North Korea - ScottFromWyoming - Apr 21, 2018 - 10:13am
 
Radio Paradise Comments - spammer - Apr 21, 2018 - 10:03am
 
Tech & Science - Lazy8 - Apr 21, 2018 - 9:43am
 
Trump - fuh2 - Apr 21, 2018 - 9:33am
 
Baseball, anyone? - spammer - Apr 21, 2018 - 9:28am
 
Jazz - rhahl - Apr 21, 2018 - 9:06am
 
Back to the 10's - rhahl - Apr 21, 2018 - 8:25am
 
RPeep News You Should Know - islander - Apr 21, 2018 - 8:06am
 
RP App for Android - Tominthevan - Apr 21, 2018 - 7:42am
 
New storage Cache feature - BillG - Apr 21, 2018 - 6:55am
 
Things You Thought Today - sirdroseph - Apr 21, 2018 - 6:14am
 
Celebrity Deaths - rhahl - Apr 21, 2018 - 6:04am
 
Counting with Pictures - ScottN - Apr 21, 2018 - 5:54am
 
RP Oasis...the bar is open. - miamizsun - Apr 21, 2018 - 5:20am
 
Anti-War - bauhau - Apr 21, 2018 - 4:11am
 
Those Lovable Policemen - R_P - Apr 20, 2018 - 10:06pm
 
Guns - Lazy8 - Apr 20, 2018 - 8:41pm
 
Is the system down? - haresfur - Apr 20, 2018 - 6:36pm
 
What Makes You Sad? - spammer - Apr 20, 2018 - 5:38pm
 
What are you listening to now? - Welly - Apr 20, 2018 - 4:32pm
 
TV shows you watch - siriuss - Apr 20, 2018 - 4:27pm
 
Protest Songs - rhahl - Apr 20, 2018 - 4:20pm
 
Movie Quote - SeriousLee - Apr 20, 2018 - 3:14pm
 
Flower Pictures - Antigone - Apr 20, 2018 - 3:05pm
 
Democratic Party - Lazy8 - Apr 20, 2018 - 2:42pm
 
One Partying State - Wyoming News - ptooey - Apr 20, 2018 - 2:12pm
 
Upcoming concerts or shows you can't wait to see - Steely_D - Apr 20, 2018 - 1:41pm
 
Syria - sirdroseph - Apr 20, 2018 - 12:05pm
 
Dancing Bananas !!! - Prodigal_SOB - Apr 20, 2018 - 9:59am
 
Name My Band - Antigone - Apr 20, 2018 - 8:52am
 
Bug Reports & Feature Requests - Steve - Apr 20, 2018 - 6:50am
 
Mixtape Culture Club - sirdroseph - Apr 20, 2018 - 5:13am
 
Strips, cartoons, illustrations - R_P - Apr 19, 2018 - 8:42pm
 
Separated At Birth...? - Red_Dragon - Apr 19, 2018 - 7:43pm
 
Climate Change - R_P - Apr 19, 2018 - 7:08pm
 
What is Humanity's best invention? - haresfur - Apr 19, 2018 - 6:30pm
 
Billie Holiday - R_P - Apr 19, 2018 - 6:25pm
 
More reggae, less Marley please - R_P - Apr 19, 2018 - 6:13pm
 
Electronic Music - rhahl - Apr 19, 2018 - 6:00pm
 
LeftWingNutZ - R_P - Apr 19, 2018 - 4:37pm
 
Republican Party - aflanigan - Apr 19, 2018 - 3:41pm
 
BACK TO THE 80's - rhahl - Apr 19, 2018 - 3:03pm
 
Live Music - R_P - Apr 19, 2018 - 2:47pm
 
Palestine - R_P - Apr 19, 2018 - 2:43pm
 
RP Daily Trivia Challenge - KurtfromLaQuinta - Apr 19, 2018 - 12:54pm
 
Ask an Atheist - Lazy8 - Apr 19, 2018 - 12:28pm
 
Dumbass Questions - aflanigan - Apr 19, 2018 - 11:38am
 
Things that make you go Hmmmm..... - sunybuny - Apr 19, 2018 - 10:39am
 
Race in America - meower - Apr 19, 2018 - 10:38am
 
260,000 Posts in one thread? - SeriousLee - Apr 19, 2018 - 10:08am
 
Freedom of speech? - Lazy8 - Apr 19, 2018 - 9:37am
 
Cryptic Posts - Leave Them Guessing - oldviolin - Apr 19, 2018 - 8:46am
 
What Makes You Laugh? - oldviolin - Apr 19, 2018 - 8:39am
 
Football, soccer, futbol, calcio... - Red_Dragon - Apr 19, 2018 - 7:31am
 
Podcast recommendations??? - miamizsun - Apr 19, 2018 - 3:57am
 
Vinyl Only Spin List - kurtster - Apr 18, 2018 - 6:19pm
 
DXing- long distance radio reception - dxnerd86 - Apr 18, 2018 - 3:09pm
 
What Should I Wear? - pigtail - Apr 18, 2018 - 2:46pm
 
Once upon a time... - pigtail - Apr 18, 2018 - 2:43pm
 
Make BHD laugh - ScottFromWyoming - Apr 18, 2018 - 1:15pm
 
(Big) Media Watch - R_P - Apr 18, 2018 - 11:20am
 
Fake News*  ?  ! - pigtail - Apr 18, 2018 - 9:55am
 
2009 RP Cookie Swap - Cancelled due to lack of interest - islander - Apr 18, 2018 - 9:07am
 
Heroes - ScottFromWyoming - Apr 18, 2018 - 8:42am
 
Earworm - ScottFromWyoming - Apr 18, 2018 - 8:23am
 
Crazy conspiracy theories - Beaker - Apr 18, 2018 - 7:34am
 
Positive Thoughts and Prayer Requests - Antigone - Apr 18, 2018 - 6:02am
 
Dialing 1-800-Manbird - miamizsun - Apr 18, 2018 - 4:34am
 
FLAC Roll Out - avim - Apr 17, 2018 - 9:14pm
 
What did you have for dinner? - Red_Dragon - Apr 17, 2018 - 5:55pm
 
What makes you smile? - haresfur - Apr 17, 2018 - 4:15pm
 
Amazon Products (May Contain Spam) - ScottFromWyoming - Apr 17, 2018 - 3:01pm
 
Fishing Line - NOT Thread. - ScottFromWyoming - Apr 17, 2018 - 1:12pm
 
The Bush 43 White House - aflanigan - Apr 17, 2018 - 12:43pm
 
For Jrzy! - ScottFromWyoming - Apr 17, 2018 - 9:02am
 
Index » Radio Paradise/General » General Discussion » Computer virus talk Page: 1, 2, 3, 4, 5  Next
Post to this Topic
miamizsun

miamizsun Avatar

Location: (3261.3 Miles SE of RP)
Gender: Male


Posted: Mar 5, 2018 - 5:05am

seems my security software suite has become more aggressive

i've noticed a few more sites blocked or just parked/semi-blank screen

{#Ask}

Vuurdraak

Vuurdraak Avatar



Posted: Jan 8, 2018 - 2:05am

Reading through all the Meltdown & Spectre drama, I have found another devastating security bug for Intel based computers, where they can hack your machine even if it is turned off (but plugged in to the power mains)

https://www.wired.com/story/intel-management-engine-vulnerabilities-pcs-servers-iot/?mbid=BottomRelatedStories

It is starting to look that if you want a PC that is not riddled with security holes left right and center, that you do not want to buy an Intel CPU.
Vuurdraak

Vuurdraak Avatar



Posted: Jan 5, 2018 - 3:17pm

Meltdown + slowdown for Intel CPU's :D funny

 (secretly laughs at all the people who where laughing at my AMD FX 8370e CPU, who never seen an FX use Wine + CSMT in Linux that kill core i3's with 4x the frame rate, running windows games in Linux)

(Sarcasm mode on) Such bad CPU's from AMD (Sarcasm mode off)

——

I just noticed this use full mitigation for Chrome & Chromium browsers:

Since this exploit can be executed through the website, Chrome users can turn on Site Isolation feature on their devices to mitigate these flaws.
 
Here's how to turn Site Isolation on Windows, Mac, Linux, Chrome OS or Android:
  • Copy chrome://flags/#enable-site-per-process and paste it into the URL field at the top of your Chrome web browser, and then hit the Enter key.
  • Look for Strict Site Isolation, then click the box labeled Enable.
  • Once done, hit Relaunch Now to relaunch your Chrome browser.

 

——

In Firefox people can use extentions like No script or Script safe, to block javascript by default from unknown sources, it's not a full mitigation as a known website can still be hacked and serve bad code, but it's better then nothing.

https://addons.mozilla.org/en-US/firefox/addon/noscript/

https://addons.mozilla.org/en-US/firefox/addon/no-script-suite-lite-revived/

https://addons.mozilla.org/en-US/firefox/addon/script-safe/


—-> latest news on it —>

Early reporting on the issue before full details were disclosed does not provide a full view of vulnerable targets. The bounds check bypass can be exploited on Intel, AMD, and ARM processors without privilege escalation, allowing programs to read memory addresses inside their own processes. A JavaScript proof-of-concept of this exploit was developed by researchers, which is capable of reading the memory of the host browser process. The bounds check bypass has also been shown to read kernel memory on Intel and AMD processors. Importantly, this does not work on AMD processors in default configurations. The proof-of-concept requires BPF JIT to be manually enabled in the Linux kernel for AMD processors. (It is not, by default.) The tested Intel processor was vulnerable independent of the BPF JIT setting.

AMD processors appear to not be vulnerable to branch target injections, with the company claiming a "near zero" risk, noting that there has not yet been any demonstrated vulnerability. Additionally, the researchers note that AMD and ARM processors are not vulnerable to Meltdown. A previously submitted patch to the Linux kernel to address Meltdown has been modified to exclude AMD.

That patch is causing considerable consternation, as Intel processors are all affected by Meltdown and Spectre (except for Atom processors before 2013, and the Itanium series). The workarounds to prevent memory from being improperly read on Intel processors result in performance regressions. Early estimates were quite harsh, though real-world impact has been lower than the 30% figure bandied about thus far. Naturally, all performance is workload-dependent, though noted benchmarking website Phoronix has measured VM performance regression at roughly 10% for Redis, Apache, and PostgreSQL, with higher numbers for synthetic tests like Stress-NG, and negligible change for Himeno and Parboil.


—- Joke —-
Intel Engineer Bob:  Hey look I got a way to make our Branch Target Buffer contain twice as many entries as an AMD CPU
Intel Engineer Alice: That's not possible is it ?
Intel Engineer Bob:  Of cause it is, we just safe only halve of the target and source address of the predicted jump in to our BTB
Intel Engineer Alice: But won't that cause potential collisions, so that a rogue program can read kernel memory, passwords etc ?
Intel Engineer Bob:  Ah no worries, by the time they notice it we already have sold the CPU's and they will think ours are much faster.

double face palm when one face palm is not enough


cc_rider
Strange but not a stranger.
cc_rider Avatar

Location: Bastrop
Gender: Male
Zodiac: Cancer
Chinese Yr: Snake


Posted: Jan 4, 2018 - 8:55am

 ScottFromWyoming wrote:

How do I know if my PC is at risk?

Short answer: It is.
 

So, what can I do?

Not much besides updating your PC with Meltdown patches issued by operating system makers. Since the issue is such a deeply technical one there isn’t anything users can do to mitigate the potential issue other than wait for a fix to arrive. Definitely make sure you’re running security software in the meantime—advice that Intel also stresses.

Do you know when a fix will come?

It’s already here for Windows, Mac, and Chromebook users.

Microsoft pushed out a Windows update protecting against Meltdown on January 3, the day that the CPU exploits hit headlines. Updates issued outside of Microsoft’s monthly “Patch Tuesdays” are rare, underlining the severity of this issue.

Apple quietly protected against Meltdown in macOS High Sierra 10.13.2, which released on December 6, according to developer Alex Ionescu. Additional safeguards will be found in macOS 10.13.3, he says.



 
Lovely. Thanks for validating this.
c.
ScottFromWyoming
I eat pints
ScottFromWyoming Avatar

Location: Powell
Gender: Male
Zodiac: Pisces
Chinese Yr: Tiger


Posted: Jan 4, 2018 - 8:44am

 cc_rider wrote:
In the headlines today: "Experts: Security flaws put virtually all phones, computers at risk"

Is this for real? Ugh.

 

How do I know if my PC is at risk?

Short answer: It is.
 

So, what can I do?

Not much besides updating your PC with Meltdown patches issued by operating system makers. Since the issue is such a deeply technical one there isn’t anything users can do to mitigate the potential issue other than wait for a fix to arrive. Definitely make sure you’re running security software in the meantime—advice that Intel also stresses.

Do you know when a fix will come?

It’s already here for Windows, Mac, and Chromebook users.

Microsoft pushed out a Windows update protecting against Meltdown on January 3, the day that the CPU exploits hit headlines. Updates issued outside of Microsoft’s monthly “Patch Tuesdays” are rare, underlining the severity of this issue.

Apple quietly protected against Meltdown in macOS High Sierra 10.13.2, which released on December 6, according to developer Alex Ionescu. Additional safeguards will be found in macOS 10.13.3, he says.


cc_rider
Strange but not a stranger.
cc_rider Avatar

Location: Bastrop
Gender: Male
Zodiac: Cancer
Chinese Yr: Snake


Posted: Jan 4, 2018 - 8:28am

In the headlines today: "Experts: Security flaws put virtually all phones, computers at risk"

Is this for real? Ugh.
Red_Dragon

Red_Dragon Avatar



Posted: May 12, 2017 - 12:36pm

Malware, described in leaked NSA documents, cripples computers worldwide
islander
Thalassophile
islander Avatar

Location: Seattle
Gender: Male
Zodiac: Scorpio
Chinese Yr: Cock


Posted: Feb 22, 2017 - 1:56pm

 ScottFromWyoming wrote:

HA! I already have Hoefler Text!

 
But do you have Hoefler bold?
Proclivities
“If you can't control your peanut butter, you can't expect to control your life.
Proclivities Avatar

Location: Paris of the Piedmont
Gender: Male
Zodiac: Aries
Chinese Yr: Tiger


Posted: Feb 22, 2017 - 12:26pm

 ScottFromWyoming wrote:

HA! I already have Hoefler Text!

 
I've never had any site or browser tell me a specified font was not installed.
Red_Dragon

Red_Dragon Avatar



Posted: Feb 22, 2017 - 12:20pm

 ScottFromWyoming wrote:

HA! I already have Hoefler Text!

 
Of course you do!
ScottFromWyoming
I eat pints
ScottFromWyoming Avatar

Location: Powell
Gender: Male
Zodiac: Pisces
Chinese Yr: Tiger


Posted: Feb 22, 2017 - 12:14pm

 Red_Dragon wrote: 
HA! I already have Hoefler Text!
Red_Dragon

Red_Dragon Avatar



Posted: Feb 22, 2017 - 11:57am

New Chrome hack prompts users to download ‘missing font’ to sneak in malware
DaveInVA
Single, unwanted, unloved eccentric, crusty ol' fart with cats
DaveInVA Avatar

Location: In a hovel in effluent Damnville, VA
Gender: Male


Posted: Apr 18, 2016 - 5:56am

Homeland Security warns Windows PC users to uninstall Quicktime


Red_Dragon

Red_Dragon Avatar



Posted: Dec 24, 2013 - 11:28am

ransomware...
miamizsun

miamizsun Avatar

Location: (3261.3 Miles SE of RP)
Gender: Male


Posted: Jan 13, 2013 - 6:23am

 ScottFromWyoming wrote:

Did they just not mention mac because they don't serve the Mac market, or Macs haven't been targeted/detected yet... because Mac systems are potentially just as vulnerable (if the user is an admin, I assume)...

 
i run windows and mac and as i understand it they consider mac a flavor of linux

and they do have a version of their AV for macs too

i've been using avira for quite some time on windows and on my mac since i got it (ten months ago) with great results

and the personal version is free

p.s. i'm not clear on the mac OS targeting yet, however i'd like to believe that they're on it {#Wink}


ScottFromWyoming
I eat pints
ScottFromWyoming Avatar

Location: Powell
Gender: Male
Zodiac: Pisces
Chinese Yr: Tiger


Posted: Jan 13, 2013 - 5:19am

 miamizsun wrote:

...Java zero-day vulnerability, which allows hackers to inject malicious code into even fully-patched Windows or Linux computer operating systems.

 
Did they just not mention mac because they don't serve the Mac market, or Macs haven't been targeted/detected yet... because Mac systems are potentially just as vulnerable (if the user is an admin, I assume)...
miamizsun

miamizsun Avatar

Location: (3261.3 Miles SE of RP)
Gender: Male


Posted: Jan 13, 2013 - 5:15am

 ScottFromWyoming wrote:

Computer Users Should Disable Java 7 Owing To Security Flaw, Experts Say

Millions of computer users who run the most recent versions of Oracle's Java software should disable the product owing to security flaws, says the cybersecurity section of the Department of Homeland Security. The agency says, "Web browsers using the Java 7 plug-in are at high risk."

For our Newscast desk, Steve Henn filed a report from Silicon Valley in which he says that "in the last few months security researchers have discovered a series of bugs that can allow bad actors to take over machines that are running Java in a Web browser and steal your identity."

Those bugs can be exploited to allow hackers' programs to give themselves full security privileges, according to a "vulnerability note" posted by Carnegie Mellon University's CERT computer security site.

"Oracle Java 7 update 10 and earlier are affected," the notice says. It adds that the only known solution is to "disable Java in web browsers."

{.... more at link}

 
thx scott {#Biggrin}

i saw this and shortly after i got this email (regarding my situation)

Saturday, January 12, 2013

Avira Security Software Detects Java 7 Exploits

Users Can Relax... A Little Bit

Tettnang, Germany —- January 12, 2013 – Security expert Avira announced today that all of its antivirus and security software products have been updated to detect the latest Java 7 zero-day exploits.

Millions of computer users are at risk from the Java zero-day vulnerability, which allows hackers to inject malicious code into even fully-patched Windows or Linux computer operating systems.

Fortunately, Avira customers can relax a bit as all Avira software products now protect against generic exploits of the Java 7 vulnerability. Although detecting the exploits does not fix the Java 7 flaw, it keeps Avira customers safe from having their computers used in potentially malicious actions and from losing their private data.

"Whenever a vulnerability like this is discovered – especially when it is in a widely distributed software like Java – the bad guys are quick to write exploits that take advantage of the flaw," said Sorin Mustaca, IT security expert at Avira. "While Oracle ultimately needs to patch Java, in the meantime we can at least prevent our customers from falling victim to the exploits."

Links



ScottFromWyoming
I eat pints
ScottFromWyoming Avatar

Location: Powell
Gender: Male
Zodiac: Pisces
Chinese Yr: Tiger


Posted: Jan 12, 2013 - 1:00am

Computer Users Should Disable Java 7 Owing To Security Flaw, Experts Say

Millions of computer users who run the most recent versions of Oracle's Java software should disable the product owing to security flaws, says the cybersecurity section of the Department of Homeland Security. The agency says, "Web browsers using the Java 7 plug-in are at high risk."

For our Newscast desk, Steve Henn filed a report from Silicon Valley in which he says that "in the last few months security researchers have discovered a series of bugs that can allow bad actors to take over machines that are running Java in a Web browser and steal your identity."

Those bugs can be exploited to allow hackers' programs to give themselves full security privileges, according to a "vulnerability note" posted by Carnegie Mellon University's CERT computer security site.

"Oracle Java 7 update 10 and earlier are affected," the notice says. It adds that the only known solution is to "disable Java in web browsers."

{.... more at link} 


olivertwist

olivertwist Avatar

Location: Atlanta GA
Gender: Male


Posted: Jul 8, 2012 - 1:11pm

 Manbird wrote:
Check your 'puter for the DNS Changer virus here. Or don't. Who cares. 

 

I got a green light. Phew. {#Propeller}
Manbird
Offal Makes Me Strong! Strong! Strong! W
Manbird Avatar

Location: Oroville, Ca
Gender: Male
Zodiac: Virgo


Posted: Jul 8, 2012 - 12:55pm

Check your 'puter for the DNS Changer virus here. Or don't. Who cares. 
Page: 1, 2, 3, 4, 5  Next