Bug Reports & Feature Requests - Pyro - Apr 25, 2018 - 12:38pm
 
Trump - meower - Apr 25, 2018 - 12:30pm
 
Radio Paradise Comments - Pyro - Apr 25, 2018 - 12:28pm
 
(Big) Media Watch - black321 - Apr 25, 2018 - 12:28pm
 
Pernicious Pious Proclivities Particularized Prodigiously - sirdroseph - Apr 25, 2018 - 11:41am
 
::it's a dress thing:: - Antigone - Apr 25, 2018 - 11:07am
 
NASA & other news from space - Red_Dragon - Apr 25, 2018 - 10:29am
 
Two sexes or ? Gender as a non-binary concept - ScottFromWyoming - Apr 25, 2018 - 10:00am
 
North Korea - kurtster - Apr 25, 2018 - 9:45am
 
Tech & Science - miamizsun - Apr 25, 2018 - 9:41am
 
punk? hip-hop? metal? noise? garage? - rhahl - Apr 25, 2018 - 8:24am
 
Music Lessons - rhahl - Apr 25, 2018 - 8:19am
 
Private messages in a public forum - helenofjoy - Apr 25, 2018 - 8:14am
 
Things You Thought Today - ScottFromWyoming - Apr 25, 2018 - 8:10am
 
Annoying stuff. not things that piss you off, just annoyi... - ScottFromWyoming - Apr 25, 2018 - 7:38am
 
Prog Rockers Anonymous - rhahl - Apr 25, 2018 - 7:12am
 
New Music - meower - Apr 25, 2018 - 5:29am
 
Heroes - sirdroseph - Apr 25, 2018 - 4:06am
 
Anti-War - miamizsun - Apr 25, 2018 - 4:05am
 
The war on funk is over! - miamizsun - Apr 25, 2018 - 3:57am
 
Live Music - R_P - Apr 24, 2018 - 10:58pm
 
YouTube: Music-Videos - oppositelock - Apr 24, 2018 - 9:15pm
 
Unusual News - ScottFromWyoming - Apr 24, 2018 - 8:43pm
 
Photography Forum - Your Own Photos; Please Limit to 510 ... - fractalv - Apr 24, 2018 - 8:21pm
 
Baseball, anyone? - Red_Dragon - Apr 24, 2018 - 7:52pm
 
OUR CATS!! - haresfur - Apr 24, 2018 - 6:00pm
 
Strips, cartoons, illustrations - R_P - Apr 24, 2018 - 4:33pm
 
RP Daily Trivia Challenge - katzendogs - Apr 24, 2018 - 4:00pm
 
Favorite Quotes - Proclivities - Apr 24, 2018 - 1:35pm
 
Race in America - meower - Apr 24, 2018 - 11:43am
 
songs that ROCK! - ptooey - Apr 24, 2018 - 10:37am
 
The Image Post - kctomato - Apr 24, 2018 - 9:51am
 
Jazz - rhahl - Apr 24, 2018 - 8:12am
 
Mixtape Culture Club - maryte - Apr 24, 2018 - 5:55am
 
Error: Could not retrieve offline list - alvaro - Apr 24, 2018 - 5:21am
 
FLAC Roll Out - marco79cgn - Apr 24, 2018 - 4:16am
 
Counting with Pictures - ScottN - Apr 23, 2018 - 8:49pm
 
TV shows you watch - FourFortyEight - Apr 23, 2018 - 8:21pm
 
Those Lovable Policemen - FourFortyEight - Apr 23, 2018 - 7:53pm
 
One Partying State - Wyoming News - ptooey - Apr 23, 2018 - 5:17pm
 
Permanently twinkling eyes - haresfur - Apr 23, 2018 - 3:44pm
 
Freedom of speech? - Steely_D - Apr 23, 2018 - 3:16pm
 
Celebrity Face Recognition - lily34 - Apr 23, 2018 - 11:17am
 
Humane mouse trap? - miamizsun - Apr 23, 2018 - 5:40am
 
Vinyl Only Spin List - kurtster - Apr 22, 2018 - 9:29pm
 
What's Your Dream Job? - haresfur - Apr 22, 2018 - 6:33pm
 
What are you doing RIGHT NOW? - helenofjoy - Apr 22, 2018 - 2:23pm
 
NETFLIX - Alexandra - Apr 22, 2018 - 1:39pm
 
Country Up The Bumpkin - sirdroseph - Apr 22, 2018 - 12:06pm
 
What Makes You Sad? - oldviolin - Apr 22, 2018 - 10:48am
 
Name My Band - oldviolin - Apr 22, 2018 - 10:43am
 
What are you listening to now? - SeriousLee - Apr 22, 2018 - 9:22am
 
Celebrity Deaths - islander - Apr 22, 2018 - 7:42am
 
Poetry Forum - Antigone - Apr 22, 2018 - 6:53am
 
Outstanding Covers - rhahl - Apr 22, 2018 - 5:10am
 
The Prince topic - Steely_D - Apr 22, 2018 - 12:00am
 
Syria - R_P - Apr 21, 2018 - 10:54pm
 
Beer - ScottFromWyoming - Apr 21, 2018 - 9:54pm
 
Lyrics that strike a chord today... - sirdroseph - Apr 21, 2018 - 9:10pm
 
Military Matters - R_P - Apr 21, 2018 - 8:27pm
 
Show Us Your Tats! - Red_Dragon - Apr 21, 2018 - 6:39pm
 
Republican Party - R_P - Apr 21, 2018 - 6:10pm
 
Electronic Music - R_P - Apr 21, 2018 - 5:52pm
 
260,000 Posts in one thread? - SeriousLee - Apr 21, 2018 - 5:34pm
 
RP Oasis...the bar is open. - chagas.carla - Apr 21, 2018 - 2:01pm
 
Back to the 10's - rhahl - Apr 21, 2018 - 8:25am
 
RPeep News You Should Know - islander - Apr 21, 2018 - 8:06am
 
RP App for Android - Tominthevan - Apr 21, 2018 - 7:42am
 
New storage Cache feature - BillG - Apr 21, 2018 - 6:55am
 
Guns - Lazy8 - Apr 20, 2018 - 8:41pm
 
Is the system down? - haresfur - Apr 20, 2018 - 6:36pm
 
Protest Songs - rhahl - Apr 20, 2018 - 4:20pm
 
Movie Quote - SeriousLee - Apr 20, 2018 - 3:14pm
 
Flower Pictures - Antigone - Apr 20, 2018 - 3:05pm
 
Democratic Party - Lazy8 - Apr 20, 2018 - 2:42pm
 
Index » Radio Paradise/General » General Discussion » Computer virus talk Page: 1, 2, 3, 4, 5  Next
Post to this Topic
miamizsun

miamizsun Avatar

Location: (3261.3 Miles SE of RP)
Gender: Male


Posted: Mar 5, 2018 - 5:05am

seems my security software suite has become more aggressive

i've noticed a few more sites blocked or just parked/semi-blank screen

{#Ask}

Vuurdraak

Vuurdraak Avatar



Posted: Jan 8, 2018 - 2:05am

Reading through all the Meltdown & Spectre drama, I have found another devastating security bug for Intel based computers, where they can hack your machine even if it is turned off (but plugged in to the power mains)

https://www.wired.com/story/intel-management-engine-vulnerabilities-pcs-servers-iot/?mbid=BottomRelatedStories

It is starting to look that if you want a PC that is not riddled with security holes left right and center, that you do not want to buy an Intel CPU.
Vuurdraak

Vuurdraak Avatar



Posted: Jan 5, 2018 - 3:17pm

Meltdown + slowdown for Intel CPU's :D funny

 (secretly laughs at all the people who where laughing at my AMD FX 8370e CPU, who never seen an FX use Wine + CSMT in Linux that kill core i3's with 4x the frame rate, running windows games in Linux)

(Sarcasm mode on) Such bad CPU's from AMD (Sarcasm mode off)

——

I just noticed this use full mitigation for Chrome & Chromium browsers:

Since this exploit can be executed through the website, Chrome users can turn on Site Isolation feature on their devices to mitigate these flaws.
 
Here's how to turn Site Isolation on Windows, Mac, Linux, Chrome OS or Android:
  • Copy chrome://flags/#enable-site-per-process and paste it into the URL field at the top of your Chrome web browser, and then hit the Enter key.
  • Look for Strict Site Isolation, then click the box labeled Enable.
  • Once done, hit Relaunch Now to relaunch your Chrome browser.

 

——

In Firefox people can use extentions like No script or Script safe, to block javascript by default from unknown sources, it's not a full mitigation as a known website can still be hacked and serve bad code, but it's better then nothing.

https://addons.mozilla.org/en-US/firefox/addon/noscript/

https://addons.mozilla.org/en-US/firefox/addon/no-script-suite-lite-revived/

https://addons.mozilla.org/en-US/firefox/addon/script-safe/


—-> latest news on it —>

Early reporting on the issue before full details were disclosed does not provide a full view of vulnerable targets. The bounds check bypass can be exploited on Intel, AMD, and ARM processors without privilege escalation, allowing programs to read memory addresses inside their own processes. A JavaScript proof-of-concept of this exploit was developed by researchers, which is capable of reading the memory of the host browser process. The bounds check bypass has also been shown to read kernel memory on Intel and AMD processors. Importantly, this does not work on AMD processors in default configurations. The proof-of-concept requires BPF JIT to be manually enabled in the Linux kernel for AMD processors. (It is not, by default.) The tested Intel processor was vulnerable independent of the BPF JIT setting.

AMD processors appear to not be vulnerable to branch target injections, with the company claiming a "near zero" risk, noting that there has not yet been any demonstrated vulnerability. Additionally, the researchers note that AMD and ARM processors are not vulnerable to Meltdown. A previously submitted patch to the Linux kernel to address Meltdown has been modified to exclude AMD.

That patch is causing considerable consternation, as Intel processors are all affected by Meltdown and Spectre (except for Atom processors before 2013, and the Itanium series). The workarounds to prevent memory from being improperly read on Intel processors result in performance regressions. Early estimates were quite harsh, though real-world impact has been lower than the 30% figure bandied about thus far. Naturally, all performance is workload-dependent, though noted benchmarking website Phoronix has measured VM performance regression at roughly 10% for Redis, Apache, and PostgreSQL, with higher numbers for synthetic tests like Stress-NG, and negligible change for Himeno and Parboil.


—- Joke —-
Intel Engineer Bob:  Hey look I got a way to make our Branch Target Buffer contain twice as many entries as an AMD CPU
Intel Engineer Alice: That's not possible is it ?
Intel Engineer Bob:  Of cause it is, we just safe only halve of the target and source address of the predicted jump in to our BTB
Intel Engineer Alice: But won't that cause potential collisions, so that a rogue program can read kernel memory, passwords etc ?
Intel Engineer Bob:  Ah no worries, by the time they notice it we already have sold the CPU's and they will think ours are much faster.

double face palm when one face palm is not enough


cc_rider
Strange but not a stranger.
cc_rider Avatar

Location: Bastrop
Gender: Male
Zodiac: Cancer
Chinese Yr: Snake


Posted: Jan 4, 2018 - 8:55am

 ScottFromWyoming wrote:

How do I know if my PC is at risk?

Short answer: It is.
 

So, what can I do?

Not much besides updating your PC with Meltdown patches issued by operating system makers. Since the issue is such a deeply technical one there isn’t anything users can do to mitigate the potential issue other than wait for a fix to arrive. Definitely make sure you’re running security software in the meantime—advice that Intel also stresses.

Do you know when a fix will come?

It’s already here for Windows, Mac, and Chromebook users.

Microsoft pushed out a Windows update protecting against Meltdown on January 3, the day that the CPU exploits hit headlines. Updates issued outside of Microsoft’s monthly “Patch Tuesdays” are rare, underlining the severity of this issue.

Apple quietly protected against Meltdown in macOS High Sierra 10.13.2, which released on December 6, according to developer Alex Ionescu. Additional safeguards will be found in macOS 10.13.3, he says.



 
Lovely. Thanks for validating this.
c.
ScottFromWyoming
I eat pints
ScottFromWyoming Avatar

Location: Powell
Gender: Male
Zodiac: Pisces
Chinese Yr: Tiger


Posted: Jan 4, 2018 - 8:44am

 cc_rider wrote:
In the headlines today: "Experts: Security flaws put virtually all phones, computers at risk"

Is this for real? Ugh.

 

How do I know if my PC is at risk?

Short answer: It is.
 

So, what can I do?

Not much besides updating your PC with Meltdown patches issued by operating system makers. Since the issue is such a deeply technical one there isn’t anything users can do to mitigate the potential issue other than wait for a fix to arrive. Definitely make sure you’re running security software in the meantime—advice that Intel also stresses.

Do you know when a fix will come?

It’s already here for Windows, Mac, and Chromebook users.

Microsoft pushed out a Windows update protecting against Meltdown on January 3, the day that the CPU exploits hit headlines. Updates issued outside of Microsoft’s monthly “Patch Tuesdays” are rare, underlining the severity of this issue.

Apple quietly protected against Meltdown in macOS High Sierra 10.13.2, which released on December 6, according to developer Alex Ionescu. Additional safeguards will be found in macOS 10.13.3, he says.


cc_rider
Strange but not a stranger.
cc_rider Avatar

Location: Bastrop
Gender: Male
Zodiac: Cancer
Chinese Yr: Snake


Posted: Jan 4, 2018 - 8:28am

In the headlines today: "Experts: Security flaws put virtually all phones, computers at risk"

Is this for real? Ugh.
Red_Dragon

Red_Dragon Avatar



Posted: May 12, 2017 - 12:36pm

Malware, described in leaked NSA documents, cripples computers worldwide
islander
Thalassophile
islander Avatar

Location: Seattle
Gender: Male
Zodiac: Scorpio
Chinese Yr: Cock


Posted: Feb 22, 2017 - 1:56pm

 ScottFromWyoming wrote:

HA! I already have Hoefler Text!

 
But do you have Hoefler bold?
Proclivities
“If you can't control your peanut butter, you can't expect to control your life.
Proclivities Avatar

Location: Paris of the Piedmont
Gender: Male
Zodiac: Aries
Chinese Yr: Tiger


Posted: Feb 22, 2017 - 12:26pm

 ScottFromWyoming wrote:

HA! I already have Hoefler Text!

 
I've never had any site or browser tell me a specified font was not installed.
Red_Dragon

Red_Dragon Avatar



Posted: Feb 22, 2017 - 12:20pm

 ScottFromWyoming wrote:

HA! I already have Hoefler Text!

 
Of course you do!
ScottFromWyoming
I eat pints
ScottFromWyoming Avatar

Location: Powell
Gender: Male
Zodiac: Pisces
Chinese Yr: Tiger


Posted: Feb 22, 2017 - 12:14pm

 Red_Dragon wrote: 
HA! I already have Hoefler Text!
Red_Dragon

Red_Dragon Avatar



Posted: Feb 22, 2017 - 11:57am

New Chrome hack prompts users to download ‘missing font’ to sneak in malware
DaveInVA
Single, unwanted, unloved eccentric, crusty ol' fart with cats
DaveInVA Avatar

Location: In a hovel in effluent Damnville, VA
Gender: Male


Posted: Apr 18, 2016 - 5:56am

Homeland Security warns Windows PC users to uninstall Quicktime


Red_Dragon

Red_Dragon Avatar



Posted: Dec 24, 2013 - 11:28am

ransomware...
miamizsun

miamizsun Avatar

Location: (3261.3 Miles SE of RP)
Gender: Male


Posted: Jan 13, 2013 - 6:23am

 ScottFromWyoming wrote:

Did they just not mention mac because they don't serve the Mac market, or Macs haven't been targeted/detected yet... because Mac systems are potentially just as vulnerable (if the user is an admin, I assume)...

 
i run windows and mac and as i understand it they consider mac a flavor of linux

and they do have a version of their AV for macs too

i've been using avira for quite some time on windows and on my mac since i got it (ten months ago) with great results

and the personal version is free

p.s. i'm not clear on the mac OS targeting yet, however i'd like to believe that they're on it {#Wink}


ScottFromWyoming
I eat pints
ScottFromWyoming Avatar

Location: Powell
Gender: Male
Zodiac: Pisces
Chinese Yr: Tiger


Posted: Jan 13, 2013 - 5:19am

 miamizsun wrote:

...Java zero-day vulnerability, which allows hackers to inject malicious code into even fully-patched Windows or Linux computer operating systems.

 
Did they just not mention mac because they don't serve the Mac market, or Macs haven't been targeted/detected yet... because Mac systems are potentially just as vulnerable (if the user is an admin, I assume)...
miamizsun

miamizsun Avatar

Location: (3261.3 Miles SE of RP)
Gender: Male


Posted: Jan 13, 2013 - 5:15am

 ScottFromWyoming wrote:

Computer Users Should Disable Java 7 Owing To Security Flaw, Experts Say

Millions of computer users who run the most recent versions of Oracle's Java software should disable the product owing to security flaws, says the cybersecurity section of the Department of Homeland Security. The agency says, "Web browsers using the Java 7 plug-in are at high risk."

For our Newscast desk, Steve Henn filed a report from Silicon Valley in which he says that "in the last few months security researchers have discovered a series of bugs that can allow bad actors to take over machines that are running Java in a Web browser and steal your identity."

Those bugs can be exploited to allow hackers' programs to give themselves full security privileges, according to a "vulnerability note" posted by Carnegie Mellon University's CERT computer security site.

"Oracle Java 7 update 10 and earlier are affected," the notice says. It adds that the only known solution is to "disable Java in web browsers."

{.... more at link}

 
thx scott {#Biggrin}

i saw this and shortly after i got this email (regarding my situation)

Saturday, January 12, 2013

Avira Security Software Detects Java 7 Exploits

Users Can Relax... A Little Bit

Tettnang, Germany —- January 12, 2013 – Security expert Avira announced today that all of its antivirus and security software products have been updated to detect the latest Java 7 zero-day exploits.

Millions of computer users are at risk from the Java zero-day vulnerability, which allows hackers to inject malicious code into even fully-patched Windows or Linux computer operating systems.

Fortunately, Avira customers can relax a bit as all Avira software products now protect against generic exploits of the Java 7 vulnerability. Although detecting the exploits does not fix the Java 7 flaw, it keeps Avira customers safe from having their computers used in potentially malicious actions and from losing their private data.

"Whenever a vulnerability like this is discovered – especially when it is in a widely distributed software like Java – the bad guys are quick to write exploits that take advantage of the flaw," said Sorin Mustaca, IT security expert at Avira. "While Oracle ultimately needs to patch Java, in the meantime we can at least prevent our customers from falling victim to the exploits."

Links



ScottFromWyoming
I eat pints
ScottFromWyoming Avatar

Location: Powell
Gender: Male
Zodiac: Pisces
Chinese Yr: Tiger


Posted: Jan 12, 2013 - 1:00am

Computer Users Should Disable Java 7 Owing To Security Flaw, Experts Say

Millions of computer users who run the most recent versions of Oracle's Java software should disable the product owing to security flaws, says the cybersecurity section of the Department of Homeland Security. The agency says, "Web browsers using the Java 7 plug-in are at high risk."

For our Newscast desk, Steve Henn filed a report from Silicon Valley in which he says that "in the last few months security researchers have discovered a series of bugs that can allow bad actors to take over machines that are running Java in a Web browser and steal your identity."

Those bugs can be exploited to allow hackers' programs to give themselves full security privileges, according to a "vulnerability note" posted by Carnegie Mellon University's CERT computer security site.

"Oracle Java 7 update 10 and earlier are affected," the notice says. It adds that the only known solution is to "disable Java in web browsers."

{.... more at link} 


olivertwist

olivertwist Avatar

Location: Atlanta GA
Gender: Male


Posted: Jul 8, 2012 - 1:11pm

 Manbird wrote:
Check your 'puter for the DNS Changer virus here. Or don't. Who cares. 

 

I got a green light. Phew. {#Propeller}
Manbird
Offal Makes Me Strong! Strong! Strong! W
Manbird Avatar

Location: Oroville, Ca
Gender: Male
Zodiac: Virgo


Posted: Jul 8, 2012 - 12:55pm

Check your 'puter for the DNS Changer virus here. Or don't. Who cares. 
Page: 1, 2, 3, 4, 5  Next