The computer and software security thread

Technology, computers, internet, websites, mobiles, cameras, audio and video.
SPONSORS: Hua Hin Web Design
Post Reply
User avatar
buksida
Moderator
Moderator
Posts: 22525
Joined: Tue Dec 31, 2002 12:25 pm
Location: south of sanity

Re: The computer and software security thread

Post by buksida »

musungu wrote: I too cannot get rid of it - I think it may have started from after going into Pirate Bay, or streaming sports via Wiziwig.
If it is the Hao123/Baidu malware try this: viewtopic.php?f=15&t=3099&start=1745
Who is the happier man, he who has braved the storm of life and lived or he who has stayed securely on shore and merely existed? - Hunter S Thompson
User avatar
pharvey
Moderator
Moderator
Posts: 13755
Joined: Sat Aug 29, 2009 10:21 am
Location: Sir Fynwy - God's Country

Hackers take control of 300,000 home routers

Post by pharvey »

All sounds a bit worrying - the next step in Cyber Crime...

Taken from BBC Website: -

A world-spanning network of hijacked home routers has been uncovered by security researchers.

The network involves more than 300,000 routers in homes and small businesses that have been taken over through loopholes in their core software.

Discovered by researchers at Team Cymru, the network is thought to be one of the biggest involving such devices.

It is not yet clear what the people behind the attack intend to do with the collection of compromised routers.

In a research paper describing its findings, Team Cymru said it had first seen routers from several different manufacturers being compromised in January 2014.

These first victims had been in Eastern Europe, but now most of the machines were in Vietnam with the rest scattered around Europe as well as a couple of other countries, said Team Cymru.

Once routers were taken over, internal instructions were changed so they no longer asked servers at their owner's ISP for help looking up the location of websites they regularly visit.

This would mean that the attackers could re-direct people to anywhere they wanted, inject their own adverts into web pages people visit or poison the search results they get.

Instead, these queries were routed through two IP addresses overseen by a hosting company in south London. That company has yet to respond to a request for comment.

Team Cymru researcher Steve Santorelli said the reason for creating the network of hijacked routers was still "mysterious" as the attackers did not seem to have abused their control for malicious ends.

The attack had some similarities with an incident seen in Poland, which involved hijacked home routers being re-directed to malicious websites controlled by hi-tech thieves keen to grab online bank login credentials, said Mr Santorelli.

"It's a definite evolution in technology - going after the internet gateway, not the end machine," Mr Santorelli told the BBC in an email. "We see these leaps in concepts every few years in cybercrime."

Team Cymru had contacted law enforcement about the attack and informed ISPs with a lot of compromised customers, he said
"Hope is a good thing, maybe the best of things" - Yma o Hyd.
Homer
Rock Star
Rock Star
Posts: 3336
Joined: Sun Mar 21, 2010 3:11 pm

Heartbleed bug. Secure https sites are not secure.

Post by Homer »

This bug is a big deal. The exploit is real. The extent to which it has been used to steal passwords and intercept traffic is unknown. It applies only to sites with 'https' in the URL. Link to Google news: https://www.google.co.th/search?q=heart ... 66&bih=578

Consider testing any site you use where having your account hacked would be a non-trivial problem. I started with financial sites. A security firm has a site tester: https://www.ssllabs.com/ssltest/index.html If a site is safe today, that doesn't mean it was safe for the past 2 years. Consider changing passwords.
Homer
Rock Star
Rock Star
Posts: 3336
Joined: Sun Mar 21, 2010 3:11 pm

Re: Heartbleed bug. Secure https sites are not secure.

Post by Homer »

A research team tested for the Heartbleed bug on the Alexa Top 1 Million websites. 61% of the https sites were never vulnerable. 11% remain vulnerable since the bug's discovery. Their full internet scan is still running (as of 11pm last night, our time), but they've have completed enough to estimate 6% of all https sites are still vulnerable.

http://arstechnica.com/security/2014/04 ... enssl-bug/
User avatar
dozer
Ace
Ace
Posts: 1329
Joined: Fri Oct 08, 2010 1:05 pm
Location: Hua Hin

Re: The computer and software security thread

Post by dozer »

German programmer says he accidentally inserted Heartbleed bug while trying to improve other software.

http://online.wsj.com/news/articles/SB1 ... 6?mod=e2tw
Atheists have no need of a god. Our lives are not based on fear or guilt. We are moral because we know it's right.

Never attribute to malice that which can be explained by stupidity. R J Hanlon
User avatar
richard
Deceased
Deceased
Posts: 8780
Joined: Tue Feb 18, 2003 1:59 pm
Location: Wherever I am today

Internet Explorer (IE)

Post by richard »

RICHARD OF LOXLEY

It’s none of my business what people say and think of me. I am what I am and do what I do. I expect nothing and accept everything. It makes life so much easier.
zeitgeist
Professional
Professional
Posts: 258
Joined: Fri Oct 26, 2012 10:31 pm

Re: The computer and software security thread

Post by zeitgeist »

I'm not very computer literate...what do I need to protect my pc? Anti-virus, malware protection, firewall? Is there more? Is there a good all-in-one system out there? Free? Paid? Any recommendations?

Answers in layman's terms are appreciated :thumb:
User avatar
buksida
Moderator
Moderator
Posts: 22525
Joined: Tue Dec 31, 2002 12:25 pm
Location: south of sanity

Re: The computer and software security thread

Post by buksida »

Antivirus (FREE): http://www.avast.com/
Malware (FREE): http://www.safer-networking.org/mirrors/
Firewall (FREE): Use the Windows one or this for extra protection - http://www.comodo.com/products/free-products.php
Who is the happier man, he who has braved the storm of life and lived or he who has stayed securely on shore and merely existed? - Hunter S Thompson
User avatar
PeteC
Moderator
Moderator
Posts: 29988
Joined: Tue Mar 23, 2004 7:58 am
Location: All Blacks training camp

Re: The computer and software security thread

Post by PeteC »

Microsoft rescues XP users with emergency browser fix

BOSTON (Reuters) - Microsoft is helping the estimated hundreds of millions of customers still running Windows XP, which it stopped supporting earlier this month, by providing an emergency update to fix a critical bug in its Internet Explorer browser.......

http://news.yahoo.com/microsoft-release ... ector.html
Governments are instituted among Men, deriving their just powers from the consent of the governed. Source
User avatar
dozer
Ace
Ace
Posts: 1329
Joined: Fri Oct 08, 2010 1:05 pm
Location: Hua Hin

Free Security Updates for Windows XP Until 2019

Post by dozer »

https://uk.news.yahoo.com/free-security ... 16266.html

How to Get Free Security Updates for Windows XP Until 2019
Atheists have no need of a god. Our lives are not based on fear or guilt. We are moral because we know it's right.

Never attribute to malice that which can be explained by stupidity. R J Hanlon
PET
Legend
Legend
Posts: 2121
Joined: Mon Jun 25, 2007 4:24 pm
Location: Hua Hin

Re: The computer and software security thread

Post by PET »

Thank you
Courage is grace under pressure and when circumstances change you change your mind.
void
Rookie
Rookie
Posts: 22
Joined: Sun May 11, 2014 6:39 pm

Re: The computer and software security thread

Post by void »

Cing Jai wrote:
Pleng wrote:
Cing Jai wrote:There are no viruses for Mac and
At the end of the day virus makers are going to target MacOS because Apple keep claiming how secure it is.
Yep, been hearing that for 10 years or more. One day it just might be true. :thumb:
The above is true not only for Mac, but also for GNU/Linux, where both Mac OS-X and GNU/Linux distributions have less security threats than Windows OS. My own opinion on the reason is not so much that their architecture is inherently more secure than MS-Windows (although their architecture may indeed be a bit more secure) but rather Windows is still the dominant OS and windows garners the vast majority of the hackers attention.

I moved to GNU/Linux back in 1998 when I lived in Phuket, and I have not gone back to MS-Windows since.

There are very few virus for GNU/Linux (nor for Mac). So few in fact, I venture a view that the anti-virus programs that one can get for GNU/Linux and Mac could be considered suspect, because it is almost impossible to test them. How can one test if a GNU/Linux or Mac anti-virus program works, if there are little to no virus to test them against ?

The above thou, is not to say there are not vulnerabilities for GNU/Linux nor for Mac. Indeed there are vulnerabilities, and there are hackers who in particular attack GNU/Linux servers. Hackers can break into GNU/Linux systems via poor passwords on open SSH ports, or if they gain physical access to the machine they may be able to use a zero-day exploit to obtain root access and then deposit a root kit.

The NSA (and indeed possibly the hacker community ?? ) can deposit software one on one's PC that modifies the firmware, such that no matter what OS one has installed, the PC can be compromised.

And no matter what one's OS, one can always be tricked by phishing techniques to give up one's password to commercial services, internet email services, etc ....

Despite my using GNU/Linux for > 16 years, I still run the occasional MS-Windows program. Some under 'wine' in GNU/Linux (where the programs run natively) or some in a virtual session (using VMBox) where it is very easy to keep a clean backup of one's MS-Windows. Its very rare (possibly unheard of) for a virus to run properly under wine. But it is possible to catch a virus in an MS-Windows virtual session. Restoration of a corrupted system (from backup) is as easy as conducting a simple file copy. Hence while running Windows in a Virtual session won't stop Windows from catching a virus (or other maleware) it will keep the underlying GNU/Linux OS a step removed/protected against most threats. Indeed I know of friends who run GNU/Linux as a virtual session inside of GNU/Linux, providing even more protection. One can consider that sort of a defensive honey pot.

I know one friend who simply has no OS on his hard drive. Instead he only boots the PC from a liveCD, where he updates the liveCD every few months. He uses either the hard drive or a USB stick for his data. Its impossible for any maleware to be installed on a liveCD. I don't particularly care for that approach, but it is a possibility for the truly paranoid.
Homer
Rock Star
Rock Star
Posts: 3336
Joined: Sun Mar 21, 2010 3:11 pm

Re: The Digital Surgery

Post by Homer »

Microsoft's Aug 12 Windows update caused problems. Affected are some systems running Vista, 7 and 8, as well as business oriented versions of windows. Reliable sources recommend uninstalling some of the updates http://www.computerworld.com/s/article/ ... ath_update

Microsoft instructions for uninstalling some of the updates and fixing the problems not corrected by the uninstall http://support.microsoft.com/kb/2982791

Microsoft is still working on removing the updates from their updater.
Homer
Rock Star
Rock Star
Posts: 3336
Joined: Sun Mar 21, 2010 3:11 pm

Re: The Digital Surgery

Post by Homer »

One part of Internet security, SSL 3, is vulnerable. Full story: https://community.qualys.com/blogs/secu ... dle-attack

Test your browsers: https://dev.ssllabs.com/ssltest/viewMyClient.html
Did you test your phone browsers?

If vulnerable, how to adjust browser settings at: https://scotthelme.co.uk/sslv3-goes-to- ... -protocol/
and https://zmap.io/sslv3/browsers.html
User avatar
JimmyGreaves
Legend
Legend
Posts: 2913
Joined: Mon Oct 17, 2005 5:06 am
Location: HuaEireHin

beware - aviasales.ru popups from webpages.

Post by JimmyGreaves »

Not sure how I contracted this but today started getting annoying popups from these people.

Searched the net and it has been reported here and mentions Thailand.

Anyone?


http://www.bleepingcomputer.com/forums/ ... y-android/
Diplomacy is the ability to tell a man to go to hell so that he looks forward to making the trip
Post Reply