The computer and software security thread

Technology, computers, internet, websites, mobiles, cameras, audio and video.
SPONSORS: Hua Hin Web Design
Post Reply
User avatar
Cing Jai
Member
Member
Posts: 57
Joined: Thu Jul 05, 2012 2:56 pm

Re: The computer and software security thread

Post by Cing Jai »

Pleng wrote:
Cing Jai wrote:There are no viruses for Mac and
At the end of the day virus makers are going to target MacOS because Apple keep claiming how secure it is.
Yep, been hearing that for 10 years or more. One day it just might be true. :thumb:

You can't even get code on an iphone/ipad that isn't checked by Apple unless you jailbreak it and void your warranty. If you use the Mac App Store OS X becomes a similar "walled garden".

A trojan is nothing like a virus. You have to execute it. It tricks the user rather than exploiting a security flaw in the OS or application.

The example you offered, the MacDefender trojan, is as much more a phishing scam than malware because it requires the user to manually download and then deliberately install the offending software (trojan).

Moden browsers, I use Chrome, for OS X are very safe. Each tab is sandboxed in it's own process for goodness sake and Google pushes out updates in a flash if needed. So, there is no need for anti-virus software needed due to the safety built-in to moden web browsers and the Mac OS X architecture.

If / when there is ever a real Mac virus I'm sure it will be big news and there will be a fix. I'm not installing software that runs in the background wasting cpu and slowing my every file I/O task for the first one off virus either.
Homer
Rock Star
Rock Star
Posts: 3336
Joined: Sun Mar 21, 2010 3:11 pm

New Java malware attacks browsers on Windows, Mac and Linux

Post by Homer »

from http://www.metafilter.com/

A working, cross-platform Java 7 exploit is now in the wild (1). It's apparently a pair of bugs, working in tandem; neither, alone, would be enough to escape the Java sandbox, but together, any machine, be it Windows, Mac, or Linux, can be instantly and silently compromised, simply by viewing a malicious web page. Only Java 7 is vulnerable, but because of the way Oracle schedules patches, it may be unfixed until October. You can test your machine for the flaw (2); if vulnerable, you'll want to at least disable Java in your Web browser, if not remove it altogether. On Firefox, NoScript will provide a little protection (3), by not running Java code unless you click it, but the vulnerability remains.

1 http://www.deependresearch.org/2012/08/ ... ation.html

2 http://research.zscaler.com/2012/08/are ... 0-day.html

3 http://noscript.net/
bapak
Deceased
Deceased
Posts: 1091
Joined: Wed Jun 18, 2003 1:51 pm
Location: Hua Hin and Sydney

Internet Explorer's huge security hole

Post by bapak »

ex Sydney Morning Herald 18/09/12

This post was originally published on Mashable.

Users of several Internet Explorer versions are being urged to switch to other browsers such as Google Chrome or Mozilla Firefox amid news of a major security hole.

According to Rapid7 security forum, a new zero-day exploit for Internet Explorer 7, 8, and 9 has hit computers running Windows XP, Vista and 7. Zero-day exploits involve software that takes advantage of a security hole within a site to carry out an attack.

This means that computers actively using Internet Explorer can be compromised by visiting a malicious site and give cyber-criminals "the same privileges as the current user."
Advertisement

"We're aware of targeted attacks potentially affecting some versions of Internet Explorer. We have confirmed that Internet Explorer 10 is not affected by this issue," Yunsun Wee, director of Microsoft Trustworthy Computing, said.

"We recommend customers deploy Microsoft's Enhanced Mitigation Experience Toolkit 3.0, which provides effective protections without affecting the web browsing experience. We will continue to investigate this issue and take further actions as appropriate."

The Rapid7 forum said "the exploit had already been used by malicious attackers in the wild before it was published in Metasploit."

"The associated vulnerability puts about 41 per cent of internet users in North America and 32 per cent worldwide at risk (source: StatCounter)," the Rapid7 alert said. "We have added the zero-day exploit module to Metasploit to give the security community a way to test if their systems are vulnerable and to develop countermeasures."

In the meantime, Internet Explorer users should consider switching to another browser, such as Google Chrome or Mozilla Firefox, at least temporarily. Those who are die-hard fans of Internet Explorer should proceed cautiously and upgrade to version 10 - which is in preview now - before using the web again.
bapak
Deceased
Deceased
Posts: 1091
Joined: Wed Jun 18, 2003 1:51 pm
Location: Hua Hin and Sydney

Skype malware holds PCs hostage

Post by bapak »

Skype addresses a malware spreading through its service that is infecting users' computers.

Skype addresses a malware spreading through its service that is infecting users' computers. Photo: Skype

If someone on Skype asks you "lol is this your new profile pic?" don't click the link.

A type of malware known as Dorkbot is going around the video-calling service tricking people into being scammed by asking that question, in both English and German.

Once users click on it, they are redirected to download a file from hotfile.com that holds the malware.

The worm was discovered by Trend Micro, a security firm that wrote about the malware.
Advertisement

Trend Micro says that once infected, computers become part of a botnet, a network of computers controlled by hackers to execute denial-of-service attacks, in which attackers try to jam a website by getting large numbers of computers to contact it at the same time.

Infected computers also steal the user's log-in and password information used for accessing various websites. In addition, the malware spreads itself further by messaging the user's Skype contacts with the "lol is this your new profile pic?" scam.

According to Trend Micro, some of the computers that have been infected install malware known as ransomware that locks users out of their computers and tells them their files have been encrypted. The ransomware then says the files will be deleted unless the user pays $200 within 48 hours.

Skype confirmed Dorkbot on Tuesday with a blog post and a statement. The video-calling service asked users to make sure they update their software to the latest versions in order to have the best security features. Skype also reminded users to have anti-virus software on their devices and to avoid clicking suspicious files and links.

"Skype takes the user experience very seriously, particularly when it comes to security," a Skype spokeswoman said. "We are aware of this malicious activity and are working quickly to mitigate its impact."

LA Times
User avatar
PeteC
Moderator
Moderator
Posts: 29984
Joined: Tue Mar 23, 2004 7:58 am
Location: All Blacks training camp

Java 'danger' for everyone

Post by PeteC »

Java 'danger' for everyone

http://www.bangkokpost.com/breakingnews ... r-everyone

Published: 14/01/2013 at 06:26 AM
Online news:

The US Department of Homeland Security has warned computer users worldwide to disable or uninstall Java from their web browsers because of "a serious security vulnerability" discovered by researchers and likely to be in use already by hackers.

More than 850 million PCs around the world use Java, and could be at risk.

Oracle, which owns and maintains Java, said it appears the vulnerability exists only in Java 7 - which is what most users have.

In a rare move, the US government warned computer users on Friday to disable the software to prevent hackers and malware writers from taking advantage of the zero-day vulnerability - which is currently being exploited in the wild.

The vulnerability could allow unauthorised installation of malicious software on machines, and a chain reaction. The malware could acquire personal information, which in turn would lead to identity theft.

Such malware also it typically used as hackers build a "botnet" of infected computers - a network of "zombie" machines that are used to carry out denial-of-service attacks on Web sites and networks.

Java owner Oracle said it is working on a fix, and it will be available "shortly". Java is free and easily installed on any computer at Java.com.

Java can be disabled in browsers on both Windows and Mac PCs. The Hong Kong website of ZDNet posted detailed instructions on how to perform disabling.
Governments are instituted among Men, deriving their just powers from the consent of the governed. Source
User avatar
Roel
Guru
Guru
Posts: 975
Joined: Tue Jun 26, 2007 10:21 am
Location: Phuket

Re: The computer and software security thread

Post by Roel »

If I read warnings like this I always think 'hoax'. This however seems to be real. Mozilla Firefox gives a warning (see here under) and if you click you can use Java anyway apparently an older safe version. Good service from our Mozilla friends.
Attachments
Java problem.PNG
Java problem.PNG (14.01 KiB) Viewed 1854 times
We are all living in 'the good old days' of the future.
User avatar
StevePIraq
Rock Star
Rock Star
Posts: 3043
Joined: Sat Jun 28, 2008 1:21 pm
Location: Ting Tong Land

Re: The computer and software security thread

Post by StevePIraq »

java issue is already resolved
"Live everyday as if it were your last because someday you're going to be right." Muhammad Ali
User avatar
Cing Jai
Member
Member
Posts: 57
Joined: Thu Jul 05, 2012 2:56 pm

Re: The computer and software security thread

Post by Cing Jai »

Yes it is fixed, Oracle issued an emergency patch today. Apple and Firefox pushed out fixes to block the offending version of the plugin several days ago.

I use Chrome and have had all internet plugins, including Java of course, disabled for several years now so I was never vulnerable. It is very easy to do with Chrome. In all those years I can not recall finding even 1 website that needed Java.

Sometimes I need to run the Flash plugin but that is just a simple right click and you can run Flash on an as needed basis. I set up an exception for Youtube so the Flash plugin always loads when I go to YT. You will find lots of hidden Flash on web pages if you disable the plugin.

Finally, you may occasionally find a PDF that you can't download easily with a right click, Save As, on the link to it so you may need to load the PDF reader plugin to read / download it. I prefer to download PDFs and use a dedicated reader app (Preview.app on Mac and Foxit Reader for Windows). I hate reading PDFs in a browser because it's always slow clunky. Just like Flash, it's a simple right click to enable the plugin for one time use on an as needed basis.

P.S. Still waiting for those Mac viruses that are coming any day now by the way... :P
User avatar
buksida
Moderator
Moderator
Posts: 22523
Joined: Tue Dec 31, 2002 12:25 pm
Location: south of sanity

Re: The computer and software security thread

Post by buksida »

Firefox to block content based on Java, Reader, and Silverlight

Mozilla engineers plan to disable Java, Adobe Reader, and Microsoft Silverlight capabilities in their flagship Firefox browser in a move aimed at improving security and performance.

By default, Firefox will load content based on all three plugins only after users click an icon that explicitly permits it. The feature, known as click to play, was introduced late last year. Until now, it disabled out-of-date plugins to prevent hack attacks and browser crashing. Sometime soon, it will begin blocking all plug-ins except for the most recent version of Adobe Flash.

More: http://arstechnica.com/security/2013/01 ... lverlight/
Who is the happier man, he who has braved the storm of life and lived or he who has stayed securely on shore and merely existed? - Hunter S Thompson
User avatar
PeteC
Moderator
Moderator
Posts: 29984
Joined: Tue Mar 23, 2004 7:58 am
Location: All Blacks training camp

Re: The Digital Surgery

Post by PeteC »

http://www.bangkokpost.com/breakingnews ... th-malware

Pirated Windows infected with malware

Published: 25 Feb 2013 at 15.23
Online news:

MANILA - Microsoft Corp on Monday announced the results of a study which it said showed serious threats of malware found on brand new personal computers bought in Thailand and four neighbouring countries.........
Governments are instituted among Men, deriving their just powers from the consent of the governed. Source
User avatar
buksida
Moderator
Moderator
Posts: 22523
Joined: Tue Dec 31, 2002 12:25 pm
Location: south of sanity

Re: The computer and software security thread

Post by buksida »

Seems to be the month of malware. Two nasties that keep cropping up on several computers I have cleaned and serviced over the past few weeks are:

Hao123.com
Baidu Faster PC


Both are malware, both need to be uninstalled using "add/remove programs" in control panel. The first one comes with Avira and installs without permission so suggest using Avast instead. You may also need to remove associated browser add-ons, Hao123 is an insidious little bastard in that it may modify the shortcut to the browser so that it opens as your homepage without actually showing as your homepage in your browser settings. Delete the shortcut and create a new one from the original program location.
Who is the happier man, he who has braved the storm of life and lived or he who has stayed securely on shore and merely existed? - Hunter S Thompson
User avatar
hhfarang
Hero
Hero
Posts: 11060
Joined: Fri Mar 12, 2004 1:27 am
Location: North Carolina

Re: The computer and software security thread

Post by hhfarang »

Computer hackers and virus writers should be treated like terrorists and sent to Guantanamo Bay in Cuba and water boarded for life! They cost us (cumulatively) billions per year trying to defend against them. :cuss:

I still have that Thai advert popping up new windows or tabs occasionally and have run every anti-virus program that I've ever heard of but nothing seems to get rid of the insidious little b*stard. It's nearly as bad as a Thai rat! :shock:
My brain is like an Internet browser; 12 tabs are open and 5 of them are not responding, there's a GIF playing in an endless loop,... and where is that annoying music coming from?
User avatar
buksida
Moderator
Moderator
Posts: 22523
Joined: Tue Dec 31, 2002 12:25 pm
Location: south of sanity

Re: The computer and software security thread

Post by buksida »

The latest threat seems to be email spam from what appears to be legitimate news websites. It gets you if you click the 'unsubscribe' link which will download malware. Keep that security software up to date and schedule regular malware scans.
Who is the happier man, he who has braved the storm of life and lived or he who has stayed securely on shore and merely existed? - Hunter S Thompson
musungu
Professional
Professional
Posts: 397
Joined: Fri Feb 22, 2013 3:28 pm

Re: The computer and software security thread

Post by musungu »

hhfarang wrote:Computer hackers and virus writers should be treated like terrorists and sent to Guantanamo Bay in Cuba and water boarded for life! They cost us (cumulatively) billions per year trying to defend against them. :cuss:

I still have that Thai advert popping up new windows or tabs occasionally and have run every anti-virus program that I've ever heard of but nothing seems to get rid of the insidious little b*stard. It's nearly as bad as a Thai rat! :shock:
I too cannot get rid of it - I think it may have started from after going into Pirate Bay, or streaming sports via Wiziwig.

I have tried Malwarebytes and Baidu Antivirus - any guaranteed suggestions?
Prior Planning & Preparation Prevents Piss Poor Performance.
Eugene
Rookie
Rookie
Posts: 22
Joined: Sat Dec 24, 2011 6:34 pm
Location: Hua Hin

Re: The computer and software security thread

Post by Eugene »

I have been using Agnitum Outpost Firewall + Webroot SecureAnywhere antivirus for about 3 years now (outpost firewall for about 10 years). Never had problems with malware, viruses, etc. Can recommend.
Post Reply