Go Back   DreamTeamDownloads1, FTP Help, Movies, Bollywood, Applications, etc. & Mature Sex Forum, Rapidshare, Filefactory, Freakshare, Rapidgator, Turbobit, & More MULTI Filehosts > Site Announcements, DISCLAIMER & Feedback > Site Announcements & Important Stuff

IMPORTANT ANNOUNCEMENT
Hallo to All Members. As you can see we regularly Upgrade our Servers, (Sorry for any Downtime during this). We also have added more Forums to help you with many things and for you to enjoy. We now need you to help us to keep this site up and running. This site works at a loss every month and we appeal to you to donate what you can. If you would like to help us, then please just send a message to any Member of Staff for info on how to do this,,,, & Thank You for Being Members of this site.
Post New ThreadReply
 
LinkBack Thread Tools Display Modes
Old 25-10-14, 12:17   #1
 
Ladybbird's Avatar
 
Join Date: Feb 2011
Posts: 47,365
Thanks: 27,593
Thanked 14,456 Times in 10,262 Posts
Ladybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond repute

Awards Showcase
Best Admin Best Admin Gold Medal Gold Medal 
Total Awards: 8

Important New Security Threats=Poodle+Shellshock Worse Than Heartbleed

Google Researchers say 'Poodle' Bug Could Give Hackers Access to Your Bank Details

  • Poodle allows hackers to see data meant to be encrypted in plain text
  • This could allow access to accounts for email, banks and other services
  • Source of flaw is a widely-used, outdated encryption protocol, SSL 3.0
  • So far, no one has used the Poodle bug in SSL 3.0 to hack an account
  • Web users can opt switch to using a browser that doesn't use SSL 3.0
  • 'If Shellshock and Heartbleed were Threat Level 10, thenPoodle is more like a 5 or a 6,' said Tal Klein, vice president with cloud security firm Adallom
Reuters, 25 October 2014


A security bug in the widely-used software used to secure the internet has been discovered by three Google researchers.
The flaw, dubbed 'Poodle', could allow hackers to gain access to information that should be encrypted in plain text allowing them to takeover accounts for email, banking and other services.
Makers of web browsers and server software yesterday asked users to disable use of the source of the bug: an 18-year old encryption protocol known as SSL 3.0.




A security bug in the widely-used software used to secure the web has been discovered by three Google researchers. The flaw, dubbed 'Poodle', could be allow hackers to gain access to information that is meant to be encrypted in plain text allowing them to takeover accounts for email, banking and other services


The discovery of 'Poodle' - which stands for Padding Oracle On Downloaded Legacy Encryption - is the third time this year that researchers have uncovered a vulnerability in popular web technology.
It follows the discovery of April's 'Heartbleed' bug in OpenSSL and last month's 'Shellshock' bug in a piece of Unix software known as Bash.

Security experts said that hackers could steal browser 'cookies' in Poodle attacks, potentially taking control of email, banking and social networking accounts.
Even so, experts said the threat was not as serious as the two prior bugs, and that so far, no one has made use of the vulnerability to hack an account.

Baffling computer bug 'Heartbleed' caused concern in ApriL:






Security experts said that hackers could steal browser'cookies' in 'Poodle' attacks, potentially taking control of email, banking and social networking accounts


'If Shellshock and Heartbleed were Threat Level 10, then Poodle is more like a 5 or a 6,' said Tal Klein, vice president with cloud security firm Adallom.
The threat was disclosed in a research paper published on the website of the OpenSSL Project, which develops the most widely used type of SSL encryption software.


Quote:
WHAT CAN YOU DO IF YOU THINK YOU ARE AT RISK? SSL 3.0, in which the software is found, is currently used by Internet Explorer (IE) 6.
Some other browsers all still l support SSL 3.0 as an option, so they may also be at risk.

To prevent a Poodle attack on Firefox, open about.config, search for 'security.enable,' and set 'security.enable_ssl3' to 'false', advises Steven Vaughan-Nichols writing in ZDNet

To stop an attack on Internet Explorer, go to the tools menu, click internet options, and then click on the Advanced tab.
Under the Advanced tab, look for the Security heading, and make sure that the SSL 3.0 check box is unchecked.
If you're running a web server, check with your code provider in the case of open-source programs, for how to turn SSL 3.0 support off.
Sergey Lozhkin, Security Expert at Kaspersky Lab has advised people to take the following steps to avoid possible incidents:

1. Do not use public Wi-Fi hotspots if you’re sending valuable information such as online banking, accessing social networks via browser. This is always a risk, but the Poodle vulnerability makes it even more dangerous.

2. Disable SSL v3 and all previous versions of the protocol in your browser settings. SSL v3 is 15 years old now and has been superseded by the more up-to-date and widely supported TSL protocol, supported by most modern web browsers.


The TSL protocol is not affected by the Poodle vulnerability. However, keep in mind that disabling SSL v3 could cause compatibility problems, so be careful before implementing this measure.
Rumours of a bug in SSL software had been circulating in recent days, prompting some security professionals to prepare for a major new threat this week.
Ivan Ristic, director of application security research with Qualys, said 'Poodle' was not as serious as the previous threats because the attack was 'quite complicated,' requiring hackers to have privileged access to networks.

Jeff Moss, a cyber adviser to the U.S. Department of Homeland Security, added attackers would need to launch a 'man-in-the-middle' attack.
This would involve placing themselves between victims and websites using approaches such as creating rogue WiFi 'hotspots' in Internet cafes.
Google suggested a technical workaround to secure web servers, but added on its blog that it hopes to eventually remove support for SSL 3.0 from all client software.
Mozilla plans to disable SSL 3.0 by default in the next version of its Firefox browser, to be released on November 25.








SSL 3.0, in which the software is found, is currently used by Internet Explorer (IE) 6. 'If Shellshock and Heartbleed (left) were Threat Level 10, thenPoodle is more like a 5 or a 6,' said Tal Klein, vice president with cloud security firm Adallom


'SSL version 3.0 is no longer secure,' Mozilla said on its blog. 'Browsers and websites need to turn off SSLv3 and use more modern security protocols as soon as possible.'

Microsoft Corp issued an advisory suggesting that customers disable SSL 3.0 on Windows for servers and PCs.
Representatives with Apple could not be reached and an Oracle spokeswoman had no immediate comment.

Matthew Green, an assistant research professor of computer science at Johns Hopkins University said that disabling SSL 3.0 can be difficult for some computer users.
'It's not going to take out the infrastructure of the internet. But it's going to be a hassle to fix,' Professor Green said.


PREVIOUS ALERT:

Shellshock Makes Heartbleed Look Insignificant

"Worse Than Heartbleed? Meet ShellShock: A New Security Threat For OS X and Linux"


  • Hackers have started using the Bash bug on vulnerable systems
  • One security expert said it could be 'game over' for large networks
  • Another said it could create a 'meltdown' similar to one caused in 2003
  • Bug poses a threat to devices using Unix-based operating systems
  • It includes Linux used in many devices such as cars and cameras
  • It can also affect Android, Windows, IBM and Apple Mac OS X machines
  • Bug, also called 'Shellshock', may let hackers take control of devices
  • Solution is to update every vulnerable device with a software patch
  • Some patches have already been released, but are still 'incomplete'
Government databases, home computers and global websites are at risk from a security flaw found in hundreds of millions of devices.
Cyber security experts were last night racing to close the loophole before it could be exploited by hackers.

Called Shellshock, it could allow criminal gangs to take control of computers, smartphones and tablets. It means credit card details, passwords and sensitive data are at risk of being stolen.





Security researcher Robert Graham tweeted (pictured) an example of how the bug can be exploited, and how code can be added, to websites on Macs running OSX. He warned that Bash is 'probably a bigger deal than Heartbleed' because it could threaten the security of millions of websites



The government cyber security team GovCert UK warned all Whitehall departments to take the problem seriously. In an alert to civil servants, the agency warned that Shellshock carries ‘the highest possible threat ratings’.

The Information Commissioner’s Office warned businesses to act to update their systems, adding that those who failed to get to grips with it could be sued if hackers managed to breach their security.

The US National Cyber Security Division gave the flaw – which is also called ‘bash bug’ – a score of ten out of ten for seriousness and severity.
Shellshock is a weakness for all Apple Mac computers and those running the Linux operating system. It does not affect Microsoft Windows computers directly, but experts fear that hackers may be able to get into any computer via internet wifi routers which connect them to the web.
The flaw has existed in computer systems for at least 25 years – but it was only discovered for the first time at lunchtime on Wednesday.
Since then criminals have almost certainly been rushing to work out how to exploit it.
The flaw would allow a hacker to remotely take control of the commands that tell a computer what functions to carry out. They could access an individual’s computer first by hacking into a server that hosts a website.
Then when someone accesses the infected site, the bug would give the hacker access to all their documents, credit card details and passwords.




All Apple's Mac OS X are also affected as well as around half of all websites, security experts claim


Last night major software firms had produced programmes to close down the loophole – but computers will be at risk until they have been individually updated with the new software.
Advice on how to protect your computer can be found on government website, getsafeonline.org.

Apple last night insisted most of those using its systems are safe ‘by default’. The company said in a statement: ‘The vast majority of OS X users are not at risk to recently reported bash vulnerabilities.

‘With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services [an advanced operating system] .
‘We are working to quickly provide a software update for our advanced UNIX users.’

A Cabinet Office spokesman said: ‘The Government’s internal computer emergency response team – GovCertUK – issued an alert to IT security teams in all government departments on Thursday with advice on mitigation and urging rapid action.
‘All departments are being contacted to offer any further advice or assistance needed.’
Expert Richard Stiennon said that the code could quickly create a 'SQL Slammer type internet meltdown.'

This was a specific kind of attack that targeted the web's infastructure and caused it slow significantly in 2003.
Hackers are already using massive internet scans to find vulnerable servers to attack, according to Robert Graham of Errata Security, writing In a blog post.
In a test, Mr Graham ran a IP scan and found 3,000 vulnerable systems before the scan crashed.

Just a few hours later, Mr Graham found that someone was already using his method to attack computers.
'Someone is using mass scan to deliver malware,' Mr Graham wrote in an update. 'They'll likely have compromised most of the systems I've found by tomorrow morning.'

The attack has become known as 'Thanks, Rob' worm, and show the dangers of how short-term attacks could happen before devices are updated with a patch.

'One key question is whether Mac OS X and iPhone DHCP service is vulnerable, he said.
'Once the worm gets behind a firewall and runs a hostile DHCP server, that would be "game over" for large networks.'
Many experts claim the flaw could be 'bigger than Heartbleed', a flaw in Open SSL encryption that put every computer user at risk earlier this year.
'The impact is very severe, it's not overstating it to say it's a more serious bug than Heartbleed,' Professor Tim Watson, Director of the Cyber at Warwick University told MailOnline.
'The primary way this is going to be exploited is through the web… a hacker can use the bug to put malicious things on the website or to steal information, like banking details.'
Many Linux providers, including Red Hat, have already prepared patches, but Apple users were left waiting for an update for OS X. Apple representatives could not be reached.
Tavis Ormandy, a Google security researcher, said via Twitter that the patches seemed 'incomplete.'




Bash stands for Bourne Again Shell. It is what's called a command-line shell that lets users control software programs and features. Commands are sent to these programs by typing text into a particular area of code. This code is typically restricted to programmers, but the Bash bug leaves it open to attack from anyone

'There is a lot of speculation out there as to what is vulnerable, but we just don't have the answers,' said Marc Maiffret, chief technology officer of cybersecurity firm BeyondTrust. 'This is going to unfold over the coming weeks and months.'
Russian security software maker Kaspersky Lab reported that a computer worm has begun infecting computers by exploiting the Bash bug.
The malicious software can take control of an infected machine, launch denial-of-service attacks on websites to disrupt their operations and scan for other vulnerable devices, including routers, said Kaspersky researcher David Jacoby.
He said he did not know who was behind the attacks and could not name any victims.
'The primary way this is going to be exploited is through the web… a hacker can use the bug to put malicious things on the website or to steal information, like banking details.'

The bug, could potentially allow hackers to gain access to every internet-enabled device in a person's home using something as innocuous as a smart lightbulb.
The danger with this, in particular, is that once it has access to an internet-connected device it can jump onto others, in theory. This includes smart locks that open front doors.

Security researcher Robert Graham tweeted an example of how the bug can be exploited, and how code can be added, to websites on Macs running OSX.

By comparison, 'Heartbleed' - dubbed a 'critical security flaw' at the time - only allowed hackers to spy on computers, not take control of them.
Bash does not require users to rush change their passwords, but it does provide another way for hackers to take control of computers and devices.

'The method of exploiting this issue is also far simpler. You can just cut and paste a line of code and get good results,' according to Dan Guido, chief executive of cybersecurity firm Trail of Bits.
Its potential to disrupt Apple Mac computers, which uses the Bash software, is of particular concern, experts warned.







The Heartbleed flaw in Open SSL encryption affected millions of sites earlier this year. By comparison, Heartbleed only allowed hackers to spy on computers; not take control of them







The bug could allow hackers to gain access to every internet-enabled device in a person's home.The danger with this is that once it has access to a internet-connected device it can jump onto others in the home, in theory. This includes smart locks, such as the August lock (pictured), that open front doors remotely


The only solution is to update every device that is vulnerable with a patch. And this can only be done by website and server owners, and by individuals on their home computers.

Professor Watson has dismissed Apple’s confidence that their operators are 'safe by default'.
‘Apple say their computers are secure but that is optimistic to say the least. It could affect any version of a Mac and potentially phones and tablets too.’

A spokesperson for the Information Commissioner's Office said businesses have legal obligations to keep personal information secure.
'The worst thing would be to think this issue sounds too complicated – businesses need to be aware of this flaw and need to be monitoring what they can do to address it,' he said.
'Ignoring the problem could leave them open to a serious data breach and ultimately, enforcement action.'
'Heartbleed,' discovered in April, was a bug in an open-source encryption software called OpenSSL.
The bug put the data of millions of people at risk as OpenSSL is used in about two-thirds of all websites.
It also forced dozens of technology companies to issue security patches for hundreds of products that use OpenSSL.
Bash is a shell, or command prompt software, produced by the non-profit Free Software Foundation. Officials at that group could not be reached for comment.


Quote:
WHAT IS THE BASH BUG AND HOW DOES IT WORK?
Bash stands for Bourne Again Shell. It is what's called a command-line shell that lets users control software programs and features.
Commands are sent to these programs by typing text into a particular area of code.
This area is typically restricted to programmers and website owners, but the Bash bug leaves it open to attack from anyone.
For example, Mac OS X users can run it by from their Terminal, as can people running devices on the Linux operating system.
Windows is not affected in the same way, but if a hacker exploits malicious code through the flaw, they could gain access to any device, in theory, including PCs.

The bug is said to have existed for 25 years, and was discovered by Linux expert Stéphane Chazelas.


As an example, the Apache web server runs Bash in the background to carry out tasks, including processing personal data entered into online form.
A hacker who exploits Bash could send a request for the information, and then add malicious code to the server to send the user to other sites, or to install a virus on their computer.
Once the hacker has access, they could launch an attack on every visitor that users the site - and users could be none the wiser.
According to experts, there haven't been any reports of real-word attacks, but that doesn't mean they won't ever be affected, nor does it mean they haven't happened in the past, without being detected.
Reports are suggesting Apple has patched the flaw that explicitly affects the terminal on its Mac software, but the firm has not officially confirmed this.
The responsibility to fix the flaw lies with the website owners, meaning everyday users can't do anything to protect themselves.
Website owners, especially running on Linux-based servers, are being told to check and patch their systems immediately.
Quote:
HOW WILL YOU BE AFFECTED?

The bug makes all Apple Mac computers, around half of all websites and most internet connected home appliances vulnerable.
The danger is that it can run in the background, without a user ever knowing. And once it does, a hacker will be able to take control of your device.
For instance, the bug could be used to read or send emails, copy banking data, turn on a webcam or listen in on a computer's microphone.
Essentially, this means if your computer will do something without asking for a password, then someone using the bug can also do the same.
Anyone using these devices will need to include a 'patch' update to the software as soon as it is released. As well as computers, the public is being warned they may need to update their internet-connected devices, such as smart locks, separately.

The Shellshock Bug In About Four Minutes:




Howcast Guide: How to Change Your IP Address:

__________________
PUTIN TRUMP & Netanyahu Will Meet in HELL










TRUMP WARNS; 'There'll Be a Bloodbath If I Don't Get Elected'


PLEASE HELP THIS SITE..Click DONATE
& Thanks to ALL Members of ... 1..

THIS SITE IS MORE THAN JUST WAREZ...& TO STOP SPAM-IF YOU WANT TO POST, YOUR FIRST POST MUST BE IN WELCOMES
Ladybbird is online now  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiTweet this Post!
Reply With Quote
Post New ThreadReply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.
SEO by vBSEO 3.5.2
Designed by: vBSkinworks