Club PA 2.0 has arrived! If you'd like to access some extra PA content and help support the forums, check it out at patreon.com/ClubPA
The image size limit has been raised to 1mb! Anything larger than that should be linked to. This is a HARD limit, please do not abuse it.
Our new Indie Games subforum is now open for business in G&T. Go and check it out, you might land a code for a free game. If you're developing an indie game and want to post about it, follow these directions. If you don't, he'll break your legs! Hahaha! Seriously though.
Our rules have been updated and given their own forum. Go and look at them! They are nice, and there may be new ones that you didn't know about! Hooray for rules! Hooray for The System! Hooray for Conforming!

[Computer Security Thread] DejaBlue worms? Sounds so familiar, it makes me WannaCry.

1596061626365»

Posts

  • JragghenJragghen Registered User regular
    My weird-ass favorite extension for firefox is easyGestures.

    Middle mouse button becomes a wheel, you move in the direction and select. It's gestures for people like me who are too lazy to learn gestures.

  • BobbleBobble Registered User regular
    So I've received a few emails from a website called Hash Nest saying my login has failed from too many attempts. I don't have an account there so I'm guessing some other website where I have an account was breached and these guys are trying to brute force to get my (and a few thousand other people's) bitcoins or some shit? I use unique passwords but should I be concerned about anything else?

  • BahamutZEROBahamutZERO Registered User regular
    if you don't have an account there it's probably a phishing scam email

    BahamutZERO.gif
    furlionJaysonFourDonnictonInquisitor77
  • Eat it You Nasty Pig.Eat it You Nasty Pig. tell homeland security 'we are the bomb'Registered User regular
    Yeah if you don’t actually have an account, someone trying to use your email address wouldn’t generate a message saying your login failed

    NREqxl5.jpg
    do you lack faith, brother?
    or do you believe?
  • 3lwap03lwap0 Registered User regular
    Bobble wrote: »
    So I've received a few emails from a website called Hash Nest saying my login has failed from too many attempts. I don't have an account there so I'm guessing some other website where I have an account was breached and these guys are trying to brute force to get my (and a few thousand other people's) bitcoins or some shit? I use unique passwords but should I be concerned about anything else?

    It's not an uncommon tactic. Don't click any links from the e-mail threat itself, instead, open a new browser window and manually search for what they're trying to send you too. Alternately, copy the link in the e-mail and do a bit of open source intelligence research on it for validity. Websites like: https://www.talosintelligence.com/reputation_center - that ties into Cisco's web based reputation system. Might be of some help.

    I think Pringles original intention was to make tennis balls... but on the day the rubber was supposed to show up a truckload of potatoes came. Pringles is a laid-back company, so they just said, "Fuck it, cut em up!".
  • altidaltid Registered User regular
    edited June 28
    One for you guys: WinErx03

    It's a malicious popup/tab with the usual dire warnings about "you must do this or else!". I had it once, reset windows 10 (without erasing user data) and have got it again afterwards without actively doing anything at the time. I'd suspect a malicious ad perhaps? Triggering on automatic ad refresh? Or at least that's what I'd hope.

    I'm getting paranoid about having something more malicious lurking and triggering it though. I've used Malwarebytes and it registered nothing. Any other suggestions or thoughts?

    Edit: Seems one of the sites I browse regularly has ad issues that match this pretty closely. Back to running firefox + noscript/adblock there then.

    altid on
  • ShadowfireShadowfire Vermont, in the middle of nowhereRegistered User regular
    Yeah, that's just an ad. Close the browser, maybe clear settings, start over. No need to refresh Windows.

    WiiU: Windrunner ; Guild Wars 2: Shadowfire.3940 ; PSN: Bradcopter
  • Inquisitor77Inquisitor77 2 x Penny Arcade Fight Club Champion A fixed point in space and timeRegistered User regular
    altid wrote: »
    One for you guys: WinErx03

    It's a malicious popup/tab with the usual dire warnings about "you must do this or else!". I had it once, reset windows 10 (without erasing user data) and have got it again afterwards without actively doing anything at the time. I'd suspect a malicious ad perhaps? Triggering on automatic ad refresh? Or at least that's what I'd hope.

    I'm getting paranoid about having something more malicious lurking and triggering it though. I've used Malwarebytes and it registered nothing. Any other suggestions or thoughts?

    Edit: Seems one of the sites I browse regularly has ad issues that match this pretty closely. Back to running firefox + noscript/adblock there then.

    Here's a post where I give a list of good extensions to add to Firefox: https://forums.penny-arcade.com/discussion/comment/41292034/#Comment_41292034

    I wouldn't recommend NoScript unless you know what you're doing. And AdBlock has been captured by advertisers for years.

    Three things in human life are important: the first is to be kind; the second is to be kind; and the third is to be kind.
  • TetraNitroCubaneTetraNitroCubane Registered User regular
    edited June 28
    altid wrote: »
    One for you guys: WinErx03

    It's a malicious popup/tab with the usual dire warnings about "you must do this or else!". I had it once, reset windows 10 (without erasing user data) and have got it again afterwards without actively doing anything at the time. I'd suspect a malicious ad perhaps? Triggering on automatic ad refresh? Or at least that's what I'd hope.

    I'm getting paranoid about having something more malicious lurking and triggering it though. I've used Malwarebytes and it registered nothing. Any other suggestions or thoughts?

    Edit: Seems one of the sites I browse regularly has ad issues that match this pretty closely. Back to running firefox + noscript/adblock there then.

    Here's a post where I give a list of good extensions to add to Firefox: https://forums.penny-arcade.com/discussion/comment/41292034/#Comment_41292034

    I wouldn't recommend NoScript unless you know what you're doing. And AdBlock has been captured by advertisers for years.

    I still bristle about how skeevey this is, but it's 100% true.

    uBlock Origin is the adblocker of choice these days. Not to be confused with uBlock, which has it's own sketchy issues.

    TetraNitroCubane on
    VuIBhrs.png
    OrcaBahamutZEROShadowfireFrema5ehren
  • altidaltid Registered User regular
    edited June 28
    Yeah running noscript + ublock origin. I'd ran noscript + adblock for years but drifted back into just browsing 'normally' with edge because I got fed up with half the internet being a puzzle of "which javascript makes this work?". If that's the way it has to be these days though, I guess I have little choice.

    altid on
    Drovek
  • TetraNitroCubaneTetraNitroCubane Registered User regular
    edited July 3
    Question regarding browser virtualization and sandboxing:

    I've been relying on Sandboxie for years now. It's a pretty lightweight way to keep whatever browser I want to use isolated from my system, while still allowing me the ability to save files and migrate them selectively outside of the sandbox. While it was in its prime, it was pretty fantastic.

    Sandboxie is having... issues, lately. Primarily, they were purchased by Sophos a while back, and it's clear that Sophos has zero interest in maintaining the software at all. There have been license issues, lack of tech support, and generally slow responses. This morning Sandboxie starting throwing some concerning errors at me, and I figure it's time to retire it.

    Does anyone have a suggestion for an alternative browser isolation solution? I realize it sounds excessive, but it's really the best option to avoid drive-bys and other undisclosed vulnerabilities - Even if the browser gets hit hard, it's still isolated. I'm hoping I can avoid having to browse in a virtual machine, but it looks more and more like that might have to be the option.

    TetraNitroCubane on
    VuIBhrs.png
  • a5ehrena5ehren AtlantaRegistered User regular
    I'm not familiar with that space, but if you have a modern (2015+) CPU with various Virtualization extensions, something like a Docker container with your browser of choice and nothing else might work.

    You lose the automated neatness of a Sandboxie-ish thing, but Docker is going to be well-supported on the app and OS side for the foreseeable future due to its enterprise penetration...

    Frem
  • TetraNitroCubaneTetraNitroCubane Registered User regular
    edited July 24
    Here's a bit of an odd one, and hopefully cause for good discussion (I'd recommend going over it all before taking action, too).

    So recently German security research firm CERT-Bund disclosed what they considered to be a critical security flaw in VLC. By playing a specifically crafted MKV file, it is apparently possible for a remote attacker to take control of your machine via buffer over-read.

    The vulnerability was classified as CVE-2019-13615 by the NIST, and given the rating of 9.8 - CRITICAL (that's out of a potential 10, with 10 being the highest critical vulnerability).

    News outlets have caught wind of this, publishing a number of different articles on the vulnerability. Perhaps none so attention grabbing as Gizmodo's article with the headline "You Might Want to Uninstall VLC. Immediately."

    So seems bad, right?

    Well, if you actually check the bug tracker on VLC's page (referenced in the aforementioned articles), you can see that apparently VLC doesn't think so. They just up and can't reproduce the issue whatsoever, as is evidenced by the latest update on this bug:
    Changed 8 hours ago by Jean-Baptiste Kempf

    Sorry, but this bug is not reproducible and does not crash VLC at all.

    VLC then proceeds to take their beef to Twitter, because this is 2019 and of course they did:





    So what's actually going on? Hard to say at this point if a vulnerability exists that the VLC devs can't reproduce, or if the researchers in question missed the mark. But still, Gizmodo throwing around a headline like that feels scaremongering at BEST.

    And that's the bigger issue I've been struck by this afternoon, is that regardless of the veracity of this flaw, I've seen this article boosted and echoed across the social media space tremendously. And most folks are taking that headline at face value and screaming about how everyone needs to uninstall VLC RIGHT NOW.

    Social media is sure good for rapid response, but boy howdy can it also amplify FUD.

    TetraNitroCubane on
    VuIBhrs.png
    BahamutZEROThawmusBucketman
  • bowenbowen How you doin'? Registered User regular
    Apparently VLC annoys a lot of media player companies a hell of a lot because the dude who owns and operates the project absolutely refuses to play ball with adware and other bullshit.

    It would not surprise me if this is a targeted thing to discredit VLC at all, not that it'd matter, even if VLC was vulnerable literally ever other media player is hot garbage.

    Ladies.
    TetraNitroCubaneTelMarinefurlionThawmusShadowfireDizzenMvrckBlackDragon480Bucketmankime
  • SynthesisSynthesis Honda Today! Registered User regular
    I like Media Player Classic.

    But admittedly, I also use the actual, Windows-bundled WMP back when it was relevant.

    Orca wrote: »
    Synthesis wrote:
    Isn't "Your sarcasm makes me wet," the highest compliment an Abh can pay a human?

    Only if said Abh is a member of the nobility.
  • MugsleyMugsley Registered User regular
    It's also Gawker (I'm pretty sure), but Dave Murphy wrote an article about the situation on Lifehacker. Normally, Lifehacker's articles should be taken with a grain of salt, but Murphy is a pretty good tech journalist who isn't quick to hyperbole (I'm paraphrasing, but the title of his article is "Maybe Don't Uninstall VLC Media Player").

    I don't really have a stance either way because I don't use the platform, but it certainly sounds a bit like scaremongering to me.

  • LD50LD50 Registered User regular
    Well, IMO, the vulnerability shouldn't be rated so high as even if it is vulnerable it's not like VLC is going to automatically download and execute a bad MKV.

    TetraNitroCubaneShadowfireDizzenbowenBlackDragon480Bucketmankime
  • ThawmusThawmus Registered User regular
    The NIST seriously sucks. They provide a good service but VLC is right to bitch about this. They do nothing to work with developers to determine if they're all washed up or not, yet the information they provide can stimulate drastic changes around the world. They're also heavily resistant to withdrawing recommendations or scores. I've had lengthy discussions with the NIST before that made me want to pull my hair out, because they'd acknowledge their scores were too sharp, but they refused to understand how that was fucking people.

    Like, this is just VLC, but the NIST does this with Apache and other tremendously important, used-the-world-over software all the time. I've had to rebuild a web server from the ground up with an awkward configuration for 3 months, simply because Apache didn't think something was a big enough deal to fix, had ample proof that they were right, and the NIST still scored it severe. That fucks over a lot of guys in the middle of that mess, especially if your PCI compliance provider just looks at NIST scores and doesn't take anything into context (it should be noted that this is pretty usual!).

    steam_sig.png
    TetraNitroCubanea5ehrenMvrckbowenBlackDragon480BucketmanPolaritie
  • TetraNitroCubaneTetraNitroCubane Registered User regular
    edited July 24
    Agreed. It's not as if the flaw can be exploited remotely without user intervention. Very specific user intervention.

    There's been an update on this situation. The long and short of it is this: The researcher who found this flaw was using Ubuntu version 18.04, which happened to have had an outdated version of some libraries installed despite being the current Ubuntu version. One of those libraries, libebml, had a critical flaw in it - which was patched 16 months ago.

    For some reason, this researcher claimed the flaw was operative on Windows, Linux, and Unix. It was taken up by NIST and classified as a 9.8 based exclusively on the fact that it was a buffer overrun. This was done without verification.

    Once the flaw was published (incorrectly), news media grabbed it and ran with it. And blew it out of proportion even if the reported flaw WAS accurate.

    VLC weighs in here (spoilering the thread for long and huge):



    So, yeah.

    Bottom line: There is no flaw and no one needs to uninstall VLC right now. But boy howdy did this get amplified something fierce.

    TetraNitroCubane on
    VuIBhrs.png
    ThawmusJazzaltidShadowfireDizzenMvrckbowenJragghenJaysonFourBlackDragon480BucketmanSmokeStacksPolaritie
  • Mr_RoseMr_Rose 83 Blue Ridge Protects the Holy Registered User regular
    I just installed VLC on a clients PC. I am happy with this.

    ...because dragons are AWESOME! That's why.
    Nintendo Network ID: AzraelRose
    DropBox invite link - get 500MB extra free.
    TetraNitroCubaneThawmusJazzLostNinjaJebus314MvrckJragghenJaysonFourBucketmankime
  • ThawmusThawmus Registered User regular
    edited July 24
    Slight quibble: 18.04 is technically the current version of Ubuntu. The non-LTS releases are not recommended for production use. If there are old libraries on 18.04 (this seems to be happening more and more, which is frustrating), that needs to be corrected. Ubuntu's upstream has been terrible for years now.

    Thawmus on
    steam_sig.png
    TetraNitroCubanea5ehrenbowenBlackDragon480
  • TetraNitroCubaneTetraNitroCubane Registered User regular
    Thawmus wrote: »
    Slight quibble: 18.04 is technically the current version of Ubuntu. The non-LTS releases are not recommended for production use. If there are old libraries on 18.04 (this seems to be happening more and more, which is frustrating), that needs to be corrected. Ubuntu's upstream has been terrible for years now.

    Thank you for the clarification, edit made. I was unaware of this.

    That being said, I still have zero idea of why an old, known vulnerability in an unrelated library was classified as a VLC critical flaw - and then said to be active on Windows.

    VuIBhrs.png
    Thawmus
  • FireflashFireflash Montreal, QCRegistered User regular
    I'm usually good at ignoring email scams but I just noticed in my spam folder multiple similar emails claiming they have all my personal info and passwords. They all ask me to send them bitcoin or else, and all of them tell me to deposit in the same bitcoin wallet.

    I would just ignore it but in the title they do show an old password I've used a long time ago for my email address and other stuff. I'm using completely different passwords now but still, how do they know one of my older passswords?? 0_O



    PSN: PatParadize
    Battle.net: Fireflash#1425
  • LD50LD50 Registered User regular
    Your data was stolen in one of the various high profile hacks that have happened over the years (such as yahoo). They use the passwords that were stolen to scare people into giving them money.

    BahamutZEROShadowfireLostNinjaFireflashMvrckJaysonFourMrVyngaardkime
  • BahamutZEROBahamutZERO Registered User regular
    edited August 2
    Yeah there's huge databases of email addresses and old passwords floating around the internet from various past breaches, people set up scripts to trawl through these databases and send emails to the addresses in the lists along with their associated password to try to spook people into sending them ransom money. As long as you have changed your email password these are entirely empty threats.

    BahamutZERO on
    BahamutZERO.gif
    Fireflash
  • CampyCampy Registered User regular
    So I got an email, seemingly from gamestop.com saying that my password has changed. I used to have the same password for my "low end" accounts, so it's not that surprising; other than the fact that I don't actually recall having a gamestop account...

    Tried to go to their website (direct, not from the email links) to see about verifying this fact and I'm getting a 403 access denied on the homepage. Anyone else seeing this?

  • ShadowfireShadowfire Vermont, in the middle of nowhereRegistered User regular
    At least the mobile site is running. Still having issues @Campy ?

    WiiU: Windrunner ; Guild Wars 2: Shadowfire.3940 ; PSN: Bradcopter
  • CampyCampy Registered User regular
    edited August 2
    Yeah, I'm getting the 403 on mobile and my home wifi. Maybe it's a GDPR thing?

    Campy on
  • BahamutZEROBahamutZERO Registered User regular
    gamestop's website totally sucks so it could just be actually down. It's working for me right now FWIW.

    BahamutZERO.gif
  • TetraNitroCubaneTetraNitroCubane Registered User regular
    Everyone, start your update engines. Four new wormable exploits have been disclosed across almost all modern versions of Windows
    Similar to the so-called BlueKeep vulnerability Microsoft patched in May, the four bugs the company patched on Tuesday reside in Remote Desktop Services (RDS), which allow a user to take control of a remote computer or virtual machine over a network connection. The bugs—indexed as CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, and CVE-2019-1226—make it possible for unauthenticated attackers to execute malicious code by sending a specially crafted message when a protection known as Network Level Authentication is turned off, as is often done in large organizations.

    In such networks, it’s possible for exploits to ricochet from computer to computer. Leaving NLA on makes it harder for attacks to spread, since attackers must first have network credentials. The growing use of hacking tools such as Mimikatz, however, often enables attackers to surreptitiously obtain the needed credentials.

    As it is shockingly familiar, given the BlueKeep vulnerability, researchers have taken to calling this collection of exploitable issues the DejaBlue vulnerabilities.

    Patches should be forthcoming soon, if you have not already received them (I had some waiting for me when I got home this evening).

    VuIBhrs.png
  • TetraNitroCubaneTetraNitroCubane Registered User regular
    And in "excuse me, what" news, turns out that Bluetooth isn't secure! Not just one Bluetooth device. Just... Bluetooth in general.
    The specification of Bluetooth includes an encryption key negotiation protocol that allows to negotiate encryption keys with 1 Byte of entropy without protecting the integrity of the negotiation process. A remote attacker can manipulate the entropy negotiation to let any standard compliant Bluetooth device negotiate encryption keys with 1 byte of entropy and then brute force the low entropy keys in real time.

    ...

    The KNOB attack is possible due to flaws in the Bluetooth specification. As such, any standard-compliant Bluetooth device can be expected to be vulnerable. We conducted KNOB attacks on more than 17 unique Bluetooth chips (by attacking 24 different devices). At the time of writing, we were able to test chips from Broadcom, Qualcomm, Apple, Intel, and Chicony manufacturers. All devices that we tested were vulnerable to the KNOB attack.

    And yes, it's called the Key Negotiation of Bluetooth Attack. Or KNOB Attack. Knockin' it out of the park on naming these vulnerabilities.

    VuIBhrs.png
Sign In or Register to comment.