Counting with Pictures - ScottN - Jan 22, 2018 - 11:47pm
 
Surfing! - Coaxial - Jan 22, 2018 - 7:58pm
 
Music News - Red_Dragon - Jan 22, 2018 - 7:43pm
 
Trump - kurtster - Jan 22, 2018 - 6:41pm
 
Tomato-philes - Coaxial - Jan 22, 2018 - 6:20pm
 
Poll: Do You Sleep to RP? - JrzyTmata - Jan 22, 2018 - 4:24pm
 
'Til Death - Red_Dragon - Jan 22, 2018 - 4:02pm
 
Government Shutdown - haresfur - Jan 22, 2018 - 3:27pm
 
BillyGee's Greatest Segues - haresfur - Jan 22, 2018 - 3:17pm
 
Photography Forum - Your Own Photos; Please Limit to 510 ... - ScottFromWyoming - Jan 22, 2018 - 1:28pm
 
I'm not watching the SuperBowl! And I'm NOT GONNA NEITHER... - ScottFromWyoming - Jan 22, 2018 - 1:23pm
 
Political Myths - ScottFromWyoming - Jan 22, 2018 - 12:20pm
 
Derplahoma Questions and Points of Interest - ScottFromWyoming - Jan 22, 2018 - 11:58am
 
NASA & other news from space - miamizsun - Jan 22, 2018 - 11:23am
 
Things that make you go Hmmmm..... - Steely_D - Jan 22, 2018 - 8:43am
 
FLAC stream - useanaim - Jan 22, 2018 - 7:28am
 
The Image Post - islander - Jan 22, 2018 - 7:22am
 
Radio Paradise Comments - islander - Jan 22, 2018 - 7:17am
 
Today in History - Red_Dragon - Jan 22, 2018 - 6:30am
 
Poetry Forum - Antigone - Jan 22, 2018 - 5:13am
 
What are you listening to now? - kurtster - Jan 22, 2018 - 12:15am
 
what else do you listen to? (RP alternatives) - jbuhl - Jan 21, 2018 - 6:18pm
 
YouTube: Music-Videos - SeriousLee - Jan 21, 2018 - 4:21pm
 
Radio Paradise NFL Pick'em Group - SeriousLee - Jan 21, 2018 - 3:06pm
 
This is amazing! - Antigone - Jan 21, 2018 - 2:48pm
 
Name My Band - SeriousLee - Jan 21, 2018 - 11:55am
 
What makes you smile? - SeriousLee - Jan 21, 2018 - 11:52am
 
What Did You Do Today? - PoundPuppy - Jan 21, 2018 - 11:52am
 
Sleepless in.... - SeriousLee - Jan 21, 2018 - 11:51am
 
What Are You Going To Do Today? - islander - Jan 21, 2018 - 9:00am
 
The Saddest Songs - maryte - Jan 21, 2018 - 8:17am
 
Coffee - miamizsun - Jan 21, 2018 - 7:23am
 
What Makes You Sad? - kurtster - Jan 21, 2018 - 6:30am
 
What Makes You Laugh? - Alexandra - Jan 20, 2018 - 8:14pm
 
Celebrity Face Recognition - Antigone - Jan 20, 2018 - 6:27pm
 
Annoying stuff. not things that piss you off, just annoyi... - SeriousLee - Jan 20, 2018 - 11:38am
 
Geeky Jokes - SeriousLee - Jan 20, 2018 - 5:55am
 
Quotations - Antigone - Jan 20, 2018 - 5:22am
 
NETFLIX - Alexandra - Jan 20, 2018 - 12:45am
 
Lyrics that strike a chord today... - SeriousLee - Jan 19, 2018 - 3:42pm
 
Radio Paradise Flac in Volumio - wtrepode - Jan 19, 2018 - 1:58pm
 
Oops! - Proclivities - Jan 19, 2018 - 12:32pm
 
Animal Resistance - pigtail - Jan 19, 2018 - 10:18am
 
OUR CATS!! - pigtail - Jan 19, 2018 - 9:45am
 
Oh, The Stupidity - Red_Dragon - Jan 19, 2018 - 8:45am
 
I SCREAM FOR ICE CREAM ! - ScottFromWyoming - Jan 19, 2018 - 7:22am
 
Outstanding Covers - JrzyTmata - Jan 19, 2018 - 5:58am
 
Canzoniere Grecanico Salentino & other musica italiana - GiorgioLIC - Jan 18, 2018 - 11:10pm
 
Things You Thought Today - islander - Jan 18, 2018 - 9:06pm
 
The Wilderness Downtown. - miamizsun - Jan 18, 2018 - 2:55pm
 
Freedom of speech? - miamizsun - Jan 18, 2018 - 12:08pm
 
Maps • Google • GeoGuessr - KurtfromLaQuinta - Jan 18, 2018 - 11:55am
 
Amazon Products (May Contain Spam) - miamizsun - Jan 18, 2018 - 11:55am
 
Pernicious Pious Proclivities Particularized Prodigiously - pigtail - Jan 18, 2018 - 11:33am
 
Mixtape Culture Club - sirdroseph - Jan 18, 2018 - 8:08am
 
End of the Journals ? - Mugro - Jan 18, 2018 - 8:04am
 
HEOS by Denon vs ... - Alchemist - Jan 17, 2018 - 11:23pm
 
RP Daily Trivia Challenge - BlueHeronDruid - Jan 17, 2018 - 6:38pm
 
Best Song Comments. - haresfur - Jan 17, 2018 - 2:52pm
 
Breaking News - Proclivities - Jan 17, 2018 - 9:35am
 
Baseball, anyone? - Red_Dragon - Jan 17, 2018 - 6:27am
 
Irony 101 - miamizsun - Jan 17, 2018 - 4:37am
 
Sick And Satired - miamizsun - Jan 17, 2018 - 4:21am
 
Reccomended System or Powered Speakers - miamizsun - Jan 17, 2018 - 4:11am
 
Little known information...maybe even facts - spammer - Jan 16, 2018 - 9:52pm
 
Crimes and Misdemeanors (not bad ones, mostly amusing) - ScottFromWyoming - Jan 16, 2018 - 8:05pm
 
Cool Photo - Proclivities - Jan 16, 2018 - 1:57pm
 
Great guitar faces - Proclivities - Jan 16, 2018 - 1:27pm
 
Capitalism and Consumerism... now what? - Red_Dragon - Jan 16, 2018 - 10:14am
 
Mobile App - Proclivities - Jan 16, 2018 - 9:31am
 
Radio Paradise on the Amazon Echo - BillG - Jan 16, 2018 - 8:50am
 
A Proposal For Haiti - cc_rider - Jan 16, 2018 - 8:38am
 
Sixth Sense and a Thankyou! - oldviolin - Jan 16, 2018 - 8:08am
 
Immigration - Red_Dragon - Jan 16, 2018 - 7:25am
 
The Obituary Page - miamizsun - Jan 16, 2018 - 6:25am
 
Index » Radio Paradise/General » General Discussion » Computer virus talk Page: 1, 2, 3, 4  Next
Post to this Topic
Vuurdraak

Vuurdraak Avatar



Posted: Jan 8, 2018 - 2:05am

Reading through all the Meltdown & Spectre drama, I have found another devastating security bug for Intel based computers, where they can hack your machine even if it is turned off (but plugged in to the power mains)

https://www.wired.com/story/intel-management-engine-vulnerabilities-pcs-servers-iot/?mbid=BottomRelatedStories

It is starting to look that if you want a PC that is not riddled with security holes left right and center, that you do not want to buy an Intel CPU.
Vuurdraak

Vuurdraak Avatar



Posted: Jan 5, 2018 - 3:17pm

Meltdown + slowdown for Intel CPU's :D funny

 (secretly laughs at all the people who where laughing at my AMD FX 8370e CPU, who never seen an FX use Wine + CSMT in Linux that kill core i3's with 4x the frame rate, running windows games in Linux)

(Sarcasm mode on) Such bad CPU's from AMD (Sarcasm mode off)

——

I just noticed this use full mitigation for Chrome & Chromium browsers:

Since this exploit can be executed through the website, Chrome users can turn on Site Isolation feature on their devices to mitigate these flaws.
 
Here's how to turn Site Isolation on Windows, Mac, Linux, Chrome OS or Android:
  • Copy chrome://flags/#enable-site-per-process and paste it into the URL field at the top of your Chrome web browser, and then hit the Enter key.
  • Look for Strict Site Isolation, then click the box labeled Enable.
  • Once done, hit Relaunch Now to relaunch your Chrome browser.

 

——

In Firefox people can use extentions like No script or Script safe, to block javascript by default from unknown sources, it's not a full mitigation as a known website can still be hacked and serve bad code, but it's better then nothing.

https://addons.mozilla.org/en-US/firefox/addon/noscript/

https://addons.mozilla.org/en-US/firefox/addon/no-script-suite-lite-revived/

https://addons.mozilla.org/en-US/firefox/addon/script-safe/


—-> latest news on it —>

Early reporting on the issue before full details were disclosed does not provide a full view of vulnerable targets. The bounds check bypass can be exploited on Intel, AMD, and ARM processors without privilege escalation, allowing programs to read memory addresses inside their own processes. A JavaScript proof-of-concept of this exploit was developed by researchers, which is capable of reading the memory of the host browser process. The bounds check bypass has also been shown to read kernel memory on Intel and AMD processors. Importantly, this does not work on AMD processors in default configurations. The proof-of-concept requires BPF JIT to be manually enabled in the Linux kernel for AMD processors. (It is not, by default.) The tested Intel processor was vulnerable independent of the BPF JIT setting.

AMD processors appear to not be vulnerable to branch target injections, with the company claiming a "near zero" risk, noting that there has not yet been any demonstrated vulnerability. Additionally, the researchers note that AMD and ARM processors are not vulnerable to Meltdown. A previously submitted patch to the Linux kernel to address Meltdown has been modified to exclude AMD.

That patch is causing considerable consternation, as Intel processors are all affected by Meltdown and Spectre (except for Atom processors before 2013, and the Itanium series). The workarounds to prevent memory from being improperly read on Intel processors result in performance regressions. Early estimates were quite harsh, though real-world impact has been lower than the 30% figure bandied about thus far. Naturally, all performance is workload-dependent, though noted benchmarking website Phoronix has measured VM performance regression at roughly 10% for Redis, Apache, and PostgreSQL, with higher numbers for synthetic tests like Stress-NG, and negligible change for Himeno and Parboil.


—- Joke —-
Intel Engineer Bob:  Hey look I got a way to make our Branch Target Buffer contain twice as many entries as an AMD CPU
Intel Engineer Alice: That's not possible is it ?
Intel Engineer Bob:  Of cause it is, we just safe only halve of the target and source address of the predicted jump in to our BTB
Intel Engineer Alice: But won't that cause potential collisions, so that a rogue program can read kernel memory, passwords etc ?
Intel Engineer Bob:  Ah no worries, by the time they notice it we already have sold the CPU's and they will think ours are much faster.

double face palm when one face palm is not enough


cc_rider
Strange but not a stranger.
cc_rider Avatar

Location: Bastrop
Gender: Male
Zodiac: Cancer
Chinese Yr: Snake


Posted: Jan 4, 2018 - 8:55am

 ScottFromWyoming wrote:

How do I know if my PC is at risk?

Short answer: It is.
 

So, what can I do?

Not much besides updating your PC with Meltdown patches issued by operating system makers. Since the issue is such a deeply technical one there isn’t anything users can do to mitigate the potential issue other than wait for a fix to arrive. Definitely make sure you’re running security software in the meantime—advice that Intel also stresses.

Do you know when a fix will come?

It’s already here for Windows, Mac, and Chromebook users.

Microsoft pushed out a Windows update protecting against Meltdown on January 3, the day that the CPU exploits hit headlines. Updates issued outside of Microsoft’s monthly “Patch Tuesdays” are rare, underlining the severity of this issue.

Apple quietly protected against Meltdown in macOS High Sierra 10.13.2, which released on December 6, according to developer Alex Ionescu. Additional safeguards will be found in macOS 10.13.3, he says.



 
Lovely. Thanks for validating this.
c.
ScottFromWyoming
I eat pints
ScottFromWyoming Avatar

Location: Powell
Gender: Male
Zodiac: Pisces
Chinese Yr: Tiger


Posted: Jan 4, 2018 - 8:44am

 cc_rider wrote:
In the headlines today: "Experts: Security flaws put virtually all phones, computers at risk"

Is this for real? Ugh.

 

How do I know if my PC is at risk?

Short answer: It is.
 

So, what can I do?

Not much besides updating your PC with Meltdown patches issued by operating system makers. Since the issue is such a deeply technical one there isn’t anything users can do to mitigate the potential issue other than wait for a fix to arrive. Definitely make sure you’re running security software in the meantime—advice that Intel also stresses.

Do you know when a fix will come?

It’s already here for Windows, Mac, and Chromebook users.

Microsoft pushed out a Windows update protecting against Meltdown on January 3, the day that the CPU exploits hit headlines. Updates issued outside of Microsoft’s monthly “Patch Tuesdays” are rare, underlining the severity of this issue.

Apple quietly protected against Meltdown in macOS High Sierra 10.13.2, which released on December 6, according to developer Alex Ionescu. Additional safeguards will be found in macOS 10.13.3, he says.


cc_rider
Strange but not a stranger.
cc_rider Avatar

Location: Bastrop
Gender: Male
Zodiac: Cancer
Chinese Yr: Snake


Posted: Jan 4, 2018 - 8:28am

In the headlines today: "Experts: Security flaws put virtually all phones, computers at risk"

Is this for real? Ugh.
Red_Dragon

Red_Dragon Avatar



Posted: May 12, 2017 - 12:36pm

Malware, described in leaked NSA documents, cripples computers worldwide
islander
Thalassophile
islander Avatar

Location: Seattle
Gender: Male
Zodiac: Scorpio
Chinese Yr: Cock


Posted: Feb 22, 2017 - 1:56pm

 ScottFromWyoming wrote:

HA! I already have Hoefler Text!

 
But do you have Hoefler bold?
Proclivities
“If you can't control your peanut butter, you can't expect to control your life.
Proclivities Avatar

Location: Paris of the Piedmont
Gender: Male
Zodiac: Aries
Chinese Yr: Tiger


Posted: Feb 22, 2017 - 12:26pm

 ScottFromWyoming wrote:

HA! I already have Hoefler Text!

 
I've never had any site or browser tell me a specified font was not installed.
Red_Dragon

Red_Dragon Avatar



Posted: Feb 22, 2017 - 12:20pm

 ScottFromWyoming wrote:

HA! I already have Hoefler Text!

 
Of course you do!
ScottFromWyoming
I eat pints
ScottFromWyoming Avatar

Location: Powell
Gender: Male
Zodiac: Pisces
Chinese Yr: Tiger


Posted: Feb 22, 2017 - 12:14pm

 Red_Dragon wrote: 
HA! I already have Hoefler Text!
Red_Dragon

Red_Dragon Avatar



Posted: Feb 22, 2017 - 11:57am

New Chrome hack prompts users to download ‘missing font’ to sneak in malware
DaveInVA
Single, unwanted, unloved eccentric, crusty ol' fart with cats
DaveInVA Avatar

Location: In a hovel in effluent Damnville, VA
Gender: Male


Posted: Apr 18, 2016 - 5:56am

Homeland Security warns Windows PC users to uninstall Quicktime


Red_Dragon

Red_Dragon Avatar



Posted: Dec 24, 2013 - 11:28am

ransomware...
miamizsun

miamizsun Avatar

Location: (3261.3 Miles SE of RP)
Gender: Male


Posted: Jan 13, 2013 - 6:23am

 ScottFromWyoming wrote:

Did they just not mention mac because they don't serve the Mac market, or Macs haven't been targeted/detected yet... because Mac systems are potentially just as vulnerable (if the user is an admin, I assume)...

 
i run windows and mac and as i understand it they consider mac a flavor of linux

and they do have a version of their AV for macs too

i've been using avira for quite some time on windows and on my mac since i got it (ten months ago) with great results

and the personal version is free

p.s. i'm not clear on the mac OS targeting yet, however i'd like to believe that they're on it {#Wink}


ScottFromWyoming
I eat pints
ScottFromWyoming Avatar

Location: Powell
Gender: Male
Zodiac: Pisces
Chinese Yr: Tiger


Posted: Jan 13, 2013 - 5:19am

 miamizsun wrote:

...Java zero-day vulnerability, which allows hackers to inject malicious code into even fully-patched Windows or Linux computer operating systems.

 
Did they just not mention mac because they don't serve the Mac market, or Macs haven't been targeted/detected yet... because Mac systems are potentially just as vulnerable (if the user is an admin, I assume)...
miamizsun

miamizsun Avatar

Location: (3261.3 Miles SE of RP)
Gender: Male


Posted: Jan 13, 2013 - 5:15am

 ScottFromWyoming wrote:

Computer Users Should Disable Java 7 Owing To Security Flaw, Experts Say

Millions of computer users who run the most recent versions of Oracle's Java software should disable the product owing to security flaws, says the cybersecurity section of the Department of Homeland Security. The agency says, "Web browsers using the Java 7 plug-in are at high risk."

For our Newscast desk, Steve Henn filed a report from Silicon Valley in which he says that "in the last few months security researchers have discovered a series of bugs that can allow bad actors to take over machines that are running Java in a Web browser and steal your identity."

Those bugs can be exploited to allow hackers' programs to give themselves full security privileges, according to a "vulnerability note" posted by Carnegie Mellon University's CERT computer security site.

"Oracle Java 7 update 10 and earlier are affected," the notice says. It adds that the only known solution is to "disable Java in web browsers."

{.... more at link}

 
thx scott {#Biggrin}

i saw this and shortly after i got this email (regarding my situation)

Saturday, January 12, 2013

Avira Security Software Detects Java 7 Exploits

Users Can Relax... A Little Bit

Tettnang, Germany —- January 12, 2013 – Security expert Avira announced today that all of its antivirus and security software products have been updated to detect the latest Java 7 zero-day exploits.

Millions of computer users are at risk from the Java zero-day vulnerability, which allows hackers to inject malicious code into even fully-patched Windows or Linux computer operating systems.

Fortunately, Avira customers can relax a bit as all Avira software products now protect against generic exploits of the Java 7 vulnerability. Although detecting the exploits does not fix the Java 7 flaw, it keeps Avira customers safe from having their computers used in potentially malicious actions and from losing their private data.

"Whenever a vulnerability like this is discovered – especially when it is in a widely distributed software like Java – the bad guys are quick to write exploits that take advantage of the flaw," said Sorin Mustaca, IT security expert at Avira. "While Oracle ultimately needs to patch Java, in the meantime we can at least prevent our customers from falling victim to the exploits."

Links



ScottFromWyoming
I eat pints
ScottFromWyoming Avatar

Location: Powell
Gender: Male
Zodiac: Pisces
Chinese Yr: Tiger


Posted: Jan 12, 2013 - 1:00am

Computer Users Should Disable Java 7 Owing To Security Flaw, Experts Say

Millions of computer users who run the most recent versions of Oracle's Java software should disable the product owing to security flaws, says the cybersecurity section of the Department of Homeland Security. The agency says, "Web browsers using the Java 7 plug-in are at high risk."

For our Newscast desk, Steve Henn filed a report from Silicon Valley in which he says that "in the last few months security researchers have discovered a series of bugs that can allow bad actors to take over machines that are running Java in a Web browser and steal your identity."

Those bugs can be exploited to allow hackers' programs to give themselves full security privileges, according to a "vulnerability note" posted by Carnegie Mellon University's CERT computer security site.

"Oracle Java 7 update 10 and earlier are affected," the notice says. It adds that the only known solution is to "disable Java in web browsers."

{.... more at link} 


olivertwist

olivertwist Avatar

Location: Atlanta GA
Gender: Male


Posted: Jul 8, 2012 - 1:11pm

 Manbird wrote:
Check your 'puter for the DNS Changer virus here. Or don't. Who cares. 

 

I got a green light. Phew. {#Propeller}
Manbird
Offal Makes Me Strong! Strong! Strong! W
Manbird Avatar

Location: Oroville, Ca
Gender: Male
Zodiac: Virgo


Posted: Jul 8, 2012 - 12:55pm

Check your 'puter for the DNS Changer virus here. Or don't. Who cares. 
katzendogs

katzendogs Avatar

Location: Pasadena ,Texas
Gender: Male
Zodiac: Aquarius
Chinese Yr: Dragon


Posted: Jul 7, 2012 - 2:53pm

good here!
Page: 1, 2, 3, 4  Next