Brontoforumus Archive

Please login or register.

Login with username, password and session length
Advanced search  

News:


This board has been fossilized.
You are reading an archive of Brontoforumus, a.k.a. The Worst Forums Ever, from 2008 to early 2014.  Registration and posting (for most members) has been disabled here to discourage spambots from taking over.  Old members can still log in to view boards, PMs, etc.

The new message board is at http://brontoforum.us.

Pages: 1 [2] 3 4 5 6 7 ... 11

Author Topic: Computer security  (Read 25576 times)

0 Members and 1 Guest are viewing this topic.

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #20 on: June 11, 2008, 06:52:56 PM »

Well, again, it came up again in the Olympic thread.
Logged

Brentai

  • https://www.youtube.com/watch?v=DnXYVlPgX_o
  • Admin
  • Tested
  • Karma: -65281
  • Posts: 17524
    • View Profile
Re: Computer security
« Reply #21 on: June 22, 2008, 01:56:36 PM »

So avast! is popping up critical alerts for opening Yahoo! right now.

However this is resolved, one entity with an awkwardly punctuated name is going to get burned.
Logged

MadMAxJr

  • Tested
  • Karma: 5
  • Posts: 2339
    • View Profile
    • RPG Q&A
Re: Computer security
« Reply #22 on: July 18, 2008, 07:53:59 AM »

Quote
It searches for MP3s, transcodes them to WMA format, wraps them in an ASF container, and adds links to further copies of the malware, all without modifying the .MP3 extension."

Malware authors are getting really scary.  Thankfully if you use VLC for everything, this one can't really harm you, as far as I can tell.

What's next, some kind of Malware that makes your every keypress a credit card purchase?
Logged
"The trouble with the world is that the stupid are cocksure and the intelligent are full of doubt." - Bertrand Russell

Got questions about RPGs?

Royal☭

  • Supreme Court Judge President
  • Tested
  • Karma: 88
  • Posts: 6301
    • View Profile
Re: Computer security
« Reply #23 on: July 18, 2008, 07:57:42 AM »

Quote
Infected files launch IE and load a page

Ahh... :pimp:

Saturn

  • Tested
  • Karma: 3
  • Posts: 1670
    • View Profile
Re: Computer security
« Reply #24 on: July 18, 2008, 01:32:47 PM »

Quote
It searches for MP3s, transcodes them to WMA format, wraps them in an ASF container, and adds links to further copies of the malware, all without modifying the .MP3 extension."

Malware authors are getting really scary.  Thankfully if you use VLC for everything, this one can't really harm you, as far as I can tell.

What's next, some kind of Malware that makes your every keypress a credit card purchase?

 i have a fucking funny feeling that the author of that thing got paid by mediadefender or another of those anti-piracy guys to fuck with P2P
Logged

sei

  • Tested
  • Karma: 25
  • Posts: 2085
    • View Profile
Re: Computer security
« Reply #25 on: July 18, 2008, 02:17:27 PM »

It worries me that the top google result for "avast" looks like a phishing domain.

http://vvww-avast.com/?t=AVAST1U
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #26 on: August 06, 2008, 03:30:00 PM »

Seeing some headlines today about Kaminsky speaking at the Black Hat Conference.  He's talking about a major DNS flaw that allows domain spoofing -- for the laymen in the audience, that could mean you type in google.com and get a scam site.  LA Times has a non-technical rundown; The Reg has a technical one; Wired talks about how it's been good for OpenDNS, which doesn't have the problem.

From LA Times (emphasis mine):
Quote
The Secure Sockets Layer, signified by "https://" at the beginning of a website address, could be circumvented, as one example. Impostors could fool the authentication companies, such as Verisign, and so get an approved digital certificate shown to site visitors, though Kaminsky said those companies have revamped their procedures. A large number of firms simply sign their own certificates, which an impostor could do, without dissuading consumers from continuing.

:endit:

Quote
"Everywhere you look, SSL shoots itself in the face," Kaminsky said.

...What he said.

It's been described as the greatest security hole in Internet architecture since 1997.  And Kaminsky's response was deft; he discovered it back in March and alerted all the major players in the business and helped them close the hole before he announced it publicly a month ago.

Reg sums it up:
Quote
[W]e'd hate to think what might have happened if a less scrupulous person had stumbled on the bug first[.]
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #27 on: August 09, 2008, 12:27:20 PM »

NYT: the patch is still vulnerable; it's harder to crack, but still possible.  (Since it's NYT, the language is a little Dick and Jane, but I assume they've merely increased the number of possible transaction ID's.)

The bottom line is that some of the most basic protocols the Internet runs on are ancient, dating back to a time when people didn't even consider things like identity theft.  (Imagine where we'd be right now if E-Mail had been designed from the ground up to verify sender addresses.)

We haven't heard the last of this.  Kaminsky has saved the Internet for now, but it's a Band-Aid.
Logged

sei

  • Tested
  • Karma: 25
  • Posts: 2085
    • View Profile
Re: Computer security
« Reply #28 on: August 09, 2008, 06:18:31 PM »

http://www.youtube.com/watch?v=eq7qxECor_8

Lessig on the existence of a (presently dormant) Internet-targeting analog to the Patriot Act.
Logged

sei

  • Tested
  • Karma: 25
  • Posts: 2085
    • View Profile
Re: Computer security
« Reply #29 on: August 09, 2008, 11:48:02 PM »

The avast! UI is a rare atrocity.

It looks like a media player designed by a 14 year old, replete with obnoxious sound effects when one mouses over different button and an equally irritating siren that sounds upon detection of a suspected threat.

Those buttons I mentioned lack tooltips.  While it's not hard to memorize what they represent, it's obnoxious, especially for a new user.

It has multiple components, like some other AV packages, but avast! has decided itself worthy of placing two separate icons resident in the systray.

While scanning, it detected a security tool that's not a virus, and gave me a pop-up announcement (note: not a post-scan group of items that users can manage at their convenience).  I hit continue (vs stop) and it went from 80+% done back to 4%.

 :facepalm:

I also tried Avira AntiVir and found it very well-behaved.
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #30 on: August 11, 2008, 10:29:05 PM »

Brian X. Chen at Wired questions the quality control process for the iPhone App Store.
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #31 on: October 23, 2008, 09:29:20 PM »

BetaNews: Windows security flaw so critical they've released a patch outside the normal patch cycle.  Affects all versions of Windows, but Vista and Server 2008 are more secure than XP.

NYT says that security firms have already used the patch to reverse-engineer an exploit, and if the good guys can do it, the bad guys can too.

Notably:

Quote
And one of the architects of Microsoft's security testing program had a frank assessment of the situation Thursday, saying that the company's "fuzzing" testing tools should have discovered the issue earlier. "Our fuzz tests did not catch this and they should have," wrote Security Program Manager Michael Howard in a blog posting. "So we are going back to our fuzzing algorithms and libraries to update them accordingly. For what it's worth, we constantly update our fuzz testing heuristics and rules, so this bug is not unique."

Oh good, Microsoft's fuzzing tools can't detect obvious stack overflow vulnerabilities and there are likely to be more out there.
Logged

  • Magic Gunner Miss Blue
  • Tested
  • Karma: -65461
  • Posts: 4300
    • View Profile
Re: Computer security
« Reply #32 on: October 23, 2008, 09:44:59 PM »

What I read:
NYT says that security firms have already used the patch to reverse-engineer an exploit, and if the Scatman can do it, so can you.
Logged

Brentai

  • https://www.youtube.com/watch?v=DnXYVlPgX_o
  • Admin
  • Tested
  • Karma: -65281
  • Posts: 17524
    • View Profile
Re: Computer security
« Reply #33 on: October 23, 2008, 09:53:55 PM »

Oh hey, another networking service that has no business being enabled by default.
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #34 on: November 03, 2008, 11:47:17 AM »

MS has a new security report out.  Coverage: CNet, Network World, WaPo.
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #35 on: December 02, 2008, 12:01:45 AM »

Wired has a followup on the Kaminsky story.  It's a little overblown ("A-Team" is in the headline, and it goes to some lengths to lionize Kaminsky), but it's a good read.
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #36 on: December 16, 2008, 11:10:16 PM »

Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #37 on: December 30, 2008, 08:27:47 PM »

Security researchers break MD5-based SSL.

Oh, if only we had already known for the past four years that MD5 was vulnerable!
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #38 on: January 30, 2009, 11:15:13 PM »

Surprise!  It turns out that popping up a nag screen every time the user tries to modify the system doesn't help a whole hell of a lot if you're still running everything as Administrator and not prompting for a password.  Especially if it just so happens that you also make a scripting language that can send inputs that the OS can't tell apart from an actual user's keystrokes.

Microsoft's response is, of course, "It's not a bug, it's a feature."

You can't make this shit up.
Logged

Mothra

  • ┐('~`;)┌ w/e
  • Admin
  • Tested
  • Karma: -62198
  • Posts: 3778
    • View Profile
Re: Computer security
« Reply #39 on: February 10, 2009, 08:02:26 PM »

I have a tendency to get a bit paranoid so uh, this could just me baselessly overthinking things, but say your roommate is in charge of the wireless network and router and all that jazz, and is hells of computer savvy. With such limitless power, is it conceivable this individual could spy on one's searches, computer content, stuff like that? N-not to imply I search for anything but updated weather reports, breaking dinosaur-related developments and The Wall Street Journal Online, of course. Just wondering.

...

I... I may have perhaps once at one point by accident searched the internet for pornography. I was not proud of it, nor did I enjoy the images that forced themselves onto my computer screen, I was hopped up on drugs and thought to hell with the consequences.

Anyways I've got spybot and clamwin and four massive panning cameras mounted in all corners of my room so I wouldn't think such a thing would be on my end. Would you please computassure me
Logged
Pages: 1 [2] 3 4 5 6 7 ... 11