The Official Internet/Computer Security News Discussion Thread
I've been meaning to make this thread for a while. I'd like this to be where we can discuss the latest trends in malware, phishing attacks, social engineering attacks, etc. Also things to look out for, how to configure your computer to enhance security and where people can come and get help if they need it.
|
First up, MS found that Java exploits are greatly on the rise!
http://blogs.technet.com/cfs-file.as...0_4E60F3A5.gif <div> <table style="display: inline; border-collapse: collapse; font-size: 1em" border="1" cellspacing="2" cellpadding="2" width="532"><tbody> <tr> <td style="vertical-align: top" class="ms-rtetablecells" width="64"> <div><strong>CVE</strong></div> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="54"> <div align="right"><strong>Attacks</strong></div> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="67"> <div align="right"><strong>Computers</strong></div> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="335"> <div><strong>Description</strong></div> </td> </tr> <tr> <td style="vertical-align: top" class="ms-rtetablecells" width="64"> <div>CVE-2008-5353</div> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="58"> <div align="right">3,560,669</div> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="71"> <div align="right">1,196,480</div> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="328"> <div>A deserialization issue in vulnerable versions of JRE (Java Runtime Environment) allows remote code execution through Java-enabled browsers on multiple platforms, such as Microsoft Windows, Linux, and Apple Mac OS X.</div> </td> </tr> <tr> <td style="vertical-align: top" class="ms-rtetablecells" width="63"> <div>CVE-2009-3867</div> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="62"> <p align="right">2,638,311</p> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="75"> <div align="right">1,119,191</div> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="323"> <div>Another remote code execution, multi-platform issue caused by improper parsing of long file:// URL arguments.</div> </td> </tr> <tr> <td style="vertical-align: top" class="ms-rtetablecells" width="62"> <div>CVE-2010-0094</div> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="65"> <p align="right">213,502</p> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="78"> <div align="right">173,123</div> </td> <td style="vertical-align: top" class="ms-rtetablecells" width="319"> <div>Another deserialization issue, very similar to CVE-2008-5353.</div> </td> </tr> </tbody></table> </div> Which if I borrow from Alex2364 here's a screenshot of MSE on his PC https://i53.tinypic.com/iwm079.jpg Now luckily of you've been updating your Java you're ok cause these have all been patched I was on my brother's PC a couple days ago and saw some of the similar exploits, I'm not sure if they were successful or not cause they were in protected mode but I don't think he'd updated his Java in a while. Just a reminder to update your third party software (flash, java, reader) cause it's now become the main point of attack instead of Windows. I recommending going to www.ninite.com clicking on java, flash and reader and letting it update it for you. http://blogs.technet.com/b/mmpc/arch...-the-java.aspx |
good info!
|
Good thread, Stunna... :nod:
|
Been hearing good things about Avast Free.
|
:soopa:
|
now for a little advice on how to configure Adobe Reader. Reader like most adobe software is riddled with security holes and they've been getting their ass handed to them as of late on the security front. There are some a couple settings you can change that will help this though.
If you open reader and go to preferences (ctrl + k) and 1. click on "Javascript" and turn off javascript. 2. Then go to "Trust Manager" and turn off "Allow opening of non-pdf file attachments with external applications" Now if you're wondering if you should've had a holy shit WTF moment while reading the last two the answer is yes. By default reader allows javascript aka the java exploits I mentioned above to be run via PDF! As are external applications, so you open a PDF and it runs a malicous exe! WTF! Why does reader need to run java or external applications!?!? I turned these off a few months ago and I'm glad that I did. Recently I was browsing a shady site:pervert: and I moused over or accidentally clicked on a flash banner and bam! Reader opens up real fast with a blank PDF and this PDF wants to run Javascript! Luckily I had turned Java off for PDFs and so Reader was waiting for me to approve this PDF to run Java which I of course declined. Then the same thing happened a few days later. I wonder if I had java turned on would that blank empty PDF have even opened or would it have just done it's exploit in the background. As for downsides, I've yet to see a legit PDF prompt me to run Javascript or open an external application. So please do yourself the favor and turn those settings off. |
I feel so special now. :tongue:
|
It might be a good idea for you guy to clean out your java cache since apparently CCleaner doesn't clean that.
you can clean your java cache by in Vasta/7 just do a seach for "Java" click on the java control panel, click settins for Temp internet files and then choose delete. For XP click control panel and then choose the java control panel the rest of the steps are the same. |
^ Thanks
I could not find a javascript option :( |
Originally Posted by alex2364
(Post 12429031)
I feel so special now. :tongue:
|
Because of this thread, I did a full scan on my computer and it found an "Exploit:Java/CVE-2009-3867.LM". I wonder where I'm getting all these things from. :screwy:
|
You shouldn't have to worry about those because the whole is patched. You have the malicous file but it can't execute cause it doesn't work.
Just like I can have the files for Conficker on my PC but it can't do shit cause Windows 7 isn't vulnerable to it. But yeah some shady site is trying to fuck up your world |
You could just buy a mac and skip this thread.:tongue:
|
:run:
Oh noes! An 'official' thread not started by a mod. :run:
Originally Posted by doopstr
(Post 12429169)
You could just buy a mac and skip this thread.:tongue:
|
Originally Posted by doopstr
(Post 12429169)
You could just buy a mac and skip this thread.:tongue:
|
http://www.bleepingcomputer.com/comb...o-use-combofix
COMBOFIX FTW love this program used it so many times and fixed so many computers |
Originally Posted by TS_eXpeed
(Post 12429193)
:run:
Oh noes! An 'official' thread not started by a mod. :run: |
IIRC it didn't have the "official" in the title when the thread started.
|
Originally Posted by jupitersolo
(Post 12429243)
IIRC it didn't have the "official" in the title when the thread started.
|
Originally Posted by jupitersolo
(Post 12429243)
IIRC it didn't have the "official" in the title when the thread started.
|
Originally Posted by 03SSMTL-S
(Post 12429220)
http://www.bleepingcomputer.com/comb...o-use-combofix
COMBOFIX FTW love this program used it so many times and fixed so many computers I've rarely found anything that it couldn't fix, even though sometimes it involved some tweaking. And always download a new copy when you use it, and only from that link! |
Originally Posted by stogie1020
(Post 12429258)
SHHHHHHhhhhhh!
Originally Posted by svtmike
(Post 12429268)
:nodez:
|
Originally Posted by doopstr
(Post 12429169)
You could just buy a mac and skip this thread.:tongue:
A deserialization issue in vulnerable versions of JRE (Java Runtime Environment) allows remote code execution through Java-enabled browsers on multiple platforms, such as Microsoft Windows, Linux, and Apple Mac OS X. |
Thank you for this thread. I went and turned off all the java shit in reader and had no idea that was how reader was able to get pdf exploits until this. What do you think is better to use AVG free or MSE for security? I don't wanna pay money cos I haven't had any issues with good free anti-virus software lately.
|
Microsoft Security Essentials doesn't noticeably slow down my machine and occasionally picks something up. I browse safe and sane websites though, so your mileage may vary. :shrug:
|
I use MSE on all of my home computers as well. It's been solid except on my son's XP machine where he managed to contract a virus (he doesn't do a good job of keeping it up to date). It was a quick/easy repair once I killed the infection and updated MSE.
|
MSE
And my title didn't originally have the word official in it, yumcha edited the title. Also yeah the thing with these exploits in 3rd party software is that they're usually cross platform so don't get all high and mighty |
Since I've been on this forum I think I've given pretty much all the tips I've got right now for securing your Computer. Let's review shall we.
1. Block 3rd party cookies which are usually for tracking you and sending you junk mail. This is done in your browsers cookie/content/privacy options. I've noticed in the past few months that I don't get junk email anymore, IDK if it's cause Hotmail really stepped it's game up or what but I haven't seen any unsolicited junk hit my inbox in months and I kinda like it. 2. Install MVPS HOSTS File, it blocks ad servers and known servers that serve malware. This leads to a safer, less annoying and faster internet experience. I put a shortcut too rename the HOSTS file on their desktop and have them use it if the encounter a site that causes an issue, which isn't very often. www.mvps.org/winhelp2002/hosts.htm http://www.mvps.org/winhelp2002/hostsfaq.htm#Rename 3. Go to www.ninite.com and install updates for your software, update them when they tell you too. 4. Run MSE, it's the best free AV I've used. Nothings perfect but I don't really have any complaints about it. www.microsoft.com/security_essentials 5. Use Google Chrome, it's sandboxed browser adds another layer of protection, the sandbox even works in XP so it's definite improvement over any of the competitors not to mention speed and UI. www.google.com/chrome 6. Disable Javascript and prevent PDFs from opening executable files in Adobe Reader. Even if you use Foxit reader or any other 3rd party reader you're still vulnerable to an exe exploit. https://acurazine.com/forums/showpos...20&postcount=7 That's pretty much all the changes I make on a computer to secure it. I've done this on a bunch of computers and I've yet to be called back for a malware infection. I'm not saying it's bulletproof I'm just speaking from my experience so far. |
:annoyed: I make $65 for every virus I clean out....So stop it.
|
Originally Posted by #1 STUNNA
(Post 12430449)
Since I've been on this forum I think I've given pretty much all the tips I've got right now for securing your Computer. Let's review shall we.
|
Thoughts about including other random helpful utilities in this thread or do they warrant their own thread?
|
Originally Posted by rza49311
(Post 12430774)
8. Use common sense(think before you click)...Often overlooked and doesn't require a download or update :tongue:
|
Originally Posted by rza49311
(Post 12430774)
8. Use common sense(think before you click)...Often overlooked and doesn't require a download or update :tongue:
|
Originally Posted by Whiskers
(Post 12430666)
:annoyed: I make $65 for every virus I clean out....So stop it.
Originally Posted by rza49311
(Post 12430774)
8. Use common sense(think before you click)...Often overlooked and doesn't require a download or update :tongue:
Originally Posted by The Dougler
(Post 12430782)
Thoughts about including other random helpful utilities in this thread or do they warrant their own thread?
Originally Posted by jupitersolo
(Post 12430865)
99% of the time, the head w/o brains is surfing...
|
Originally Posted by rza49311
(Post 12430774)
8. Use common sense(think before you click)...Often overlooked and doesn't require a download or update :tongue:
Originally Posted by jupitersolo
(Post 12430865)
99% of the time, the head w/o brains is surfing...
Originally Posted by Scottman111
(Post 12431066)
Wouldn't that be nice. Seems like a lot of people using their work computers care even less. I really don't know how a company can survive without a web filter.
Originally Posted by #1 STUNNA
(Post 12431110)
I tell people this but I can't enforce it. : |
Originally Posted by rza49311
(Post 12430774)
8. Use common sense(think before you click)...Often overlooked and doesn't require a download or update :tongue:
Originally Posted by jupitersolo
(Post 12430865)
99% of the time, the head w/o brains is surfing...
Originally Posted by Scottman111
(Post 12431066)
Wouldn't that be nice. Seems like a lot of people using their work computers care even less. I really don't know how a company can survive without a web filter.
Originally Posted by #1 STUNNA
(Post 12431110)
I tell people this but I can't enforce it. : |
Great thread Stunna, thanks
|
Thanks.
*edit MSE for 64bit win7?? hurry im unprotected. nvm I dled from ninite |
^ Ninite is awesome, we use it on our deployments :).
All great info in this thread, MSE is a great program. |
All times are GMT -5. The time now is 10:53 AM. |
© 2024 MH Sub I, LLC dba Internet Brands