4901

I have mye TV, Blueray player online so i get software updates +Apple TV and cableTV box to recive all features like Netflix and movie rent

4902

Adblock the NSA

https://www.nsaneforums.com/topic/279916-ublockadblock-filters-for-known-exploit-servers/

4903

Some things you can do securing your iOT devices at Home.

First and formeost use Avast solutions to protect your Wifi.
I do and I haven’t regret that decision since. Would not use my Android without it.

  1. Do not take iOT devices to your workplace, for instance your Bluetooth music watch.

  2. Create a separate guest network for iOT devices on your wifi home network.

  3. a Check using Wireless Network Watcher for instance to see what’s on there.

  4. Only plug those devices into the network that you cannot do without.

  5. Update, upgrade and patch the firmware of all iOT devices.

  6. Disable UPnP, so your devices are not exposed on the Interwebs.
    5.a Check for this using Shodan search engine for instance, or dork searches.

  7. Alter the default passwords. Pick good secure passwords and hand a different one to all and every device.

  8. Always be wary of cloud services and establish the security thereof. Use secure connections.

  9. Keep your "landline"open in any case of a major emergency. Never trust anything outside your network.

  10. Disable wifi and bluetooth services whenever there is no need for it.
    Then these services should be off.

polonus

4904

Disclosing vulnerabilities to protect users
https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html

4905

Microsoft not happy with Google disclosing major Windows bug - Web giant says no fix or advisory has been issued even though it reported the flaw 10 days ago.

https://www.cnet.com/news/microsoft-unhappy-with-google-disclosing-major-windows-bug-security/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem:+Trending+Content&utm_content=58180fbe89b9830007afc76a&utm_medium=trueAnthem&utm_source=facebook

4906

Only effects 32 bit systems.

4907

Google now like Mozilla no longer to trust WhoSign & StartCom certification.:
https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html
Also read here on certificate transparency: https://www.certificate-transparency.org/what-is-ct

Apart from what we read there, there seems more insecurity coming from SSL证书_HTTPS加密_SSL数字证书 - 沃通CA【官网】

Only when we check here we see that the certificate is installed correctly: https://cryptoreport.websecurity.symantec.com/checker/views/certCheck.jsp

Certificate information This server uses an Extended Validation (EV) certificate. Information about the site owner has been fully validated by WoSign CA Limited to help secure personal and financial information. Common name: www.wosign.com SAN: www.wosign.com, wosign.com, xn--buw427e.xn--fiqz9s, xn--buw427e.xn--fiqs8s, xn--buw427e.cn, xn--buw427e.com, wosign.tw, www.wosign.tw, wosign.us, www.wosign.us, wosign.hk, www.wosign.hk, wosign.com.hk, www.wosign.com.hk, wosign.com.cn, www.wosign.com.cn, wosign.cn, www.wosign.cn Valid from: 2016-Feb-24 07:24:45 GMT Valid to: 2018-Apr-24 07:24:45 GMT Certificate status: Valid Revocation check method: OCSP Organization: WoSign 沃通电子认证服务有限公司 Organizational unit:

City/locality:
深圳市
State/province:
广东省
Country:
CN
Certificate Transparency:
Embedded in certificate
Serial number:
28a6d32c2b971b896cd0de9477fd2a06
Algorithm type:
SHA256withRSA
Key size:
2048
Certificate chainShow details
Certification Authority of WoSignIntermediate certificate
WoSign Class 4 EV Server CA G2Intermediate certificate
www.wosign.comTested certificate
Server configuration
Host name:
211.151.125.105
Server type:
Microsoft-IIS/7.5
IP address:
211.151.125.105
Port number:
443
Protocols enabled:
TLS1.2
TLS1.1
TLS1.0
Protocols not enabled:
SSLv3
SSLv2
Secure Renegotiation:
Enabled
Downgrade attack prevention:
Not Enabled
Next Protocol Negotiation:
Not Enabled
Session resumption (caching):
Enabled
Session resumption (tickets):
Not Enabled
Strict Transport Security (HSTS):
Not Enabled
SSL/TLS compression:
Not Enabled
Heartbeat (extension):
Not Enabled
RC4:
Not Enabled
OCSP stapling:
Enabled

Vulnerabilities checked:
Heartbleed
Poodle (TLS)
Poodle (SSLv3)
FREAK
BEAST
CRIME
Cipher suites enabled:
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000A)
TLS_RSA_WITH_AES_128_CBC_SHA (0x002F)
TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003C)
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003D)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xC013)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xC014)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xC027)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xC028)

But here where we see it go wrong: https://asafaweb.com/Scan?Url=https%3A%2F%2Fwosign.com
with a custom errors: Fail and excessive headers warning and a clickjacking warning.

The F-Status here is not building more confidence either: https://observatory.mozilla.org/analyze.html?host=wosign.com
as is this one here: https://sritest.io/#report/8353f268-5c60-4145-9d50-d22f5ba5f7f2

Retirable jQuery library: -https://wosign.com
Detected libraries:
jquery - 1.11.3 : (active1) -https://wosign.com/JS/jquery-1.11.3.min.js
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
(active) - the library was also found to be active by running code
1 vulnerable library detected

Others could check similarly on StartCom. I doubt the situation is very much different from that at WhoSign’s.

polonus (volunteer website security analyst and website error-hunter)

4908

Digital virus outbreak in British hospitals has serious consequenses: http://www.nlg.nhs.uk/
See warning on that page.

polonus

4909

Interesting read on how to discriminate between normal enterprise use of TSL and cybercriminal malware use of it:
https://arxiv.org/pdf/1607.01639v1.pdf
Paper presented by Blake Anderson Cisco, Subharthi Paul Cisco & David McGrew Cisco

Read how specific malware stands out, where/when it is more one-sided, why tor is more of a client used in malware delivery, assymetrical versus symmetrical use of encryption, prevailing encryption patterns etc.

For the researching minds among us this is yummy yummy stuff.
You should read it and draw conclusions.

polonus (volunteer website security analyst and website error-hunter)

4910

Well it has been known that you could get an infection when you are in hospital, but I don’t think that this virus is what they/you were expecting.

Whilst they don’t give any details on the major incident as to why outpatients, operations, etc. would need to be cancelled.

4911

New IoT-malware infests 3500 devices within 5 days.
Read: http://blog.malwaremustdie.org/2016/10/mmd-0059-2016-linuxirctelnet-new-ddos.html
Disable telnet to prevent infection.

polonus

4912

Our commitment to our customers’ security
https://blogs.technet.microsoft.com/mmpc/2016/11/01/our-commitment-to-our-customers-security/

4913

Have a vulnerable Joomla controller and want to block malicious account creation:
https://github.com/fcoulter/accountblocker (licensed by fcoulter - credits to Sucuri’s Daniel Cid for finding it)

polonus

4914

Websites from hosting provider Wix.com vulnerable through customized XSS malware via a DOM XSS hole.:
-https://www.contrastsecurity.com/security-influencers/dom-xss-in-wix.com *

Your avast webshield may alert on that link page *, but there is no real payload there ,
however for security reasons I decided to break the link. Going out there is your own responsibility!
Anyway when we report links it is always a good policy to break 'em.
Opening them later does not demand rocket technology, and visitors are free from accidently clicking such links initially.

polonus (volunteer website security analyst and website error-hunter)

4915

Perhaps the most powerful botnet ever seen.
Entire Internet in a country down due to a DDos attack.

https://medium.com/@networksecurity/shadows-kill-mirai-ddos-botnet-testing-large-scale-attacks-sending-threatening-messages-about-6a61553d1c7#.j0fb8fkiz

4916

Hi Eddy,

A real growing threat those new botnets endangering the infrastructure of the Interwebs now. >:(

Akamai will now stop using insecure SHA1 shortly: https://blogs.akamai.com/2016/11/planning-for-the-end-of-2016-a-leap-second-and-the-end-of-support-for-sha-1-tls-certificates.html
Check domains for insecure SHA1 (that shouldalready have been phased out Jan. last) here:
https://shaaaaaaaaaaaaa.com/

Damian aka polonus

4917

New Bizarro Sundown Exploit Kit Spreads Locky
http://blog.trendmicro.com/trendlabs-security-intelligence/new-bizarro-sundown-exploit-kit-spreads-locky/

4918

Mirai Botnet Strikes Again to Take Liberia Offline
http://www.infosecurity-magazine.com/news/mirai-botnet-strikes-again-to-take/

4919

INSIDE THE RIG EXPLOIT KIT
https://threatpost.com/inside-the-rig-exploit-kit/121805/

4920

Is it a good idea to let GCHQ tinker with BGP and SS7 protocols and apply changes to get as they say
a better protection against IP spoofing and dDos attacks at ISPs?

SS7 protocol for instance is holed and often comes not securely implemented, read about that from the mappers here:
http://labs.p1sec.com/2014/12/28/ss7map-country-risk-ratings/

But can we trust British Signal Intelligence, aka GCHQ-fox with our chicken?

They even might be after new ways to privacy leaks, like badly protected: privacyleak aka leak_locationcell, leak_privateinfos, net_homerouting, leak_authvectors, leak_subscriberplan, net_homerouting_defeated_ati, net_homerouting_defeated_psi & leak_location. Info credits for this article go out to: Laurent Ghigonis

Will this not mean more surveillance in the end for end-users under a better controlled undisturbed condition scheme?
Think again…or read: http://securityaffairs.co/wordpress/39409/cyber-crime/ss7-flaw-surveillance.html

polonus