Go Back  AcuraZine - Acura Enthusiast Community > Off Topic Discussion > Ramblings > Technology
Reload this Page >

The Official Internet/Computer Security News Discussion Thread

Notices
Technology Get the latest on technology, electronics and software…

The Official Internet/Computer Security News Discussion Thread

 
Old 09-22-2012, 12:40 AM
  #361  
youtu.be/TejoMjHk3x0
Thread Starter
 
#1 STUNNA's Avatar
 
Join Date: Aug 2007
Location: Florida
Posts: 30,179
Received 3,934 Likes on 2,315 Posts
They released the patch on friday
#1 STUNNA is online now  
Old 10-27-2012, 07:46 PM
  #362  
Moderator
 
Mizouse's Avatar
 
Join Date: Oct 2004
Location: Las Vegas
Age: 35
Posts: 56,786
Received 1,378 Likes on 974 Posts
Piece of crap, MSE crashes/freezes when it tries to update or do a full scan..

Running malware bytes shows 5 Objects detected so far...
Mizouse is offline  
Old 10-27-2012, 07:51 PM
  #363  
Registered Member
 
doopstr's Avatar
 
Join Date: Jan 2001
Location: Jersey
Age: 47
Posts: 23,338
Received 1,042 Likes on 636 Posts
My sisterinlaw had the File Recovery nasty malware.
These directions were great. Recovered the files and shortcuts
http://malwaretips.com/blogs/file-re...removal-guide/
doopstr is online now  
Old 10-27-2012, 07:55 PM
  #364  
Moderator
 
Mizouse's Avatar
 
Join Date: Oct 2004
Location: Las Vegas
Age: 35
Posts: 56,786
Received 1,378 Likes on 974 Posts
Found 10 objects including PUM.Hijack.TaskManager

Thanks stunna.



Now just need to get windows to shutdown again...
Mizouse is offline  
Old 10-27-2012, 07:59 PM
  #365  
Moderator
 
Mizouse's Avatar
 
Join Date: Oct 2004
Location: Las Vegas
Age: 35
Posts: 56,786
Received 1,378 Likes on 974 Posts
This is on my sisters computer BTW.


Decided to check my computer too and saw MSE quarantined 3 things, so I removed them and ran my normal checks. Seems ok so far.
Mizouse is offline  
Old 10-27-2012, 08:12 PM
  #366  
Moderator
 
Mizouse's Avatar
 
Join Date: Oct 2004
Location: Las Vegas
Age: 35
Posts: 56,786
Received 1,378 Likes on 974 Posts
Damn you Java, just cleared the cache.
Mizouse is offline  
Old 10-27-2012, 09:01 PM
  #367  
Moderator
 
Mizouse's Avatar
 
Join Date: Oct 2004
Location: Las Vegas
Age: 35
Posts: 56,786
Received 1,378 Likes on 974 Posts
Ohh sweet, I think I finally cleaned it. But now it says windows XP isn't passing WGA
Mizouse is offline  
Old 11-09-2012, 11:08 AM
  #368  
Moderator
 
Mizouse's Avatar
 
Join Date: Oct 2004
Location: Las Vegas
Age: 35
Posts: 56,786
Received 1,378 Likes on 974 Posts
New zero-day exploit circumvents Adobe Reader's Protected Mode
By Justin Rubio 24 Hours Ago



Cybercrime investigation company Group-IB has discovered a zero-day Adobe Reader X and XI exploit that is immune to the program's new Protected Mode. Announced in July, Reader's sandboxing capabilities add an extra layer of defense by securing malicious code found in PDFs and restricting what kinds of actions these files can execute. As explained by IDG, the exploit is not affected by the program's Protected Mode and can be launched even if Javascript support is disabled — many Reader exploits rely on Javascript code embedded into PDF files. Firefox and Internet Explorer users are potential victims, while Chrome's added built-in security causes the code to fail. Group-IB has identified the vulnerability as being part of the "Blackhole Exploit-Kit," a tool that is utilized to deploy banking Trojans.

The exploit — which is currently being sold on the black market for $30,000 to $50,000 — has been submitted to Adobe's Product Security Incident Response Team, although the company has yet to deliver a response or issue a fix. The mere existence of the vulnerability questions the effectiveness of the app's highly-touted preventative measure — but should the exploit be verified, Adobe will likely issue a prompt emergency update to Reader.
Mizouse is offline  
Old 01-11-2013, 05:47 PM
  #369  
The sizzle in the Steak
 
Moog-Type-S's Avatar
 
Join Date: Nov 2001
Location: Southern California
Posts: 71,438
Received 1,876 Likes on 1,296 Posts
Java Exploit Added to Crimeware Kits Soon After Discovery

A security researcher finds that seven exploit kits have added an attack for a previously unreported flaw in the latest version of the Java Runtime Environment.

Security experts are again calling for users to disable the Java browser plug-in and uninstall the software on their systems, following the discovery of a zero-day vulnerability in the latest version of the Java Runtime Environment.

Information about the vulnerability emerged on Dec. 10, after a security professional discovered an exploit using the security hole to compromise systems. The vulnerability, which appears to only affect JRE (Java Runtime Environment) 1.7 and not prior versions, had not previously been known but appears to be similar to other Java security issues found in August 2012, said Jaime Blasco, labs manager at security-monitoring provider AlienVault.

The vulnerability allows a piece of Java code to break out, or escape, from the protected software container, or sandbox, that is a critical part of Java's security model, said Blasco, who had verified that the exploit worked.

"The most important thing about this is that it is a sandbox escape, not a memory exploitation or something similar, so most of the mitigations are not effective," he said.

The security professional who published details about the exploit, France-based security manager Charlie Hurel, worried that remaining quiet about the issue could lead to a large number of compromises.

"Hundreds of thousands of hits daily where I found it," he wrote in the alert. "This could be ... mayhem."

Last year, an academic paper by security researchers at Symantec found that stealthy attacks using unreported vulnerabilities can remain undiscovered for 10 months. Soon after such exploits are discovered, use of the attacks skyrocket as cybercriminals add the exploits to their tool boxes.

That's exactly what happened with the latest Java vulnerability. By the end of day, security researchers confirmed that at least seven exploit kits--the underground software that allows cybercriminals to quickly create illicit campaigns to steal money—had incorporated attacks that prey on the vulnerability.

The major exploit kits that had a variant of the attack included the Blackhole, Cool TK, Nuclear Pack, and Sakura exploit kits. In addition, the Metasploit project, which develops a free penetration tool with frequent updates for the latest exploits, published its own module last night to exploit the flaw as well.
"This is just as bad as the last five (vulnerabilities in Java)," said HD Moore, chief security officer at vulnerability-management firm Rapid7 and the founder of the Metasploit project. "Within an hour, we had working code."

About 13 percent of users are currently using Java 1.7 and so are vulnerable to the latest attack. Users of older versions--including Mac OS X users—are not necessarily safe, however, as a bevy of older attacks will likely work against their systems.

Unlike last year's Flashback Trojan attack that used a flaw in Java to infect victims' systems, the latest attack is being used to spread a different form of malware: Ransom ware. The scheme typically uses malware to lock a user's machine until they pay a fee and quickly spread across Europe to North America last year.

"We are talking about huge amounts of money here," said Bogdan Botezatu, senior threat analyst for security firm BitDefender. "And as long as they can make easy money, they will keep this up."
http://www.eweek.com/security/java-e...ter-discovery/
Moog-Type-S is offline  
Old 01-11-2013, 06:56 PM
  #370  
Registered Member
 
doopstr's Avatar
 
Join Date: Jan 2001
Location: Jersey
Age: 47
Posts: 23,338
Received 1,042 Likes on 636 Posts
Homeland Security says everyone should uninstall/disable java.
http://www.zdnet.com/homeland-securi...aw-7000009713/

Must be serious, even Apple stepped up.
http://www.macrumors.com/2013/01/11/...curity-threat/
doopstr is online now  
Old 01-11-2013, 08:08 PM
  #371  
youtu.be/TejoMjHk3x0
Thread Starter
 
#1 STUNNA's Avatar
 
Join Date: Aug 2007
Location: Florida
Posts: 30,179
Received 3,934 Likes on 2,315 Posts
Been sayin that shit for a long time!

Oracle hasn't done shit to make it secure, they keep patching exploits instead of adding mitigation features to make it more difficult to exploit.

Last edited by #1 STUNNA; 01-11-2013 at 08:13 PM.
#1 STUNNA is online now  
Old 01-16-2013, 02:33 PM
  #372  
Registered Member
 
doopstr's Avatar
 
Join Date: Jan 2001
Location: Jersey
Age: 47
Posts: 23,338
Received 1,042 Likes on 636 Posts
http://www.nbcnews.com/technology/te...java-1B8000547
Homeland Security still says no to Java
The Department of Homeland Security says despite some fixes to Java, it continues to recommend users disable the program in their Web browsers, because it remains vulnerable to attacks that could result in identity theft and other cyber crimes.
doopstr is online now  
Old 01-30-2013, 04:50 PM
  #373  
youtu.be/TejoMjHk3x0
Thread Starter
 
#1 STUNNA's Avatar
 
Join Date: Aug 2007
Location: Florida
Posts: 30,179
Received 3,934 Likes on 2,315 Posts
Good thing I didn't have java installed...



I mistyped a web address and it took me to the wrong page and bam immediately Windows Defender (MSE built-in to Windows 8) kicked in and caught it. Though it was never a threat to me since I don't have java...
#1 STUNNA is online now  
Old 01-31-2013, 03:45 AM
  #374  
Go Giants
 
Whiskers's Avatar
 
Join Date: Aug 2004
Location: PA
Age: 48
Posts: 69,256
Received 986 Likes on 670 Posts
Hmm, weird I have Java installed on all my machines and no issues....Oh noes.
Whiskers is offline  
Old 01-31-2013, 04:05 PM
  #375  
Registered Member
 
doopstr's Avatar
 
Join Date: Jan 2001
Location: Jersey
Age: 47
Posts: 23,338
Received 1,042 Likes on 636 Posts
Apple blocks Java on Macs due to vulnerabilities
http://www.nbcnews.com/technology/te...ties-1B8186534
Mac computers have stopped running programs written using the Java programming language in their browsers, as Apple blocked it because of security problems.

Apple has previously blocked, then unblocked, the latest version of Java on the most recent versions of its Mac operating system. On Thursday, Apple also started blocking an older version of the Mac system, called Snow Leopard, from running Java 6, also an older version.

The U.S. Department of Homeland Security recommends disabling Java in Web browsers because it has provided pathways for hackers to take control of computers that visit a website rigged with malicious software. Oracle Corp., which owns Java, has issued updates that fix known vulnerabilities, but the DHS expects that there are more.

Oracle had no immediate comment on Apple's action.
Funny how Apple was slow to react to this stuff when they were busy providing old insecure versions of Java. Now that Oracle supplies the builds, they are all over it.

Last edited by doopstr; 01-31-2013 at 04:07 PM.
doopstr is online now  
Old 02-02-2013, 10:59 PM
  #376  
Banned
 
Join Date: Dec 2003
Location: MAGA country
Posts: 11,882
Received 1,707 Likes on 1,292 Posts
Originally Posted by #1 STUNNA View Post
Good thing I didn't have java installed...



I mistyped a web address and it took me to the wrong page and bam immediately Windows Defender (MSE built-in to Windows 8) kicked in and caught it. Though it was never a threat to me since I don't have java...
Dude, that's a JavaScript trojan, not Java. Two entirely different things....
nfnsquared is offline  
Old 02-19-2013, 12:31 PM
  #377  
youtu.be/TejoMjHk3x0
Thread Starter
 
#1 STUNNA's Avatar
 
Join Date: Aug 2007
Location: Florida
Posts: 30,179
Received 3,934 Likes on 2,315 Posts
Exclusive: Apple hit by hackers who targeted Facebook last week
(Reuters) - Apple Inc computers were attacked by the same hackers who targeted Facebook Inc, but no data appeared to have been stolen, the company said on Tuesday in an unprecedented admission of a widespread cyber-security breach.

Facebook revealed on Friday that unidentified hackers traced to China had staged a sophisticated attack by infiltrating its employees' laptops, but no user information was compromised.

Apple, which is working with law enforcement to track down the hackers, told Reuters that only a small number of its employees' Macintosh computers were breached, but "there was no evidence that any data left Apple."

The iPhone and iPad maker said it would release a software tool later on Tuesday to protect customers against the malicious software used in the attacks.

Cyber-security attacks have been on the rise. In last week's State of the Union address, U.S. President Barack Obama issued an executive order seeking better protection of the country's critical infrastructure from cyber attacks.
http://www.reuters.com/article/2013/...91I10920130219
#1 STUNNA is online now  
Old 02-19-2013, 12:49 PM
  #378  
Registered Member
 
doopstr's Avatar
 
Join Date: Jan 2001
Location: Jersey
Age: 47
Posts: 23,338
Received 1,042 Likes on 636 Posts
Yes, let's continue to buy all of our electronics from China while they wage cyberwarfare against us. Am I the only one that thinks this is stupid?

Last edited by doopstr; 02-19-2013 at 12:52 PM.
doopstr is online now  
Old 02-19-2013, 01:10 PM
  #379  
1919
 
Scottman111's Avatar
 
Join Date: Mar 2005
Age: 34
Posts: 21,469
Likes: 0
Received 162 Likes on 134 Posts
Expect it to get worse


A lot of banks are getting hit too, small and large, although you won't hear much about it.
Scottman111 is offline  
Old 02-19-2013, 01:12 PM
  #380  
youtu.be/TejoMjHk3x0
Thread Starter
 
#1 STUNNA's Avatar
 
Join Date: Aug 2007
Location: Florida
Posts: 30,179
Received 3,934 Likes on 2,315 Posts
Get a mac...
#1 STUNNA is online now  
Old 02-19-2013, 03:00 PM
  #381  
Registered Member
 
doopstr's Avatar
 
Join Date: Jan 2001
Location: Jersey
Age: 47
Posts: 23,338
Received 1,042 Likes on 636 Posts
Where is the outrage?

http://usnews.nbcnews.com/_news/2013...perts-say?lite
Successful hacker attack could cripple U.S. infrastructure, experts say

A report tying the Chinese military to computer attacks against American interests has sent a chill through cyber-security experts, who worry that the very lifelines of the United States — its energy pipelines, its water supply, its banks — are increasingly at risk.
doopstr is online now  
Old 02-19-2013, 03:31 PM
  #382  
Registered Member
 
doopstr's Avatar
 
Join Date: Jan 2001
Location: Jersey
Age: 47
Posts: 23,338
Received 1,042 Likes on 636 Posts
doopstr is online now  
Old 02-19-2013, 07:36 PM
  #383  
Administrator Alumnus
 
Scrib's Avatar
 
Join Date: Oct 2001
Location: Northwest IN
Posts: 26,320
Received 113 Likes on 78 Posts
Scrib is offline  
Old 02-19-2013, 08:03 PM
  #384  
Moderator
 
Mizouse's Avatar
 
Join Date: Oct 2004
Location: Las Vegas
Age: 35
Posts: 56,786
Received 1,378 Likes on 974 Posts
Google was hit as well.
Mizouse is offline  
Old 05-28-2013, 07:28 PM
  #385  
Needs more Lemon Pledge
 
stogie1020's Avatar
 
Join Date: Mar 2005
Location: Phoenix, AZ
Age: 46
Posts: 52,382
Received 1,871 Likes on 1,103 Posts
Just and FYI for those of you relying on Snapchat to delete your sexts after a few minutes...

They remain on the handsets long after they "expire"...

http://www.ksl.com/?sid=25106057
stogie1020 is online now  
The following users liked this post:
#1 STUNNA (05-29-2013)
Old 05-28-2013, 10:31 PM
  #386  
Moderator
 
Mizouse's Avatar
 
Join Date: Oct 2004
Location: Las Vegas
Age: 35
Posts: 56,786
Received 1,378 Likes on 974 Posts
Mizouse is offline  
Old 07-16-2013, 11:40 AM
  #387  
Registered Member
 
doopstr's Avatar
 
Join Date: Jan 2001
Location: Jersey
Age: 47
Posts: 23,338
Received 1,042 Likes on 636 Posts
doopstr is online now  
Old 09-02-2014, 10:22 PM
  #388  
Moderator
 
Mizouse's Avatar
 
Join Date: Oct 2004
Location: Las Vegas
Age: 35
Posts: 56,786
Received 1,378 Likes on 974 Posts
Mizouse is offline  
Old 09-03-2014, 11:13 AM
  #389  
Needs more Lemon Pledge
 
stogie1020's Avatar
 
Join Date: Mar 2005
Location: Phoenix, AZ
Age: 46
Posts: 52,382
Received 1,871 Likes on 1,103 Posts
start the slow chant with me....


2FA

2FA

2FA...
stogie1020 is online now  
Old 09-03-2014, 11:14 AM
  #390  
Senior Moderator
 
Ken1997TL's Avatar
 
Join Date: May 2003
Location: Better Neighborhood, Arizona
Posts: 45,468
Received 2,165 Likes on 1,234 Posts
Originally Posted by stogie1020 View Post
start the slow chant with me....


2FA

2FA

2FA...
Alligators and a moat?
Ken1997TL is offline  
Old 09-03-2014, 11:23 AM
  #391  
Needs more Lemon Pledge
 
stogie1020's Avatar
 
Join Date: Mar 2005
Location: Phoenix, AZ
Age: 46
Posts: 52,382
Received 1,871 Likes on 1,103 Posts


OK, 2FA and alligators and a moat.

doesn't quite roll off the tongue as easily though...
stogie1020 is online now  
Old 09-03-2014, 11:33 AM
  #392  
Needs more Lemon Pledge
 
stogie1020's Avatar
 
Join Date: Mar 2005
Location: Phoenix, AZ
Age: 46
Posts: 52,382
Received 1,871 Likes on 1,103 Posts
FYI, didn't want to upset the fappening in the other thread...

Once iBrute is used to gain credentials, EPPB is used to access the content:

EPPB: http://www.elcomsoft.com/eppb.html

According to Elcomsoft, EPPB woks EVEN IF YOU ARE USING 2FA. Whoa.

Now, that may change rapidly here based on how apple responds to this. Apparently, EPPB mimics a trusted device, therefore bypassing the 2FA.

Last edited by stogie1020; 09-03-2014 at 11:36 AM.
stogie1020 is online now  
Old 09-03-2014, 04:58 PM
  #393  
Banned
 
Join Date: Dec 2003
Location: MAGA country
Posts: 11,882
Received 1,707 Likes on 1,292 Posts
Originally Posted by stogie1020 View Post
..Now, that may change rapidly here based on how apple responds to this. Apparently, EPPB mimics a trusted device, therefore bypassing the 2FA.
"2FA" and "trusted device" should should be mutually exclusive IMO.
nfnsquared is offline  
Old 09-03-2014, 05:31 PM
  #394  
Senior Moderator
 
Ken1997TL's Avatar
 
Join Date: May 2003
Location: Better Neighborhood, Arizona
Posts: 45,468
Received 2,165 Likes on 1,234 Posts
Originally Posted by nfnsquared View Post
"2FA" and "trusted device" should should be mutually exclusive IMO.
This
Ken1997TL is offline  
Old 09-03-2014, 05:33 PM
  #395  
Moderator
 
Mizouse's Avatar
 
Join Date: Oct 2004
Location: Las Vegas
Age: 35
Posts: 56,786
Received 1,378 Likes on 974 Posts
Meh, if someone wants to steal my nekkid please, please do. But I'll warn you, you'll want to gouge your eyes out.
Mizouse is offline  
Old 09-03-2014, 05:43 PM
  #396  
Needs more Lemon Pledge
 
stogie1020's Avatar
 
Join Date: Mar 2005
Location: Phoenix, AZ
Age: 46
Posts: 52,382
Received 1,871 Likes on 1,103 Posts
Originally Posted by nfnsquared View Post
"2FA" and "trusted device" should should be mutually exclusive IMO.
Originally Posted by Ken1997TL View Post
This
The idea being that you can validate a trusted device ONCE with 2FA and not have to validate THAT device every time. Obviously the use of a token, mac address or similar residing on the trusted device means that a bad guy might be able to replicate the trusted token, but in reality, I don't want to have to 2FA my home desktop computer for everything I do. Now, a laptop, cell phone, tablet that is on the move? You bet...
stogie1020 is online now  
The following users liked this post:
Mizouse (09-03-2014)
Old 09-03-2014, 07:36 PM
  #397  
Banned
 
Join Date: Dec 2003
Location: MAGA country
Posts: 11,882
Received 1,707 Likes on 1,292 Posts
Originally Posted by Mizouse View Post
Meh, if someone wants to steal my nekkid please, please do. But I'll warn you, you'll want to gouge your eyes out.
Yes, someone needs to set up 4FA for your photo stash
nfnsquared is offline  
The following users liked this post:
Mizouse (09-03-2014)
Old 09-05-2014, 11:45 AM
  #398  
Banned
 
Join Date: Dec 2003
Location: MAGA country
Posts: 11,882
Received 1,707 Likes on 1,292 Posts
Apple's two-step authentication side-steps the second step

http://windowsitpro.com/paul-thurrot...ptember-5-2014

Apple's two-step authentication side-steps the second step

Lost in Apple's description of the "hack" that resulted in nude celebrity photos "flooding" the Internet—we were so chaste before that, thanks Apple!—is the fact that the Cupertino consumer electronics giant has finally been bitten in the butt by its long-standing strategy of putting user experience before user safety. In an interview with The Wall Street Journal, Apple CEO Tim Cook confirmed my contention that those celebrities would never have been hacked if they used two-step authentication with OneDrive instead of iCloud to back up their photos. Why? Because OneDrive's two-step authentication actually works. So now Apple will implement fixes to the way iCloud security works, and one of the changes is that two-step authentication will actually kick-in more frequently, as it should. They'll figure it out.
nfnsquared is offline  
Old 11-10-2014, 02:12 PM
  #399  
Registered Member
 
doopstr's Avatar
 
Join Date: Jan 2001
Location: Jersey
Age: 47
Posts: 23,338
Received 1,042 Likes on 636 Posts
If you are a criminal it is best to lock your iPhone with a password and not your finger.
Cops can make you unlock your smartphone with fingerprint, says judge

cliffs..
Virginia Beach Circuit Court Judge Steven Frucci ruled that a criminal defendant can be compelled to give up his fingerprint and unlock his cellphone in the course of a criminal investigation — because that's just like handing in a DNA sample or a physical key, which citizens can already be legally compelled to give to police.

On the other hand, police can't force a defendant to give up his passcode, because that's considered "knowledge" — not a physical object — and knowledge is protected by the Fifth Amendment. There have been cases, however, where defendants have been asked to give up their password to decrypt their computers, so there no consensus on this issue yet, as Wired's Andy Greenberg reported recently.
doopstr is online now  
Old 11-10-2014, 03:02 PM
  #400  
Banned
 
Join Date: Dec 2003
Location: MAGA country
Posts: 11,882
Received 1,707 Likes on 1,292 Posts
Originally Posted by doopstr View Post
If you are a criminal it is best to lock your iPhone with a password and not your finger...
^^^^Cliffs:

Whiskers is screwed.
nfnsquared is offline  

Quick Reply: The Official Internet/Computer Security News Discussion Thread


Contact Us - Advertising - Cookie Policy - Privacy Statement - Terms of Service

© 2019 MH Sub I, LLC dba Internet Brands

We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.