Author Topic: Internet Vulnerability & Exploits  (Read 1889 times)

Wizard X

  • Lord of the Realms
  • Foundress Queen
  • *****
  • Posts: 1,224
« Last Edit: December 22, 2012, 11:03:32 PM by Wizard X »
Albert Einstein - "Great ideas often receive violent opposition from mediocre minds."

TooCold

  • Larvae
  • *
  • Posts: 32
Re: Internet Security & Exploits.
« Reply #1 on: September 18, 2010, 05:24:44 AM »
The best way to avoid these exploits is to keep your software up to date. Secunia PSI hxxp://www.secunia.com checks your software to make sure it is up to date.

embezzler

  • Subordinate Wasp
  • ***
  • Posts: 228
Re: Internet Security & Exploits.
« Reply #2 on: September 18, 2010, 09:09:24 AM »
@Too cold, I like your idea but a better way would be to drop windows altogether. Or at least use it for dual boot. 99% of computing doesnt require it.

The Linux Kernel bug isn't too much of a biggie. It is updated too often for exploitation coupled with a low profile it is far safer even when there is a vulnerability and as far as I remember local access was required for that one to work.

All that we see or seem is but a dream within a dream...

Vesp

  • Administrator
  • Foundress Queen
  • *****
  • Posts: 3,130
Re: Internet Security & Exploits.
« Reply #3 on: September 18, 2010, 03:54:58 PM »
I think something like OpenBSD with a graphical user interface would be great -- or even just with firefox. On install OpenBSD is very secure. Of course, it is a black screen with white letters... but it can be added too.
Bitcoin address: 1FVrHdXJBr6Z9uhtiQKy4g7c7yHtGKjyLy

Wizard X

  • Lord of the Realms
  • Foundress Queen
  • *****
  • Posts: 1,224
Re: Internet Security & Exploits.
« Reply #4 on: September 19, 2010, 03:04:41 AM »
I've posted this before. Beware of redirecting browser plugins that redirect your web surfing in general, or specific URLs, through a malicious data logging proxy.
http://www.2-spyware.com/browser-plugins-removal

Example. [Your PC]{redirecting browser plugin}<==Internet==><==(malicious data logging proxy with HTTP & HTTPS)==>website.

The redirecting browser plug-in spoofs the website URL in the address bar, so you see only the website address.
Albert Einstein - "Great ideas often receive violent opposition from mediocre minds."

TooCold

  • Larvae
  • *
  • Posts: 32
Re: Internet Security & Exploits.
« Reply #5 on: September 23, 2010, 07:46:59 PM »
@Too cold, I like your idea but a better way would be to drop windows altogether. Or at least use it for dual boot. 99% of computing doesnt require it.

The Linux Kernel bug isn't too much of a biggie. It is updated too often for exploitation coupled with a low profile it is far safer even when there is a vulnerability and as far as I remember local access was required for that one to work.


I agree that Linux and OpenBSD are much preferable to windows. However, convincing some people to switch is difficult. Also, just because one uses Linux doesn't mean that one can let software updates slide either.

xxxxx

  • Larvae
  • *
  • Posts: 8
Re: Internet Security & Exploits.
« Reply #6 on: September 23, 2010, 08:51:18 PM »
I would strongly recommend that anyone who has been resisting the switch to Linux, to try a dual boot system. You have all the convenience of Windows when needed while also having a system such as ubuntu for your day to day use, with all the power of Linux along with a great UI!
« Last Edit: September 23, 2010, 08:54:00 PM by Palladium »

hypnos

  • Dominant Queen
  • ****
  • Posts: 402
Re: Internet Security & Exploits.
« Reply #7 on: September 25, 2010, 08:02:09 AM »
what makes linux so good? I am rather naive when it comes to computers etc, so always appreciate qualified advice, and I noticed that you are somewhat the IT dude so I would be most interested in you input
cheers hyppy
"the two things you can give away and never lose, are what you know, and how you feel...."

TooCold

  • Larvae
  • *
  • Posts: 32
Re: Internet Security & Exploits.
« Reply #8 on: October 01, 2010, 08:30:47 AM »
Linux and OpenBSD have one very simple advantage: far less people use them than Windows and MAC OS X. Hackers that hack to make money and steal credit card numbers etc. focus on windows and OS X because many people use them. If the hackers spent a lot of time to find some obscure Linux software vulnerability it wouldn't pay off because they would not be able to use it nearly as much as a windows software vulnerability.

Vesp

  • Administrator
  • Foundress Queen
  • *****
  • Posts: 3,130
Re: Internet Security & Exploits.
« Reply #9 on: October 01, 2010, 09:55:58 PM »
And in general, they are simply more secure than windows - as is OS X. I am not sure why, it has been a while since I've read about it, but I believe it is just because they are all based on Unix.
Bitcoin address: 1FVrHdXJBr6Z9uhtiQKy4g7c7yHtGKjyLy

Wizard X

  • Lord of the Realms
  • Foundress Queen
  • *****
  • Posts: 1,224
Re: Internet Security & Exploits.
« Reply #10 on: October 03, 2010, 09:55:05 PM »
US wire-tap law could add to security burden. http://www.v3.co.uk/v3/news/2270505/interception-law-add-security

Stuxnet worm can re-infect scrubbed PCs. http://www.computerworld.com/s/article/9188238/Stuxnet_worm_can_re_infect_scrubbed_PCs?taxonomyId=17

6 tips for guarding against rogue sys admins. http://www.networkworld.com/news/2010/092710-insider-threat-tips.html?hpg1=bn

ZeuS attacks mobiles in bank SMS bypass scam. http://www.theregister.co.uk/2010/09/27/zeus_mobile_malware/

ICO calls for SME security standard. http://www.v3.co.uk/v3/news/2270676/ico-calls-sme-security-standard

Android apps leak user data. http://www.zdnet.co.uk/blogs/mapping-babel-10017967/report-some-android-apps-leak-user-data-10020604/

Organisations struggling with PCI compliance. http://www.v3.co.uk/v3/news/2270762/organisations-struggle-pci

Security experts vote to outlaw PDF standard. http://www.v3.co.uk/v3/news/2270680/security-experts-voted-outlaw

Feds hit Zeus group, but the brains remain overseas. http://www.computerworld.com/s/article/9189019/Feds_hit_Zeus_group_but_the_brains_remain_overseas?taxonomyId=17

Twitter 'mouse over' hack causing chaos. http://www.v3.co.uk/v3/news/2270157/updated-twitter-features-hit

Microsoft encryption technology not widely used, according to survey. http://www.computerworld.com/s/article/9186965/Microsoft_encryption_technology_not_widely_used_according_to_survey?taxonomyId=17

Stuxnet worm may have been built to attack Iran. http://news.techworld.com/security/3240456/stuxnet-worm-may-have-been-built-to-attack-iran/

FBI investigating 'Here you have' worm. http://www.computerworld.com/s/article/9187703/FBI_investigating_Here_you_have_worm?taxonomyId=17

Hackers exploit latest Microsoft zero-day bug. http://www.computerworld.com/s/article/9187519/Hackers_exploit_latest_Microsoft_zero_day_bug?taxonomyId=17

Mobile workers pose biggest security risk. http://news.techworld.com/security/3240748/mobile-workers-pose-biggest-security-risk/

Malware scams preying on free music searches. http://www.v3.co.uk/v3/news/2269783/malware-scams-preying-free

Siemens: Stuxnet worm hit industrial systems. http://www.computerworld.com/s/article/9185419/Siemens_Stuxnet_worm_hit_industrial_systems?taxonomyId=17

Red Hat tops list of hottest IT security certifications. http://www.networkworld.com/news/2010/091510-red-hat-security-certifications.html?hpg1=bn

Forrester: Trust no one when it comes to IT security. http://www.networkworld.com/news/2010/091510-forrester-zero-trust-security.html?hpg1=bn

Seven ways social nets like Facebook and LinkedIn are 'truly evil'. http://www.networkworld.com/news/2010/091610-social-networks.html?hpg1=bn

Die-hard bug bytes Linux kernel for second time. http://www.theregister.co.uk/2010/09/15/linux_kernel_regression_bug/

Researchers issue homemade patch for PDF zero-day bug. http://www.computerworld.com/s/article/9186420/Researchers_issue_homemade_patch_for_PDF_zero_day_bug?taxonomyId=17

Police terror trainers lose USB stick in street. http://www.networkworld.com/news/2010/090610-police-terror-trainers-lose-usb.html?hpg1=bn

Privacy watchdogs challenge laptop seizures at US borders. http://www.theregister.co.uk/2010/09/07/laptop_searches/

Hackers exploit new PDF zero-day bug, warns Adobe. http://www.computerworld.com/s/article/9184146/Hackers_exploit_new_PDF_zero_day_bug_warns_Adobe?taxonomyId=17

Vulnerability management: The basics. http://www.networkworld.com/news/2010/090910-vulnerability-management-the.html?hpg1=bn

US government security group falls short in audit  Read more: http://www.v3.co.uk/v3/news/2269550/cyber-security-group-falls

Here You Have" a Reason to Improve Malware Security. http://www.networkworld.com/news/2010/091010-here-you-have-a-reason.html?hpg1=bn
« Last Edit: October 03, 2010, 09:57:22 PM by Wizard X »
Albert Einstein - "Great ideas often receive violent opposition from mediocre minds."

TooCold

  • Larvae
  • *
  • Posts: 32
Re: Internet Security & Exploits.
« Reply #11 on: October 06, 2010, 05:22:58 AM »

Hackers exploit new PDF zero-day bug, warns Adobe. http://www.computerworld.com/s/article/9184146/Hackers_exploit_new_PDF_zero_day_bug_warns_Adobe?taxonomyId=17


Avoid Adobe PDF reader like the plague it is a favorite target of hackers. Foxit Reader is much safer hxxp://www.foxit.com

Wizard X

  • Lord of the Realms
  • Foundress Queen
  • *****
  • Posts: 1,224
Re: Internet Security & Exploits.
« Reply #12 on: October 17, 2010, 12:36:55 AM »
Albert Einstein - "Great ideas often receive violent opposition from mediocre minds."

xxx

  • Larvae
  • *
  • Posts: 4
Re: Internet Security & Exploits.
« Reply #13 on: October 17, 2010, 05:14:00 PM »
Best way to surf online is the following. Run a Linux distro with Virtualbox or similar VMware suite, and use a VM of Puppy or Damn Small Linux inside it. best still is to run the ENTIRE setup from a USB drive. That way even if the '1337 h4x0r' breaks out of the VMWare 'jail' (it can be done or so I am told) they are only inside your USB stick which should not have anything valuable on it.

Oh, finally. Use Pidgin IM client with the OTR plugin, the TOR proxy, and encrypt (manually) your emails plaintext - then hushmail the ciphertext or something. Or use one time use email addresses or something.

TooCold

  • Larvae
  • *
  • Posts: 32
Re: Internet Security & Exploits.
« Reply #14 on: October 21, 2010, 05:41:17 AM »
Half of home Wi-Fi networks vulnerable to hacking. http://www.networkworld.com/news/2010/101410-half-of-home-wi-fi-networks.html?hpg1=bn

I'd say it is more like 99% of Wi-fi networks are vulnerable to hacking. Even those people that use WPA encryption usually use a short and easy to crack password. Every day there are more and more tools allowing even unsophisticated "hackers" to crack wireless networks with less and less effort. Also, anyone with $20 can use websites like hxxp://www.wpacracker.com/ to crack WPA websites in an hour.

encrypt (manually) your emails plaintext - then hushmail the ciphertext or something. Or use one time use email addresses or something.

Assuming you are talking about strong encryption like GPG (which you should be using for email encryption), you would gain nothing by encrypting it again with hushmail because GPG encryption is very strong already.

xxx

  • Larvae
  • *
  • Posts: 4
Re: Internet Security & Exploits.
« Reply #15 on: October 21, 2010, 08:26:40 PM »
You would gain another 'layer' of security. I see security as like an onion. I only bother encrypting emails to ONE person (because they are the only person I email about anything potentially 'odd') and we have a few layers. layers upon layers man. Manual encoding using our own (non sophisticated) cipher method (which key-changes a LOT, but is VERY simplistic and probably easy to crack), then GnuPG and then hushmail it just for that extra layer. The emails themselves are 'sanitized' of any identifying shite, and so on. Also as a rule I only access my hushmail accounts from 'borrowed' WiFi hotspots, wiping router logs when I am done. I tend to also use TOR while doing this.

It is all about the layers man. Each one is another layer of insulation to help CYA

Wizard X

  • Lord of the Realms
  • Foundress Queen
  • *****
  • Posts: 1,224
Re: Internet Security & Exploits.
« Reply #16 on: October 23, 2010, 02:58:41 AM »
Albert Einstein - "Great ideas often receive violent opposition from mediocre minds."

Vesp

  • Administrator
  • Foundress Queen
  • *****
  • Posts: 3,130
Re: Internet Security & Exploits.
« Reply #17 on: October 27, 2010, 09:26:44 PM »
Bitcoin address: 1FVrHdXJBr6Z9uhtiQKy4g7c7yHtGKjyLy

Wizard X

  • Lord of the Realms
  • Foundress Queen
  • *****
  • Posts: 1,224
Re: Internet Security & Exploits.
« Reply #18 on: November 05, 2010, 11:40:17 PM »
Facebook pages very much public, even when set as private. http://www.theregister.co.uk/2010/10/25/facebook_privacy_bypass/

Hackers plant Firefox 0day on Nobel Peace Prize website. http://www.theregister.co.uk/2010/10/26/firefox_0day_report/

Mozilla patches Firefox zero-day bug in 48 hours. http://www.computerworld.com/s/article/9193518/Mozilla_patches_Firefox_zero_day_bug_in_48_hours?taxonomyId=17

iPhone bug lets thieves unlock stolen phones. http://news.techworld.com/mobile-wireless/3246046/iphone-bug-lets-thieves-unlock-stolen-phones/

Hackers attack new flaw in Reader, Acrobat and Flash. http://www.v3.co.uk/v3/news/2272393/hackers-attack-flaw-reader

PCI Security Standards Council tweaks standards. http://www.v3.co.uk/v3/news/2272319/pci-security-standards-council

IT worker sentenced after stealing data for online surveys. http://news.techworld.com/security/3246517/it-worker-sentenced-after-stealing-data-for-online-surveys/
Albert Einstein - "Great ideas often receive violent opposition from mediocre minds."

Wizard X

  • Lord of the Realms
  • Foundress Queen
  • *****
  • Posts: 1,224
Re: Internet Security & Exploits.
« Reply #19 on: November 06, 2010, 11:38:31 PM »
Albert Einstein - "Great ideas often receive violent opposition from mediocre minds."