*** The Security News Thread ***

[harrybarracuda]

firefox extension fcukup

fixes here if you want to get them working again before they get their sh1t into a pile and fix the problem

http://www.reddit.com/r/firefox/comments/bkhtv8/heres_whats_going_on_with_your_addons_being/

Schoolboy error.

[harrybarracuda]

Arf.

[baldrick]

er - no PiHole

what sort of Amateur sh1tshow do you think people should run

[harrybarracuda]

You can add one of those, and if you want to be really paranoid run your shit through any number of cloud analytics platforms as well.

Fuck it, if you have the budget do what you like.

[baldrick]

are you able to pass a camel through the eye of a PiHole ?

[baldrick]

if youare using firefox you should be able to update to 66.0.0.4 which will fix you addons/extensions issue

http://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/

[harrybarracuda]

if youare using firefox you should be able to update to 66.0.0.4 which will fix you addons/extensions issue

http://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/

I've got 66.0.4 showing in mine.

[baldrick]

that is because I am a 00 and you are not

[harrybarracuda]

that is because I am a 00 and you are not

That's not your blood alcohol level then.

[harrybarracuda]

WhatsApp is encouraging users to update to the latest version of the app after discovering a vulnerability that allowed spyware to be injected into a user’s phone through the app’s phone call function.

The spyware was developed by the Israeli cyber intelligence company NSO Group, according to the Financial Times, which first reported the vulnerability.

Attackers could transmit the malicious code to a target’s device by calling the user and infecting the call whether or not the recipient answered the call. Logs of the incoming calls were often erased, according to the report.

WhatsApp said that the vulnerability was discovered this month, and that the company quickly addressed the problem within its own infrastructure. An update to the app was published Monday, and the company is encouraging users to upgrade out of an abundance of caution.

The company has also alerted US law enforcement to the exploit, and published a “CVE notice”, an advisory to other cybersecurity experts alerting them to “common vulnerabilities and exposures”.

The vulnerability was used in an attempted attack on the phone of a UK-based attorney on 12 May, the FT reported. The lawyer, who was not identified by name, is involved in a lawsuit against NSO brought by a group of Mexican journalists, government critics and a Saudi Arabian dissident.

“The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems,” WhatsApp said in a statement. “We have briefed a number of human rights organizations to share the information we can and to work with them to notify civil society.”
NSO Group did not immediately respond to the Guardian’s request for a comment. The company told the FT that it was investigating the WhatsApp attacks.

“Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies,” NSO Group told the FT. “NSO would not, or could not, use its technology in its own right to target any person or organization, including this individual.”

NSO limits sales of its spyware, Pegasus, to state intelligence agencies. The spyware’s capabilities are near absolute. Once installed on a phone, the software can extract all of the data that’s already on the device (text messages, contacts, GPS location, email, browser history, etc) in addition to creating new data by using the phone’s microphone and camera to record the user’s surroundings and ambient sounds, according to a 2016 report by the New York Times.

WhatsApp has about 1.5bn users around the world. The messaging app uses end-to-end encryption, making it popular and secure for activists and dissidents. The Pegasus spyware does not affect or involve the app’s encryption.

https://www.theguardian.com/technolo...-vulnerability

[baldrick]

for those of you who do use whatsapp - make sure you are getting a version that has been updated

VE-2019-3568
Description: A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.
Affected Versions: The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.
Last Updated: 2019-05-13

[harrybarracuda]

One of my throng proudly informed everyone that it doesn't affect him because he uses 2FA.

[baldrick]

^ I would have sacked butterfluffer by now

iTards probably need to update their app store app to get the latest version of whatsapp

[harrybarracuda]

^ I would have sacked butterfluffer by now

iTards probably need to update their app store app to get the latest version of whatsapp

Actually despite being a tard he still knows what Regedit is for.

Maybe Buttplug could get a job as his junior assistant.

[harrybarracuda]

If you are running Windows 7 or Server 2008: Patch this one ASAP.

Or simply do a Windows Update.

If you are running XP or 2003, stop licking the windows and patch this, because it's serious enough that they have released a free patch for those, too.

Then stop being a tightwad arsehole and buy a fucking new computer, you tits.

Prevent a worm by updating Remote Desktop Services (CVE-2019-0708)
MSRC TeamMay 14, 2019

Today Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows. The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-authentication and requires no user interaction.

In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.

Now that I have your attention, it is important that affected systems are patched as quickly as possible to prevent such a scenario from happening. In response, we are taking the unusual step of providing a security update for all customers to protect Windows platforms, including some out-of-support versions of Windows.

Vulnerable in-support systems include Windows 7, Windows Server 2008 R2, and Windows Server 2008. Downloads for in-support versions of Windows can be found in the Microsoft Security Update Guide. Customers who use an in-support version of Windows and have automatic updates enabled are automatically protected. 

Out-of-support systems include Windows 2003 and Windows XP. If you are on an out-of-support version, the best way to address this vulnerability is to upgrade to the latest version of Windows. Even so, we are making fixes available for these out-of-support versions of Windows in KB4500705.

Customers running Windows 8 and Windows 10 are not affected by this vulnerability, and it is no coincidence that later versions of Windows are unaffected. Microsoft invests heavily in strengthening the security of its products, often through major architectural improvements that are not possible to backport to earlier versions of Windows.

There is partial mitigation on affected systems that have Network Level Authentication (NLA) enabled. The affected systems are mitigated against ‘wormable’ malware or advanced malware threats that could exploit the vulnerability, as NLA requires authentication before the vulnerability can be triggered. However, affected systems are still vulnerable to Remote Code Execution (RCE) exploitation if the attacker has valid credentials that can be used to successfully authenticate.

It is for these reasons that we strongly advise that all affected systems – irrespective of whether NLA is enabled or not – should be updated as soon as possible.

[baldrick]

Why are things like remote desktop service running by default ?

So many crap services run by default in an attempt to make windows tard friendly when all most of them do is allow another attack vector. Most home windows users do not even use local networks for file sharing or casting etc.

Every new update of Windows 10 becomes more of a pain to regulate the default install or sh1t that gets re enabled on updates.

It is becoming worse without technical benefits

Unless you have it on a corporate setup with full remote deployment of configuration then you should be running it sandboxed in a VM, or a standalone boot instance for games

/rant

[harrybarracuda]

Why are things like remote desktop service running by default ?

So many crap services run by default in an attempt to make windows tard friendly when all most of them do is allow another attack vector. Most home windows users do not even use local networks for file sharing or casting etc.

Every new update of Windows 10 becomes more of a pain to regulate the default install or sh1t that gets re enabled on updates.

It doesn't affect Windows 10.

It was probably in earlier versions to enable Remote Assistance and the like, to help fucking retards like buttplug and repeater when they get stuck.

The Internet should be like a motorway, no L-drivers allowed. There should be a special dumbfucks mini-internet for them to learn how to access katoey dating sites and Fox News and stuff before they are allowed to start posting drivel on the first forum they find; and it should be isolated from the proper internet so people don't get blasted with shit from all the infections they inevitably contract.

[harrybarracuda]

Oh dear oh dear...

Salesforce? Salesfarce: Cloud giant in multi-hour meltdown after database blunder grants users access to all data


https://www.theregister.co.uk/2019/05/17/salesforce_database_outage/

[harrybarracuda]

If you have an Asus router:

ASUS is releasing a firmware update for selected routers. Our most recent firmware update contains enhanced security protections against unauthorized access, alteration, disclosure of data, malware, phishing and DDoS attacks.

We strongly encourage you to periodically audit both your equipment and your security procedures, as this will ensure that you will be better protected against unwanted intrusion. As a user of an ASUS router, we advise taking the following actions:

1. Update your router to the latest firmware. We recommend that you do so as soon as they are released. You will find the latest firmware available for download from the ASUS Product Security Advisory page, at

https://www.asus.com/Static_WebPage/...sory/#header11

2. Set up separate passwords for your wireless network and router-administration page. Use passwords with a length of at least eight characters, and include a mix of capital letters, numbers and symbols. Do not use the same password for multiple devices or services.

3. Enable ASUS AiProtection, if your router supports this feature. Instructions on how to do this can be found in your router’s manual, or on the relevant ASUS support page, at www.asus.com.

Please note that if you choose not to install this new firmware version then, to avoid any potential unwanted intrusion, we strongly recommend that you disable remote access from WAN or AiCloud, and reset your router to its default settings.

If you have already installed the latest firmware version, please disregard this notice.

Should you have any question or concerns, please contact ASUS via our Security Advisory reporting system:

https://www.asus.com/securityadvisory/

For further help with router setup and an introduction to network security, please visit

https://www.asus.com/support/FAQ/1008000

https://www.asus.com/support/FAQ/1039292

[harrybarracuda]

If you have an Asus router (and if you're running stock firmware on it):

ASUS is releasing a firmware update for selected routers. Our most recent firmware update contains enhanced security protections against unauthorized access, alteration, disclosure of data, malware, phishing and DDoS attacks.

We strongly encourage you to periodically audit both your equipment and your security procedures, as this will ensure that you will be better protected against unwanted intrusion. As a user of an ASUS router, we advise taking the following actions:

1. Update your router to the latest firmware. We recommend that you do so as soon as they are released. You will find the latest firmware available for download from the ASUS Product Security Advisory page, at

https://www.asus.com/Static_WebPage/...sory/#header11

2. Set up separate passwords for your wireless network and router-administration page. Use passwords with a length of at least eight characters, and include a mix of capital letters, numbers and symbols. Do not use the same password for multiple devices or services.

3. Enable ASUS AiProtection, if your router supports this feature. Instructions on how to do this can be found in your router’s manual, or on the relevant ASUS support page, at www.asus.com.

Please note that if you choose not to install this new firmware version then, to avoid any potential unwanted intrusion, we strongly recommend that you disable remote access from WAN or AiCloud, and reset your router to its default settings.

If you have already installed the latest firmware version, please disregard this notice.

Should you have any question or concerns, please contact ASUS via our Security Advisory reporting system:

https://www.asus.com/securityadvisory/

For further help with router setup and an introduction to network security, please visit

https://www.asus.com/support/FAQ/1008000

https://www.asus.com/support/FAQ/1039292

[harrybarracuda]

If you are using Webex, patch it.

These vulnerabilities affect the following versions of the Cisco Webex Network Recording Player for
Microsoft Windows and the Cisco Webex Player for Microsoft Windows:


• Cisco Webex Business Suite sites — All Webex Network Recording Player and Webex Player
versions prior to Version WBS39.2.205

• Cisco Webex Meetings Online — All Webex Network Recording Player and Webex Player
versions prior to Version 1.3.42

• Cisco Webex Meetings Server — All Webex Network Recording Player versions prior to Version
2.8MR3 SecurityPatch2, 3.0MR2 SecurityPatch2, or 4.0

To determine which version of the Cisco Webex Network Recording Player or the Cisco Webex Player is
installed on a system, users can open the player and choose Help > About.

[OhOh]

If you are using Gmail this may be of interest;

Google Parses Your Gmail For Financial Transactions


"Recently I came across this story by Todd Haselton that describes how the author located an obscure “purchases” page in his Google account settings and there found a methodical list of his online purchasing history, from third-party outside vendors, going back to 2o12.

The upshot of the story was that:Google saves years of information on purchases you’ve made, even outside Google, and pulls this information from Gmail.

• It’s complicated to delete this private information, and options to turn it off are hidden in privacy settings.
• Google says it doesn’t use this information to sell you ads.

This can’t be true (can it?)

The more I thought about this the more I thought “this can’t be true”. I apologize for doubting Haselton, but I thought he had to have it wrong, that maybe he had a stored credit card in his browser that he had forgotten or something, because the ramifications if true, are dire.

First, it means that in order to isolate and parse purchases, Google must then be scanning every email, otherwise, how would they know what’s a purchase and what isn’t?

Further, if they were scanning every email for purchases, what else where they scanning for? Either now, or in the future? The important mechanism, the infrastructure and methodology to scan and parse every inbound email is clearly in place and operational now, adding additional criterion is just a matter of tweaking the parameters.

Then, there is the matter that Google is doing this without informing their users. We can probably wager that there is buried down the rabbit hole of the ToS some clause that alludes to the possibility that Google reserves the right from time to time (including all the time) to do something or another with your email that may or may not involve machine reading it and dissecting it for your behavioural patterns; none of us have ever read it.

More importantly, it didn’t require an explicit opt-in to fire it up."

Continues here;


https://www.zerohedge.com/news/2019-...l-transactions

[harrybarracuda]

Have you only just worked out that cloud based mail services have full access to anything that you don't encrypt?

[OhOh]

cloud based mail services

Never knowingly used one.

[harrybarracuda]

Never knowingly used one.

You registered to Teakdoor with a real email account?

Oh dear.

Or should I say OhOh dear.