Baseball, anyone? - ScottFromWyoming - Jul 22, 2018 - 9:41am
 
Photos you haven't taken of yourself - Antigone - Jul 22, 2018 - 8:18am
 
Vinyl Only Spin List - kurtster - Jul 22, 2018 - 8:16am
 
illegal immigrants - Lazy8 - Jul 22, 2018 - 8:16am
 
Trump - Red_Dragon - Jul 22, 2018 - 8:07am
 
Strips, cartoons, illustrations - Red_Dragon - Jul 22, 2018 - 7:50am
 
What are you listening to now? - SeriousLee - Jul 22, 2018 - 5:49am
 
Counting with Pictures - SeriousLee - Jul 22, 2018 - 5:18am
 
RP App for Android - Alaindelon - Jul 22, 2018 - 2:02am
 
TWO WORDS - oldviolin - Jul 21, 2018 - 11:22pm
 
Trade War - NoEnzLefttoSplit - Jul 21, 2018 - 11:17pm
 
WikiLeaks - kurtster - Jul 21, 2018 - 7:49pm
 
Audio quality and compression filters - kurtster - Jul 21, 2018 - 7:13pm
 
What Makes You Laugh? - Antigone - Jul 21, 2018 - 5:14pm
 
What did you have for dinner? - Antigone - Jul 21, 2018 - 3:41pm
 
ENGLAND calling - JohnActon - Jul 21, 2018 - 1:34pm
 
What Did You See Today? - Antigone - Jul 21, 2018 - 9:26am
 
First World Problems - westslope - Jul 21, 2018 - 9:01am
 
Radio Paradise Comments - Coaxial - Jul 21, 2018 - 8:21am
 
What Are You Going To Do Today? - lily34 - Jul 21, 2018 - 7:36am
 
Mixtape Culture Club - sirdroseph - Jul 21, 2018 - 4:42am
 
What Makes You Cry :) ? - Antigone - Jul 20, 2018 - 5:47pm
 
ONE WORD - oldviolin - Jul 20, 2018 - 5:25pm
 
THREE WORDS - oldviolin - Jul 20, 2018 - 5:23pm
 
FOUR WORDS - oldviolin - Jul 20, 2018 - 5:23pm
 
More reggae, less Marley please - R_P - Jul 20, 2018 - 4:57pm
 
Bug Reports & Feature Requests - coupster - Jul 20, 2018 - 1:18pm
 
Things that make you go Hmmmm..... - Proclivities - Jul 20, 2018 - 1:16pm
 
Name My Band - SeriousLee - Jul 20, 2018 - 12:42pm
 
What are you doing RIGHT NOW? - SeriousLee - Jul 20, 2018 - 12:38pm
 
The Masked... - Proclivities - Jul 20, 2018 - 10:06am
 
Food - Proclivities - Jul 20, 2018 - 9:38am
 
What makes you smile? - Red_Dragon - Jul 19, 2018 - 5:58pm
 
Republican Party - Red_Dragon - Jul 19, 2018 - 5:04pm
 
Things You Thought Today - Antigone - Jul 19, 2018 - 4:11pm
 
Before and After - Proclivities - Jul 19, 2018 - 1:13pm
 
Old Time and Folk - rhahl - Jul 19, 2018 - 12:31pm
 
Fun - Proclivities - Jul 19, 2018 - 9:11am
 
All Dogs Go To Heaven - Dog Pix - Prodigal_SOB - Jul 19, 2018 - 7:29am
 
RPeep News You Should Know - Coaxial - Jul 19, 2018 - 5:58am
 
RP Daily Trivia Challenge - maryte - Jul 19, 2018 - 5:24am
 
The House I Want (Today) - Antigone - Jul 19, 2018 - 2:52am
 
misheard lyrics - NoEnzLefttoSplit - Jul 18, 2018 - 11:06pm
 
BACK TO THE 80's - ScottFromWyoming - Jul 18, 2018 - 11:20am
 
Breaking News - westslope - Jul 18, 2018 - 9:18am
 
Avatars - SomersetBob - Jul 18, 2018 - 8:55am
 
Today in History - Red_Dragon - Jul 18, 2018 - 6:20am
 
Song Overlap on app on iPhone 5S - SomersetBob - Jul 18, 2018 - 3:06am
 
Iain Banks or Iain M Banks - Johnny_Alpha - Jul 18, 2018 - 1:15am
 
Iain Banks or Iain M Banks - Johnny_Alpha - Jul 18, 2018 - 1:15am
 
Celebrity Face Recognition - oldviolin - Jul 17, 2018 - 8:12pm
 
Talk Behind Their Backs Forum - lily34 - Jul 17, 2018 - 7:15pm
 
On this day: 1991, Freddie Mercury dies - Red_Dragon - Jul 17, 2018 - 7:13pm
 
I don't think they know what that word means... - Coaxial - Jul 17, 2018 - 1:19pm
 
OUR CATS!! - ScottFromWyoming - Jul 17, 2018 - 7:37am
 
• • •  What's For Dinner ? • • •  - Antigone - Jul 16, 2018 - 4:04pm
 
Happy 40th Anniversary, Queen! - haresfur - Jul 16, 2018 - 3:15pm
 
Museum Of Bad Album Covers - haresfur - Jul 16, 2018 - 3:05pm
 
What makes you angry? - haresfur - Jul 16, 2018 - 3:01pm
 
New Music - black321 - Jul 16, 2018 - 8:09am
 
Football, soccer, futbol, calcio... - haresfur - Jul 15, 2018 - 5:23pm
 
Guns - Steely_D - Jul 15, 2018 - 12:26pm
 
Free Mp3s - R_P - Jul 15, 2018 - 12:14pm
 
The Image Post - SeriousLee - Jul 15, 2018 - 6:53am
 
Chromecast support please! - jarro - Jul 15, 2018 - 12:53am
 
Classical Music - NoEnzLefttoSplit - Jul 14, 2018 - 11:34pm
 
Beer - sirdroseph - Jul 14, 2018 - 1:01pm
 
Home repair, maintenance, and other headaches - Alexandra - Jul 14, 2018 - 9:03am
 
What Makes You Sad? - Red_Dragon - Jul 14, 2018 - 7:07am
 
Best Song Comments. - NoEnzLefttoSplit - Jul 14, 2018 - 1:27am
 
Error: Could not retrieve offline list - BillG - Jul 13, 2018 - 5:48pm
 
How's the weather? - Rockit9 - Jul 13, 2018 - 5:34pm
 
Your favorite tshirts - Red_Dragon - Jul 13, 2018 - 3:14pm
 
New Echo (Alexa) Skill - Red_Dragon - Jul 13, 2018 - 3:11pm
 
Testing your Metal? - Proclivities - Jul 13, 2018 - 10:36am
 
Index » Radio Paradise/General » General Discussion » Computer virus talk Page: 1, 2, 3, 4, 5  Next
Post to this Topic
miamizsun

miamizsun Avatar

Location: (3261.3 Miles SE of RP)
Gender: Male


Posted: Mar 5, 2018 - 5:05am

seems my security software suite has become more aggressive

i've noticed a few more sites blocked or just parked/semi-blank screen

{#Ask}

Vuurdraak

Vuurdraak Avatar



Posted: Jan 8, 2018 - 2:05am

Reading through all the Meltdown & Spectre drama, I have found another devastating security bug for Intel based computers, where they can hack your machine even if it is turned off (but plugged in to the power mains)

https://www.wired.com/story/intel-management-engine-vulnerabilities-pcs-servers-iot/?mbid=BottomRelatedStories

It is starting to look that if you want a PC that is not riddled with security holes left right and center, that you do not want to buy an Intel CPU.
Vuurdraak

Vuurdraak Avatar



Posted: Jan 5, 2018 - 3:17pm

Meltdown + slowdown for Intel CPU's :D funny

 (secretly laughs at all the people who where laughing at my AMD FX 8370e CPU, who never seen an FX use Wine + CSMT in Linux that kill core i3's with 4x the frame rate, running windows games in Linux)

(Sarcasm mode on) Such bad CPU's from AMD (Sarcasm mode off)

——

I just noticed this use full mitigation for Chrome & Chromium browsers:

Since this exploit can be executed through the website, Chrome users can turn on Site Isolation feature on their devices to mitigate these flaws.
 
Here's how to turn Site Isolation on Windows, Mac, Linux, Chrome OS or Android:
  • Copy chrome://flags/#enable-site-per-process and paste it into the URL field at the top of your Chrome web browser, and then hit the Enter key.
  • Look for Strict Site Isolation, then click the box labeled Enable.
  • Once done, hit Relaunch Now to relaunch your Chrome browser.

 

——

In Firefox people can use extentions like No script or Script safe, to block javascript by default from unknown sources, it's not a full mitigation as a known website can still be hacked and serve bad code, but it's better then nothing.

https://addons.mozilla.org/en-US/firefox/addon/noscript/

https://addons.mozilla.org/en-US/firefox/addon/no-script-suite-lite-revived/

https://addons.mozilla.org/en-US/firefox/addon/script-safe/


—-> latest news on it —>

Early reporting on the issue before full details were disclosed does not provide a full view of vulnerable targets. The bounds check bypass can be exploited on Intel, AMD, and ARM processors without privilege escalation, allowing programs to read memory addresses inside their own processes. A JavaScript proof-of-concept of this exploit was developed by researchers, which is capable of reading the memory of the host browser process. The bounds check bypass has also been shown to read kernel memory on Intel and AMD processors. Importantly, this does not work on AMD processors in default configurations. The proof-of-concept requires BPF JIT to be manually enabled in the Linux kernel for AMD processors. (It is not, by default.) The tested Intel processor was vulnerable independent of the BPF JIT setting.

AMD processors appear to not be vulnerable to branch target injections, with the company claiming a "near zero" risk, noting that there has not yet been any demonstrated vulnerability. Additionally, the researchers note that AMD and ARM processors are not vulnerable to Meltdown. A previously submitted patch to the Linux kernel to address Meltdown has been modified to exclude AMD.

That patch is causing considerable consternation, as Intel processors are all affected by Meltdown and Spectre (except for Atom processors before 2013, and the Itanium series). The workarounds to prevent memory from being improperly read on Intel processors result in performance regressions. Early estimates were quite harsh, though real-world impact has been lower than the 30% figure bandied about thus far. Naturally, all performance is workload-dependent, though noted benchmarking website Phoronix has measured VM performance regression at roughly 10% for Redis, Apache, and PostgreSQL, with higher numbers for synthetic tests like Stress-NG, and negligible change for Himeno and Parboil.


—- Joke —-
Intel Engineer Bob:  Hey look I got a way to make our Branch Target Buffer contain twice as many entries as an AMD CPU
Intel Engineer Alice: That's not possible is it ?
Intel Engineer Bob:  Of cause it is, we just safe only halve of the target and source address of the predicted jump in to our BTB
Intel Engineer Alice: But won't that cause potential collisions, so that a rogue program can read kernel memory, passwords etc ?
Intel Engineer Bob:  Ah no worries, by the time they notice it we already have sold the CPU's and they will think ours are much faster.

double face palm when one face palm is not enough


cc_rider

cc_rider Avatar

Location: Bastrop
Gender: Male


Posted: Jan 4, 2018 - 8:55am

 ScottFromWyoming wrote:

How do I know if my PC is at risk?

Short answer: It is.
 

So, what can I do?

Not much besides updating your PC with Meltdown patches issued by operating system makers. Since the issue is such a deeply technical one there isn’t anything users can do to mitigate the potential issue other than wait for a fix to arrive. Definitely make sure you’re running security software in the meantime—advice that Intel also stresses.

Do you know when a fix will come?

It’s already here for Windows, Mac, and Chromebook users.

Microsoft pushed out a Windows update protecting against Meltdown on January 3, the day that the CPU exploits hit headlines. Updates issued outside of Microsoft’s monthly “Patch Tuesdays” are rare, underlining the severity of this issue.

Apple quietly protected against Meltdown in macOS High Sierra 10.13.2, which released on December 6, according to developer Alex Ionescu. Additional safeguards will be found in macOS 10.13.3, he says.



 
Lovely. Thanks for validating this.
c.
ScottFromWyoming

ScottFromWyoming Avatar

Location: Powell
Gender: Male


Posted: Jan 4, 2018 - 8:44am

 cc_rider wrote:
In the headlines today: "Experts: Security flaws put virtually all phones, computers at risk"

Is this for real? Ugh.

 

How do I know if my PC is at risk?

Short answer: It is.
 

So, what can I do?

Not much besides updating your PC with Meltdown patches issued by operating system makers. Since the issue is such a deeply technical one there isn’t anything users can do to mitigate the potential issue other than wait for a fix to arrive. Definitely make sure you’re running security software in the meantime—advice that Intel also stresses.

Do you know when a fix will come?

It’s already here for Windows, Mac, and Chromebook users.

Microsoft pushed out a Windows update protecting against Meltdown on January 3, the day that the CPU exploits hit headlines. Updates issued outside of Microsoft’s monthly “Patch Tuesdays” are rare, underlining the severity of this issue.

Apple quietly protected against Meltdown in macOS High Sierra 10.13.2, which released on December 6, according to developer Alex Ionescu. Additional safeguards will be found in macOS 10.13.3, he says.


cc_rider

cc_rider Avatar

Location: Bastrop
Gender: Male


Posted: Jan 4, 2018 - 8:28am

In the headlines today: "Experts: Security flaws put virtually all phones, computers at risk"

Is this for real? Ugh.
Red_Dragon

Red_Dragon Avatar



Posted: May 12, 2017 - 12:36pm

Malware, described in leaked NSA documents, cripples computers worldwide
islander

islander Avatar

Location: Seattle
Gender: Male


Posted: Feb 22, 2017 - 1:56pm

 ScottFromWyoming wrote:

HA! I already have Hoefler Text!

 
But do you have Hoefler bold?
Proclivities

Proclivities Avatar

Location: Paris of the Piedmont
Gender: Male


Posted: Feb 22, 2017 - 12:26pm

 ScottFromWyoming wrote:

HA! I already have Hoefler Text!

 
I've never had any site or browser tell me a specified font was not installed.
Red_Dragon

Red_Dragon Avatar



Posted: Feb 22, 2017 - 12:20pm

 ScottFromWyoming wrote:

HA! I already have Hoefler Text!

 
Of course you do!
ScottFromWyoming

ScottFromWyoming Avatar

Location: Powell
Gender: Male


Posted: Feb 22, 2017 - 12:14pm

 Red_Dragon wrote: 
HA! I already have Hoefler Text!
Red_Dragon

Red_Dragon Avatar



Posted: Feb 22, 2017 - 11:57am

New Chrome hack prompts users to download ‘missing font’ to sneak in malware
DaveInVA

DaveInVA Avatar

Location: In a hovel in effluent Damnville, VA
Gender: Male


Posted: Apr 18, 2016 - 5:56am

Homeland Security warns Windows PC users to uninstall Quicktime


Red_Dragon

Red_Dragon Avatar



Posted: Dec 24, 2013 - 11:28am

ransomware...
miamizsun

miamizsun Avatar

Location: (3261.3 Miles SE of RP)
Gender: Male


Posted: Jan 13, 2013 - 6:23am

 ScottFromWyoming wrote:

Did they just not mention mac because they don't serve the Mac market, or Macs haven't been targeted/detected yet... because Mac systems are potentially just as vulnerable (if the user is an admin, I assume)...

 
i run windows and mac and as i understand it they consider mac a flavor of linux

and they do have a version of their AV for macs too

i've been using avira for quite some time on windows and on my mac since i got it (ten months ago) with great results

and the personal version is free

p.s. i'm not clear on the mac OS targeting yet, however i'd like to believe that they're on it {#Wink}


ScottFromWyoming

ScottFromWyoming Avatar

Location: Powell
Gender: Male


Posted: Jan 13, 2013 - 5:19am

 miamizsun wrote:

...Java zero-day vulnerability, which allows hackers to inject malicious code into even fully-patched Windows or Linux computer operating systems.

 
Did they just not mention mac because they don't serve the Mac market, or Macs haven't been targeted/detected yet... because Mac systems are potentially just as vulnerable (if the user is an admin, I assume)...
miamizsun

miamizsun Avatar

Location: (3261.3 Miles SE of RP)
Gender: Male


Posted: Jan 13, 2013 - 5:15am

 ScottFromWyoming wrote:

Computer Users Should Disable Java 7 Owing To Security Flaw, Experts Say

Millions of computer users who run the most recent versions of Oracle's Java software should disable the product owing to security flaws, says the cybersecurity section of the Department of Homeland Security. The agency says, "Web browsers using the Java 7 plug-in are at high risk."

For our Newscast desk, Steve Henn filed a report from Silicon Valley in which he says that "in the last few months security researchers have discovered a series of bugs that can allow bad actors to take over machines that are running Java in a Web browser and steal your identity."

Those bugs can be exploited to allow hackers' programs to give themselves full security privileges, according to a "vulnerability note" posted by Carnegie Mellon University's CERT computer security site.

"Oracle Java 7 update 10 and earlier are affected," the notice says. It adds that the only known solution is to "disable Java in web browsers."

{.... more at link}

 
thx scott {#Biggrin}

i saw this and shortly after i got this email (regarding my situation)

Saturday, January 12, 2013

Avira Security Software Detects Java 7 Exploits

Users Can Relax... A Little Bit

Tettnang, Germany —- January 12, 2013 – Security expert Avira announced today that all of its antivirus and security software products have been updated to detect the latest Java 7 zero-day exploits.

Millions of computer users are at risk from the Java zero-day vulnerability, which allows hackers to inject malicious code into even fully-patched Windows or Linux computer operating systems.

Fortunately, Avira customers can relax a bit as all Avira software products now protect against generic exploits of the Java 7 vulnerability. Although detecting the exploits does not fix the Java 7 flaw, it keeps Avira customers safe from having their computers used in potentially malicious actions and from losing their private data.

"Whenever a vulnerability like this is discovered – especially when it is in a widely distributed software like Java – the bad guys are quick to write exploits that take advantage of the flaw," said Sorin Mustaca, IT security expert at Avira. "While Oracle ultimately needs to patch Java, in the meantime we can at least prevent our customers from falling victim to the exploits."

Links



ScottFromWyoming

ScottFromWyoming Avatar

Location: Powell
Gender: Male


Posted: Jan 12, 2013 - 1:00am

Computer Users Should Disable Java 7 Owing To Security Flaw, Experts Say

Millions of computer users who run the most recent versions of Oracle's Java software should disable the product owing to security flaws, says the cybersecurity section of the Department of Homeland Security. The agency says, "Web browsers using the Java 7 plug-in are at high risk."

For our Newscast desk, Steve Henn filed a report from Silicon Valley in which he says that "in the last few months security researchers have discovered a series of bugs that can allow bad actors to take over machines that are running Java in a Web browser and steal your identity."

Those bugs can be exploited to allow hackers' programs to give themselves full security privileges, according to a "vulnerability note" posted by Carnegie Mellon University's CERT computer security site.

"Oracle Java 7 update 10 and earlier are affected," the notice says. It adds that the only known solution is to "disable Java in web browsers."

{.... more at link} 


olivertwist

olivertwist Avatar

Location: Atlanta GA
Gender: Male


Posted: Jul 8, 2012 - 1:11pm

 Manbird wrote:
Check your 'puter for the DNS Changer virus here. Or don't. Who cares. 

 

I got a green light. Phew. {#Propeller}
Manbird

Manbird Avatar

Location: Oroville, Ca
Gender: Male


Posted: Jul 8, 2012 - 12:55pm

Check your 'puter for the DNS Changer virus here. Or don't. Who cares. 
Page: 1, 2, 3, 4, 5  Next