IT bezbednost: Vesti
(BBC) Spam email levels at 12-year low
[Image: 9_P5_Rgcu.png]
[Image: mzAebF3.gif]
(PC Press) Ransomware je nova digitalna pošast
[Image: B2_P7_Z9_K.png]
[Image: mzAebF3.gif]
Neka bude ovde pošto se govori o zakonskom rešenju iako su delovi teksta za Facepalm

(V. Novosti) Naši podaci još su hakerima na izvol'te
[Image: BZ5_Wsk0.jpg]
[Image: mzAebF3.gif]
(PC World) Internet address overseer ICANN resets passwords after website breach
[Image: ID0_P9es.png]
[Image: mzAebF3.gif]
Quote:Hackers upload bot code to Imgur in 8Chan attack
Image board slings fix at JavaScript hole.
23 Sep 2015 at 01:30, Darren Pauli

A nasty vulnerability in Imgur was used by attackers to hide malicious code in images, commandeer visitors' browsers, and hose the 4Chan and 8Chan image boards.

Imgur has fixed the hole preventing the upload of malicious images, and says the compromised pages were served in targeted attacks and not published to the site's main gallery page.

The attack planted JavaScript in victims' local storage that sent a ping to the attacker's command and control servers whenever 8Chan was visited.

Compromised images were posted to 4Chan and a related Reddit subreddit page.

The attacker's intent is unknown and the command and control server is not known to have issued commands to infected machines.

Imgur has restricted its servers to hosting only "valid" image files and nixed the ability to serve JavaScript.

"Yesterday a vulnerability was discovered that made it possible to inject malicious code into an image link on Imgur," Imgur community director Sarah Schaaf says.

"From our team's analysis, it appears the exploit was targeted specifically to users of 4chan and 8chan via images shared to a specific sub-reddit on using Imgur’s image hosting and sharing tools.

"The vulnerability was patched yesterday evening and we’re no longer serving affected images, but as a precaution we recommend that you clear your browsing data, cookies, and localstorage."

Reddit users say the attacker's JavaScript created an off-screen iframe and embedded a flash file that ran alongside Imgur's other Flash components making the attack less suspicious.

"This flash file injected more JavaScript into the page [which looked] like an innocuous Pikachu animation," one Reddit user says.

"This JavaScript was stored to the user's localstorage which, since the iframe was pointing at 8chan, allowed the attacker to attach JavaScript to 8chan's localstorage. It's functionality is to issue a GET request to and then decrypted the response. So far no one has been able to see a response from that web service, meaning it likely wasn't activated yet or has already been deactivated. The outcome is that every time a user visited an 8chan page, it would phone home to check for instructions and then execute more JavaScript code.'

The attacks were reported on various 4Chan boards.
[Image: r6bNx6e.gif]
(N1 Info) Srbija uskoro dobija Zakon o informacionoj bezbednosti /ima video prilog/
[Image: t_O5z_Tfw.png]
[Image: mzAebF3.gif]
(N1 Info) MUP upozorava na upade u računare, krađu podataka i ucenu
[Image: u_AL4nzh.png]

Ok, hvala im na upozorenju, jedino što kasne par godina sa tim Glare . Doduše, ne znam ni zašto oni upozoravaju, al' ok, hvala im još jednom Confused
[Image: mzAebF3.gif]
(PC World) Yahoo data breach affects at least 500 million users, company says
[Image: MWkl_Aq2.png]
[Image: mzAebF3.gif]
(BBC) Massive web attacks briefly knock out top sites
[Image: cdfe.png]
[Image: mzAebF3.gif]
Nemacki novinari regionalnog javnog servisa NDR nakon visemesecnog istrazivanja tokom kojeg su dosli do detaljnih podataka o surfovanju netom (bukvalno svaki klik iz browsera) za vise od 3 miliona gradjana Nemacke tokom jednomesecnog perioda ustanovili da WOT (Web of Trust) addon/ekstenzija za Firefox i Chrome spijunira korisnike. U reportazi su konfrontirali jednog novinara Zidojce cajtunga i jednu novinarku koja se bavi odbranom i unutrasnjom bezbednoscu njihovim istorijama surfovanja i oni su bili potpuno zblanuti, a dosli su i do internih podataka o tirazima i strategiji poznate novinske kuce. Podatke koji predstavljaju samo besplatan uzorak-mamac radi kupovine godisnjeg paketa koji kosta sestocifren iznos u evrima su dobili tako sto se novinarka predstavila kao konsultantkinja za oblast obrade podataka koja radi za jednu startap firmu i 8 nedelja pregovarala o eventualnoj kupovini.

Ono sto je najcrnje u celoj prici jeste da je WOT preporucena ekstenzija koja omogucava bezbednije surfovanje tako sto upozorava na prevarantske sajtove po oceni korisnika - ocigledno samo na svoj ne. Ljudi su besni na sajtovima za Firefox i Chrome dodatke i od juce masovno upozoravaju druge na to sta WOT radi.

Quote:Your browsing history may have been sold already
By Martin Brinkmann on November 1, 2016 in Security - Last Update:November 1, 2016 59

Add-on companies are selling the browsing history of millions of users to third-parties according to a report that aired on German national TV.

Reporters of Panorama managed to gain access to a large data collection that contained the browsing history of roughly 3 million German Internet users.

The data was collected by companies that produce browser extensions for various popular browsers such as Chrome and Firefox.

Panorama did mention only one add-on, Web of Trust or WoT, but did not fail to mention that the data was collected by multiple browser extensions.

Browser extensions that run when the web browser runs may record any move a user makes depending on how they are designed.

Some, like Web of Trust, provide users with a service that requires access to every site visited in the browser. The extension is designed to offer security and privacy guidance for sites visited in the browser.

The data that Panorama bought from brokers contained more than ten billion web addresses. The data was not fully anonymized, as the team managed to identify people in various ways.

The web address, URL, for instance revealed user IDs, emails or names for instance. This was the case for PayPal (email), for Skype (user name) or an online check-in of an airline.

What's particularly worrying is that the information did not stop there. It managed to uncover information about police investigations, the sexual preferences of a judge, internal financial information of companies, and searches for drugs, prostitutes, or diseases.

Links may lead to private storage spaces on the Internet that, when improperly secured, may give anyone with knowledge of the URL access to the data.

It is trivial to search the data for online storage services for instance to reveal those locations and check whether they are publicly accessible.

Panorama reports that Web of Trust logs collected information such as time and date, location, web address and user ID. The information are sold to third-parties who may sell the data again to interested companies.

WOT notes on its website that it hands over data to third-parties but only in anonymized form. The team of reporters managed to identify several user accounts however which suggests that the anonymization does not work as intended.

The extension has been downloaded over 140 million times. While the data set that the researchers bought included only German user information, it is likely that data sets are available for users from other regions of the world.

Detalji na nemackom:

Video prilog na nemackom (prvih desetak minuta emisije, dostupan nemacki titl):

Forum Jump:

Users browsing this thread: 1 Guest(s)