successful or not cause they were in protected mode but I don't think he'd updated his Java in a while.
Just a reminder to update your third party software (flash, java, reader) cause it's now become the main point of attack instead of Windows.
I recommending going to www.ninite.com clicking on java, flash and reader and letting it update it for you.
http://blogs.technet.com/b/mmpc/arch...-the-java.aspx
<div> <table style="display: inline; border-collapse: collapse; font-size: 1em" border="1" cellspacing="2" cellpadding="2" width="532"><tbody> <tr> <td style="vertical-align: top" class="ms-rtetablecells" width="64"> <div><strong>CVE</strong></div> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="54"> <div align="right"><strong>Attacks</strong></div> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="67"> <div align="right"><strong>Computers</strong></div> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="335"> <div><strong>Description</strong></div> </td> </tr> <tr> <td style="vertical-align: top" class="ms-rtetablecells" width="64"> <div>CVE-2008-5353</div> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="58"> <div align="right">3,560,669</div> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="71"> <div align="right">1,196,480</div> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="328"> <div>A deserialization issue in vulnerable versions of JRE (Java Runtime Environment) allows remote code execution through Java-enabled browsers on multiple platforms, such as Microsoft Windows, Linux, and Apple Mac OS X.</div> </td> </tr> <tr> <td style="vertical-align: top" class="ms-rtetablecells" width="63"> <div>CVE-2009-3867</div> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="62"> <p align="right">2,638,311</p> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="75"> <div align="right">1,119,191</div> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="323"> <div>Another remote code execution, multi-platform issue caused by improper parsing of long file:// URL arguments.</div> </td> </tr> <tr> <td style="vertical-align: top" class="ms-rtetablecells" width="62"> <div>CVE-2010-0094</div> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="65"> <p align="right">213,502</p> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="78"> <div align="right">173,123</div> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="319"> <div>Another deserialization issue, very similar to CVE-2008-5353.</div> </td> </tr> </tbody></table> </div>
Which if I borrow from Alex2364 here's a screenshot of MSE on his PC
Now luckily of you've been updating your Java you're ok cause these have all been patched
I was on my brother's PC a couple days ago and saw some of the similar exploits, I'm not sure if they were successful or not cause they were in protected mode but I don't think he'd updated his Java in a while.
Just a reminder to update your third party software (flash, java, reader) cause it's now become the main point of attack instead of Windows.
I recommending going to www.ninite.com clicking on java, flash and reader and letting it update it for you.
http://blogs.technet.com/b/mmpc/arch...-the-java.aspx
Last edited by #1 STUNNA; 10-19-2010 at 01:21 PM.
#4
Senior Moderator
Good thread, Stunna...
#5
Go Giants
Been hearing good things about Avast Free.
#6
Needs more Lemon Pledge
#7
Sanest Florida Man
Thread Starter
now for a little advice on how to configure Adobe Reader. Reader like most adobe software is riddled with security holes and they've been getting their ass handed to them as of late on the security front. There are some a couple settings you can change that will help this though.
If you open reader and go to preferences (ctrl + k) and
1. click on "Javascript" and turn off javascript.
2. Then go to "Trust Manager" and turn off "Allow opening of non-pdf file attachments with external applications"
Now if you're wondering if you should've had a holy shit WTF moment while reading the last two the answer is yes. By default reader allows javascript aka the java exploits I mentioned above to be run via PDF! As are external applications, so you open a PDF and it runs a malicous exe! WTF! Why does reader need to run java or external applications!?!?
I turned these off a few months ago and I'm glad that I did. Recently I was browsing a shady site and I moused over or accidentally clicked on a flash banner and bam! Reader opens up real fast with a blank PDF and this PDF wants to run Javascript! Luckily I had turned Java off for PDFs and so Reader was waiting for me to approve this PDF to run Java which I of course declined. Then the same thing happened a few days later. I wonder if I had java turned on would that blank empty PDF have even opened or would it have just done it's exploit in the background.
As for downsides, I've yet to see a legit PDF prompt me to run Javascript or open an external application. So please do yourself the favor and turn those settings off.
If you open reader and go to preferences (ctrl + k) and
1. click on "Javascript" and turn off javascript.
2. Then go to "Trust Manager" and turn off "Allow opening of non-pdf file attachments with external applications"
Now if you're wondering if you should've had a holy shit WTF moment while reading the last two the answer is yes. By default reader allows javascript aka the java exploits I mentioned above to be run via PDF! As are external applications, so you open a PDF and it runs a malicous exe! WTF! Why does reader need to run java or external applications!?!?
I turned these off a few months ago and I'm glad that I did. Recently I was browsing a shady site and I moused over or accidentally clicked on a flash banner and bam! Reader opens up real fast with a blank PDF and this PDF wants to run Javascript! Luckily I had turned Java off for PDFs and so Reader was waiting for me to approve this PDF to run Java which I of course declined. Then the same thing happened a few days later. I wonder if I had java turned on would that blank empty PDF have even opened or would it have just done it's exploit in the background.
As for downsides, I've yet to see a legit PDF prompt me to run Javascript or open an external application. So please do yourself the favor and turn those settings off.
Trending Topics
#9
Sanest Florida Man
Thread Starter
It might be a good idea for you guy to clean out your java cache since apparently CCleaner doesn't clean that.
you can clean your java cache by in Vasta/7 just do a seach for "Java" click on the java control panel, click settins for Temp internet files and then choose delete. For XP click control panel and then choose the java control panel the rest of the steps are the same.
you can clean your java cache by in Vasta/7 just do a seach for "Java" click on the java control panel, click settins for Temp internet files and then choose delete. For XP click control panel and then choose the java control panel the rest of the steps are the same.
#11
Sanest Florida Man
Thread Starter
#12
Three Wheelin'
Because of this thread, I did a full scan on my computer and it found an "Exploit:Java/CVE-2009-3867.LM". I wonder where I'm getting all these things from.
#13
Sanest Florida Man
Thread Starter
You shouldn't have to worry about those because the whole is patched. You have the malicous file but it can't execute cause it doesn't work.
Just like I can have the files for Conficker on my PC but it can't do shit cause Windows 7 isn't vulnerable to it.
But yeah some shady site is trying to fuck up your world
Just like I can have the files for Conficker on my PC but it can't do shit cause Windows 7 isn't vulnerable to it.
But yeah some shady site is trying to fuck up your world
#14
Team Owner
You could just buy a mac and skip this thread.
#16
Go Giants
#17
Az User
Join Date: Feb 2005
Location: parts unknown
Age: 46
Posts: 12,815
Received 2,559 Likes
on
1,708 Posts
http://www.bleepingcomputer.com/comb...o-use-combofix
COMBOFIX FTW
love this program used it so many times and fixed so many computers
COMBOFIX FTW
love this program used it so many times and fixed so many computers
#18
Team Owner
#19
IIRC it didn't have the "official" in the title when the thread started.
#20
Needs more Lemon Pledge
#21
Team Owner
#22
http://www.bleepingcomputer.com/comb...o-use-combofix
COMBOFIX FTW
love this program used it so many times and fixed so many computers
COMBOFIX FTW
love this program used it so many times and fixed so many computers
I've rarely found anything that it couldn't fix, even though sometimes it involved some tweaking.
And always download a new copy when you use it, and only from that link!
#23
#24
Senior Moderator
Join Date: May 2003
Location: Better Neighborhood, Arizona
Posts: 45,641
Received 2,329 Likes
on
1,309 Posts
#25
Suzuka Master
Thank you for this thread. I went and turned off all the java shit in reader and had no idea that was how reader was able to get pdf exploits until this. What do you think is better to use AVG free or MSE for security? I don't wanna pay money cos I haven't had any issues with good free anti-virus software lately.
#26
Senior Moderator
Join Date: May 2003
Location: Better Neighborhood, Arizona
Posts: 45,641
Received 2,329 Likes
on
1,309 Posts
Microsoft Security Essentials doesn't noticeably slow down my machine and occasionally picks something up. I browse safe and sane websites though, so your mileage may vary.
#27
Team Owner
I use MSE on all of my home computers as well. It's been solid except on my son's XP machine where he managed to contract a virus (he doesn't do a good job of keeping it up to date). It was a quick/easy repair once I killed the infection and updated MSE.
#28
Sanest Florida Man
Thread Starter
MSE
And my title didn't originally have the word official in it, yumcha edited the title.
Also yeah the thing with these exploits in 3rd party software is that they're usually cross platform so don't get all high and mighty
And my title didn't originally have the word official in it, yumcha edited the title.
Also yeah the thing with these exploits in 3rd party software is that they're usually cross platform so don't get all high and mighty
#29
Sanest Florida Man
Thread Starter
Since I've been on this forum I think I've given pretty much all the tips I've got right now for securing your Computer. Let's review shall we.
1. Block 3rd party cookies which are usually for tracking you and sending you junk mail. This is done in your browsers cookie/content/privacy options. I've noticed in the past few months that I don't get junk email anymore, IDK if it's cause Hotmail really stepped it's game up or what but I haven't seen any unsolicited junk hit my inbox in months and I kinda like it.
2. Install MVPS HOSTS File, it blocks ad servers and known servers that serve malware. This leads to a safer, less annoying and faster internet experience. I put a shortcut too rename the HOSTS file on their desktop and have them use it if the encounter a site that causes an issue, which isn't very often. www.mvps.org/winhelp2002/hosts.htm http://www.mvps.org/winhelp2002/hostsfaq.htm#Rename
3. Go to www.ninite.com and install updates for your software, update them when they tell you too.
4. Run MSE, it's the best free AV I've used. Nothings perfect but I don't really have any complaints about it. www.microsoft.com/security_essentials
5. Use Google Chrome, it's sandboxed browser adds another layer of protection, the sandbox even works in XP so it's definite improvement over any of the competitors not to mention speed and UI. www.google.com/chrome
6. Disable Javascript and prevent PDFs from opening executable files in Adobe Reader. Even if you use Foxit reader or any other 3rd party reader you're still vulnerable to an exe exploit. https://acurazine.com/forums/showpos...20&postcount=7
That's pretty much all the changes I make on a computer to secure it. I've done this on a bunch of computers and I've yet to be called back for a malware infection. I'm not saying it's bulletproof I'm just speaking from my experience so far.
1. Block 3rd party cookies which are usually for tracking you and sending you junk mail. This is done in your browsers cookie/content/privacy options. I've noticed in the past few months that I don't get junk email anymore, IDK if it's cause Hotmail really stepped it's game up or what but I haven't seen any unsolicited junk hit my inbox in months and I kinda like it.
2. Install MVPS HOSTS File, it blocks ad servers and known servers that serve malware. This leads to a safer, less annoying and faster internet experience. I put a shortcut too rename the HOSTS file on their desktop and have them use it if the encounter a site that causes an issue, which isn't very often. www.mvps.org/winhelp2002/hosts.htm http://www.mvps.org/winhelp2002/hostsfaq.htm#Rename
3. Go to www.ninite.com and install updates for your software, update them when they tell you too.
4. Run MSE, it's the best free AV I've used. Nothings perfect but I don't really have any complaints about it. www.microsoft.com/security_essentials
5. Use Google Chrome, it's sandboxed browser adds another layer of protection, the sandbox even works in XP so it's definite improvement over any of the competitors not to mention speed and UI. www.google.com/chrome
6. Disable Javascript and prevent PDFs from opening executable files in Adobe Reader. Even if you use Foxit reader or any other 3rd party reader you're still vulnerable to an exe exploit. https://acurazine.com/forums/showpos...20&postcount=7
That's pretty much all the changes I make on a computer to secure it. I've done this on a bunch of computers and I've yet to be called back for a malware infection. I'm not saying it's bulletproof I'm just speaking from my experience so far.
Last edited by #1 STUNNA; 10-20-2010 at 01:14 AM.
#30
Go Giants
I make $65 for every virus I clean out....So stop it.
#33
#34
#35
Sanest Florida Man
Thread Starter
isn't it fucked up when you have to go back to client 3 or 4 times!? I have this client who just kept getting viruses, every few months I'd be back over fixing it. Eventually her PC died so I had to rebuild it, I put her on Windows 7, installed MSE and the HOSTS file and I haven't had to go over there for malware since. But there's lots of other fish in the sea.
I tell people this but I can't enforce it.
https://acurazine.com/forums/technology-16/software-tip-week-740534/
#40
Turd Polisher
iTrader: (1)
^ Ninite is awesome, we use it on our deployments .
All great info in this thread, MSE is a great program.
All great info in this thread, MSE is a great program.