Page 3 of 22 FirstFirst 123456789101113 ... LastLast
Results 51 to 75 of 547
  1. #51
    Valve Master Latindancer's Avatar
    Join Date
    Mar 2010
    Last Online
    @
    Location
    Australia
    Posts
    9,605
    May 18, 2016




    Four years later, LinkedIn is still dealing with the effects of a 2012 data breach.
    At the time, hackers reportedly gained access to more than 6 million of the enterprise social network's 161 million users. But LinkedIn has confirmed that an additional set of data was released on Monday.


    117M LinkedIn Passwords Leaked | News & Opinion | PCMag.com

  2. #52
    Member
    harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    Today @ 01:52 PM
    Posts
    47,360
    Quote Originally Posted by wjblaney View Post
    Quote Originally Posted by baldrick View Post
    harold - you missed patch tuesday for microsoft products

    and adobe released some flash player patches which are always of the utmost importance if you allow flash advertisements to display on your browser

    MS16-045 This one will be a major headache for those who run and host virtual machines on Hyper-V. A flaw in the hypervisor could allow a "guest" instance to access the host system and execute code, in addition to infecting the host system or accessing data from other hosted instances.
    MS16-037 A cumulative update for Internet Explorer that addresses six flaws, including remote code execution vulnerabilities that can be exploited by loading a malicious web page.
    MS16-038 A cumulative update for the Edge browser that, like the IE fix, patches six vulnerabilities, including remote code execution from malicious web pages.
    MS16-039 A patch to address a remote code execution flaw present in Windows, .NET Framework, Office, Skype for Business, and Microsoft Lync. According to Microsoft, the vulnerability "could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts."
    MS16-040 A single flaw in the XML Core Services component in Windows that allows an attacker to take control of a system by convincing the user to click a link "typically by way of an enticement in an email or Instant Messenger message."
    MS16-041 A remote code execution bug in the .NET Framework that allows an attacker who already has access to the local system to install and execute a malicious application.
    MS16-042 Four memory corruption vulnerabilities in Office that allow an attacker to remotely execute code by convincing the user to open a malicious Office file. One of the flaws also affects Office for Mac, meaning Apple users will need to patch their software as well.
    MS16-044 A vulnerability in Windows OLE that allows an attacker to remotely execute code by convincing the target to open "either a specially crafted file or a program from either a webpage or an email message."
    MS16-046 A flaw in the Windows Secondary Logon that allows an attacker to elevate their user privilege level to Administrator.
    MS16-047 A "man in the middle" flaw in the Windows Security Account Manager and Local Security Authority Domain components that allows an attacker with access to network traffic the ability to downgrade security controls and then impersonate the user Ė aka the Badlock bug.
    MS16-048 A vulnerability in Windows CSRSS that potentially allows an attacker to bypass security credentials and gain administrator access by exploiting a flaw in the way CSRSS handles memory tokens.
    MS16-049 A denial of service vulnerability in Windows that allows an attacker to freeze a targeted machine just by sending a malicious HTTP packet.
    MS16-050 A cumulative update for Flash Player addressing a total of 10 security bugs, including remote code execution flaws.
    These will all be removed by aegis-voat.cmd. Sorry. Thought they were Windows updates, not Adobe.
    And quite why would you want to remove Windows updates?

  3. #53
    Member
    harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    Today @ 01:52 PM
    Posts
    47,360
    Quote Originally Posted by Latindancer View Post
    May 18, 2016




    Four years later, LinkedIn is still dealing with the effects of a 2012 data breach.
    At the time, hackers reportedly gained access to more than 6 million of the enterprise social network's 161 million users. But LinkedIn has confirmed that an additional set of data was released on Monday.


    117M LinkedIn Passwords Leaked | News & Opinion | PCMag.com
    I banned LinkedIn a long time ago, and opened an account just to lock it.

    Just a gazillion spams from Indians asking for jobs.

  4. #54
    Member
    harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    Today @ 01:52 PM
    Posts
    47,360
    In surprising end to TeslaCrypt, the developers shut down their ransomware and released the master decryption key. Over the past few weeks, an analyst for ESET had noticed that the developers of TeslaCrypt have been slowly closing their doors, while their previous distributors have been switching over to distributing the CryptXXX ransomware.

    When the ESET researcher realized what was happening, he took a shot in the dark and used the support chat on the Tesla payment site to ask if they would release the master TeslaCrypt decryption key. To his surprise and pleasure, they agreed to do so and posted it on their now defunct payment site.



    Now that the decryption key has been made publicly available, this allowed TeslaCrypt expert BloodDolly to update TeslaDecoder to version 1.0 so that it can decrypt version 3.0 and version 4.0 of TeslaCrypt encrypted files. This means that anyone who has TeslasCrypt encrypted files with the .xxx, .ttt, .micro, .mp3, or encrypted files without an extension can now decrypt their files for free!

    TeslaCrypt shuts down and Releases Master Decryption Key

  5. #55
    Thailand Expat
    Sumbitch's Avatar
    Join Date
    Jul 2011
    Last Online
    13-09-2017 @ 03:03 PM
    Location
    Chiang Mai
    Posts
    5,596
    Quote Originally Posted by harrybarracuda
    And quite why would you want to remove Windows updates?
    Read the small print.

  6. #56
    Valve Master Latindancer's Avatar
    Join Date
    Mar 2010
    Last Online
    @
    Location
    Australia
    Posts
    9,605
    Quote Originally Posted by harrybarracuda View Post

    And quite why would you want to remove Windows updates?
    I'm running Vista (no probs), but disabled updates for the last 2 months. Every time I enable them, I end up with a black screen soon after (can't remember if it's with cursor or without) , and have to go through Safe Mode, back to the last good configuration.

    Not sure why this happens.

  7. #57
    Member
    harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    Today @ 01:52 PM
    Posts
    47,360
    Quote Originally Posted by Latindancer View Post
    Quote Originally Posted by harrybarracuda View Post

    And quite why would you want to remove Windows updates?
    I'm running Vista (no probs), but disabled updates for the last 2 months. Every time I enable them, I end up with a black screen soon after (can't remember if it's with cursor or without) , and have to go through Safe Mode, back to the last good configuration.

    Not sure why this happens.
    It should be fairly simple to use an iterative process to find out which one is bad and google it.

    Better than leaving yourself unprotected.

  8. #58
    Member
    harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    Today @ 01:52 PM
    Posts
    47,360
    Quote Originally Posted by wjblaney View Post
    Quote Originally Posted by harrybarracuda
    And quite why would you want to remove Windows updates?
    Read the small print.
    The small print says "wjblaney is a dick".

  9. #59
    Thailand Expat
    Sumbitch's Avatar
    Join Date
    Jul 2011
    Last Online
    13-09-2017 @ 03:03 PM
    Location
    Chiang Mai
    Posts
    5,596
    Quote Originally Posted by harrybarracuda
    The small print says "wjblaney is a dick".
    Same to you.

  10. #60
    Neo
    Neo is online now
    Dislocated Member
    Neo's Avatar
    Join Date
    May 2011
    Last Online
    Today @ 01:46 PM
    Location
    Nebuchadnezzar
    Posts
    9,947
    I've had enough of Avast getting so bloated and limiting the options to opt out of the ever increasing additions to it's software so I've switched to Avira after reviewing it's rating on AV Test

    https://www.av-test.org/en/

  11. #61
    R.I.P.
    DrB0b's Avatar
    Join Date
    Dec 2006
    Last Online
    @
    Location
    ALL GLORY TO THE HYPNOTOAD
    Posts
    16,481
    Quote Originally Posted by harrybarracuda
    It should be fairly simple to use an iterative process
    A what now?

  12. #62
    Member
    harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    Today @ 01:52 PM
    Posts
    47,360
    Flaw in popular WordPress plug-in Jetpack puts over a million websites at risk
    Lucian Constantin By Lucian Constantin FOLLOW
    IDG News Service | May 30, 2016

    Owners of WordPress-based websites should update the Jetpack plug-in as soon as possible because of a serious flaw that could expose their users to attacks.

    Jetpack is a popular plug-in that offers free website optimization, management and security features. It was developed by Automattic, the company behind WordPress.com and the WordPress open-source project, and has over 1 million active installations.

    Researchers from Web security firm Sucuri have found a stored cross-site scripting (XSS) vulnerability that affects all Jetpack releases since 2012, starting with version 2.0.

    The issue is located in the Shortcode Embeds Jetpack module which allows users to embed external videos, images, documents, tweets and other resources into their content. It can be easily exploited to inject malicious JavaScript code into comments.

    Since the JavaScript code is persistent, it will get executed in users' browsers in the context of the affected website every time they view the malicious comment. This can be used to steal their authentication cookies, including the administrator's session; to redirect visitors to exploits, or to inject search engine optimization (SEO) spam.

    "The vulnerability can be easily exploited via wp-comments and we recommend everyone to update asap, if you have not done so yet," said Sucuri researcher Marc-Alexandre Montpas in a blog post.

    Sites that don't have the Shortcode Embeds module activated are not affected, but this module provides popular functionality so many websites are likely to have it enabled.

    The Jetpack developers have worked with the WordPress security team to push updates to all affected versions through the WordPress core auto-update system. Jetpack versions 4.0.3 or newer contain the fix.

    In case users don't want to upgrade to the latest version, the Jetpack developers have also released point releases for all twenty-one vulnerable branches of the Jetpack codebase: 2.0.7, 2.1.5, 2.2.8, 2.3.8, 2.4.5, 2.5.3, 2.6.4, 2.7.3, 2.8.3, 2.9.4, 3.0.4, 3.1.3, 3.2.3, 3.3.4, 3.4.4, 3.5.4, 3.6.2, 3.7.3, 3.8.3, 3.9.7, and 4.0.3.


    Flaw in popular WordPress plug-in Jetpack puts over a million websites at risk | ITworld

  13. #63
    Member
    harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    Today @ 01:52 PM
    Posts
    47,360
    Who's got a MySpace account?

    I'd forgotten I had one.

    Notice of Data Breach
    You may have heard reports recently about a security incident involving Myspace. We would like to make sure you have the facts about what happened, what information was involved and the steps we are taking to protect your information.
    What Happened?
    Shortly before the Memorial Day weekend, we became aware that stolen Myspace user login data was being made available in an online hacker forum. The data stolen included user login data from a portion of accounts that were created prior to June 11, 2013 on the old Myspace platform.
    We believe the data breach is attributed to Russian Cyberhacker ‚€˜Peace.‚€™ This same individual is responsible for other recent criminal attacks such as those on LinkedIn and Tumblr, and has claimed on the paid hacker search engine LeakedSource that the data is from a past breach. This is an ongoing investigation, and we will share more information as it becomes available.
    What Information Was Involved?
    Email addresses, Myspace usernames, and Myspace passwords for the affected Myspace accounts created prior to June 11, 2013 on the old Myspace platform are at risk. As you know, Myspace does not collect, use or store any credit card information or user financial information of any kind. No user financial information was therefore involved in this incident; the only information exposed was users‚€™ email address and Myspace username and password.
    What We Are Doing
    In order to protect our users, we have invalidated all user passwords for the affected accounts created prior to June 11, 2013 on the old Myspace platform. These users returning to Myspace will be prompted to authenticate their account and to reset their password by following instructions at https://myspace.com/forgotpassword
    Myspace is also using automated tools to attempt to identify and block any suspicious activity that might occur on Myspace accounts.
    We have also reported the incident to law enforcement authorities and are cooperating to investigate and pursue this criminal act. As part of the major site re-launch in the summer of 2013, Myspace took significant steps to strengthen account security.¬ The compromised data is related to the period before those measures were implemented. We are currently utilizing advanced protocols including double salted hashes (random data that is used as an additional input to a one-way function that "hashes" a password or passphrase) to store passwords.¬ Myspace has taken additional security steps in light of the recent report.
    What You Can Do
    We have several dedicated teams working diligently to ensure that the information our members entrust to Myspace remains secure. Importantly, if you use passwords that are the same or similar to your Myspace password on other online services, we recommend you set new passwords on those accounts immediately.
    For More Information
    If you have any questions, please feel free to contact our Data Security & Protection team at dsp_help@myspace-inc.com or visit our blog at https://myspace.com/pages/blog.

  14. #64
    Thailand Expat
    Sumbitch's Avatar
    Join Date
    Jul 2011
    Last Online
    13-09-2017 @ 03:03 PM
    Location
    Chiang Mai
    Posts
    5,596
    I have one. But I can't remember my password.

    What are you going to do about it Harry?

  15. #65
    Thailand Expat
    Sumbitch's Avatar
    Join Date
    Jul 2011
    Last Online
    13-09-2017 @ 03:03 PM
    Location
    Chiang Mai
    Posts
    5,596
    The motherfuckers. They changed my password, which I can't remember, so how am I going to change that old password on any other accounts?

  16. #66
    Member
    harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    Today @ 01:52 PM
    Posts
    47,360

  17. #67
    Thailand Expat
    Sumbitch's Avatar
    Join Date
    Jul 2011
    Last Online
    13-09-2017 @ 03:03 PM
    Location
    Chiang Mai
    Posts
    5,596
    It says "retrieve an existing password" but it doesn't do it.

    Edit: sorry, it says "retrieve an existing account" but it will not retrieve your old password.
    Last edited by Sumbitch; 02-06-2016 at 02:38 PM.

  18. #68
    Member
    harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    Today @ 01:52 PM
    Posts
    47,360
    Quote Originally Posted by wjblaney View Post
    It says "retrieve an existing password" but it doesn't do it.

    Edit: sorry, it says "retrieve an existing account" but it will not retrieve your old password.
    Click the link.

    You get an email.

    You click the link to set a new password.

    It isn't rocket surgery.

  19. #69
    disturbance in the Turnip baldrick's Avatar
    Join Date
    Apr 2006
    Last Online
    Today @ 01:55 PM
    Location
    Thermae
    Posts
    19,110
    not forgetting that if you had a linkedin account in 2012 then your password has been compromised - get a password manager and change the linkedin password and every other site you use with a nice random 10 or 12 character

    and if you have bought a lenovo recently

    Lenovo is warning users to uninstall its Accelerator support application after it was revealed to have what it says are serious interception vulnerabilities.

    The company is one of five vendors caught pre-installing dangerously-vulnerable OEM software.

    Duo Security researcher Mikhail Davidov reported the holes that would allow eavesdropping attackers to tap into Accelerator's unencrypted update channels to compromise users.

    "A vulnerability was identified in the Lenovo Accelerator Application software which could lead to exploitation by an attacker with man-in-the-middle capabilities," Lenovo says.

    "The vulnerability resides within the update mechanism where a Lenovo server is queried to identify if application updates are available.

    "Lenovo recommends customers uninstall Lenovo Accelerator Application."
    Lenovo cries 'dump our support app' after 'critical' hole found ? The Register

  20. #70
    Thailand Expat
    Sumbitch's Avatar
    Join Date
    Jul 2011
    Last Online
    13-09-2017 @ 03:03 PM
    Location
    Chiang Mai
    Posts
    5,596
    Quote Originally Posted by harrybarracuda
    Click the link.

    You get an email.

    You click the link to set a new password.

    It isn't rocket surgery.
    You didn't read what I said. I don't want a new password or even a new fucking account. If you reset your password how do know what your old password was?

  21. #71
    Member
    harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    Today @ 01:52 PM
    Posts
    47,360
    Quote Originally Posted by wjblaney View Post
    Quote Originally Posted by harrybarracuda
    Click the link.

    You get an email.

    You click the link to set a new password.

    It isn't rocket surgery.
    You didn't read what I said. I don't want a new password or even a new fucking account. If you reset your password how do know what your old password was?
    Why do you want your old password?

    Can't you read?

    Myspace has been compromised.

  22. #72
    Member
    harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    Today @ 01:52 PM
    Posts
    47,360
    Quote Originally Posted by baldrick View Post
    not forgetting that if you had a linkedin account in 2012 then your password has been compromised - get a password manager and change the linkedin password and every other site you use with a nice random 10 or 12 character

    and if you have bought a lenovo recently

    Lenovo is warning users to uninstall its Accelerator support application after it was revealed to have what it says are serious interception vulnerabilities.

    The company is one of five vendors caught pre-installing dangerously-vulnerable OEM software.

    Duo Security researcher Mikhail Davidov reported the holes that would allow eavesdropping attackers to tap into Accelerator's unencrypted update channels to compromise users.

    "A vulnerability was identified in the Lenovo Accelerator Application software which could lead to exploitation by an attacker with man-in-the-middle capabilities," Lenovo says.

    "The vulnerability resides within the update mechanism where a Lenovo server is queried to identify if application updates are available.

    "Lenovo recommends customers uninstall Lenovo Accelerator Application."
    Lenovo cries 'dump our support app' after 'critical' hole found ? The Register
    It's worse than that Jim.

    Laptop Updaters From Major Vendors Pose Security Risks

    By Sean Michael Kerner | Posted 2016-05-31

    Researchers from Duo Security found multiple critical vulnerabilities in out-of-the box laptop software updaters from Lenovo, HP, Dell, Acer and Asus.

    When consumers buy laptops at retail stores from major laptop vendors, the devices come out-of-the-box with various forms of software updaters. According to research published May 31 by Duo Security, those updates have been exposing users to security risks.

    Duo Security found 12 vulnerabilities in the updaters, the worst of which could have potentially enabled an attacker to execute a full system compromise in less than 10 minutes. In some cases, the updaters are used to update what is commonly referred to as "bloatware," extra software that is added to a default operating system providing additional services. Duo Security also found, however, that in many instances "bloatware" isn't the only thing that is being updated by some of these tools.

    "Things like device drivers and BIOS firmware get updated by some of them, as well," Darren Kemp, a security researcher at Duo Labs, told eWEEK. "So there are sometimes legitimate, necessary components being updated insecurely through the OEM updaters."

    One major cause of the vulnerabilities that Duo Security identified is a lack of proper use of Secure Sockets Layer/Transport Layer Security (SSL/TLS) to authenticate and encrypt an update. Without proper use of SSL/TLS, an update could be intercepted or manipulated by an attacker to deliver malware, instead of a legitimate software update.

    Kemp emphasized that the nature of the software being updated is really irrelevant to the overall outcome for an attacker, which is why it doesn't matter what the updaters are actually updating. He noted that the updaters are inherently privileged, executing with system-level permissions.

    "There are many opportunities for a man-in-the-middle attacker to piggyback malicious commands or executable code on the back of seemingly legitimate bloatware updates," Kemp said. "The end result is still a compromise for the user; by the time they notice the update, if they notice it, it's probably too late."

    Also of particular note is the fact that many of the updaters support the installation of "silent" updates that happen behind the scenes and do not notify the user. Kemp noted that silent updates can potentially be compromised without any indication an update has even been installed. To make matters worse, all the updaters Duo Security looked at provide automatic updates.

    "While many of them have some feature that allows a user to interactively request the software check for updates, they all do it autonomously, as well," Kemp said.
    While Duo Security found the vulnerabilities in the updaters, it did not find any instances where the vulnerabilities are or have been actively exploited in the wild.

    Additionally, most of the vendors that the updater vulnerabilities affected have already fixed the issues.

    Kemp noted that during the course of Duo Security's research, Dell issued software updates that fixed all of the issues. HP fixed the issues with their updaters, while Lenovo simply removed the potentially vulnerable updating software from their systems. Acer and Asus responded to Duo Security, but haven't provided a formal timeline for public fixes, Kemp said.

    The way that Duo Security found the security issues wasn't through an automated tool but, rather, through a mostly manual process. "We primarily disassembled most of the components manually and audited the code for vulnerabilities, in conjunction with reviewing packet captures to expedite reverse engineering," Kemp explained.
    For consumers looking to protect themselves from the potential risks of vulnerable software updaters, the task is also somewhat manual. "Unfortunately, the only sure way to protect yourself is to simply remove any OEM software altogether, which is admittedly a frustrating task for less technical users," Kemp said.

    Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

    Laptop Updaters From Major Vendors Pose Security Risks

  23. #73
    Thailand Expat
    Sumbitch's Avatar
    Join Date
    Jul 2011
    Last Online
    13-09-2017 @ 03:03 PM
    Location
    Chiang Mai
    Posts
    5,596
    Quote Originally Posted by harrybarracuda
    In order to protect our users, we have invalidated all user passwords for the affected accounts created prior to June 11, 2013 on the old Myspace platform. These users returning to Myspace will be prompted to authenticate their account and to reset their password by following instructions at https://myspace.com/forgotpassword
    Did you bother to read your post? It says
    invalidated all user passwords
    Secondly,
    These users returning to Myspace will be prompted to authenticate their account and to reset their password
    That says "reset password" not "retrieve old password"

  24. #74
    Thailand Expat
    Sumbitch's Avatar
    Join Date
    Jul 2011
    Last Online
    13-09-2017 @ 03:03 PM
    Location
    Chiang Mai
    Posts
    5,596
    Quote Originally Posted by baldrick
    and if you have bought a lenovo recently
    Quote Originally Posted by baldrick
    Lenovo cries 'dump our support app' after 'critical' hole found ? The Register
    Thanks. I'm safe with win 7 but windows 10 users are not.

    Only those Lenovo machines with Windows 10 pre-installed sport the exposed app.
    Lenovo cries 'dump our support app' after 'critical' hole found ? The Register

  25. #75
    disturbance in the Turnip baldrick's Avatar
    Join Date
    Apr 2006
    Last Online
    Today @ 01:55 PM
    Location
    Thermae
    Posts
    19,110
    a password manager - creates passwords for you for services and webpages - and you only have to remember your master password

    https://ssd.eff.org/en/module/how-use-keepassx

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •