hate these ads?, log in or register to hide them
Page 54 of 57 FirstFirst ... 44451525354555657 LastLast
Results 1,061 to 1,080 of 1121

Thread: Antivirus is shit, everything is compromised, etc etc (Cybersecurity thread)

  1. #1061
    Movember 2011Movember 2012 Nordstern's Avatar
    Join Date
    April 10, 2011
    Posts
    11,037
    Quote Originally Posted by Cosmin View Post
    Can anybody link a thing to see if my Intel system is protected and what not? The slow downs are now very noticeable after the last patch I've installed and it's doing my head in.

    Thank you.
    Google "MDS attacks", click first link, scroll to halfway down page for tool.

    https://mdsattacks.com/

    What's odd is that the tool showed my Ryzen 3000 chip was vulnerable to several things, including SMT. Which makes no sense.
    "Holy shit, I ask you to stop being autistic and you debate what autistic is." - spasm
    Quote Originally Posted by Larkonis Trassler View Post
    WTF I hate white people now...

  2. #1062
    Cosmin's Avatar
    Join Date
    March 14, 2012
    Location
    UK
    Posts
    6,838
    So with all the updates and shit it's still vulnerable to most crap. I'm just going to throw it out the window :/
    Guns make the news, science doesn't.

  3. #1063
    Movember 2011Movember 2012 Nordstern's Avatar
    Join Date
    April 10, 2011
    Posts
    11,037
    I think the creators of the tool need to update it. Zen 2 shouldn't be an unknown architecture.

    "Holy shit, I ask you to stop being autistic and you debate what autistic is." - spasm
    Quote Originally Posted by Larkonis Trassler View Post
    WTF I hate white people now...

  4. #1064

    Join Date
    April 14, 2011
    Posts
    7,438
    https://krebsonsecurity.com/2020/01/...patch-tuesday/

    Rumours abound but this is huuuuge if true. This is what a real vulnerability looks like. Not a half arsed undergraduate paper and a fucking logo.

  5. #1065
    Daneel Trevize's Avatar
    Join Date
    April 10, 2011
    Location
    T L A
    Posts
    12,668
    The timing w.r.t. Win7's last official update is mighty curious...
    Quote Originally Posted by QuackBot View Post
    Idk about that, and i'm fucking stupid.

  6. #1066

    Join Date
    April 14, 2011
    Posts
    7,438
    I'm reliably informed that's coincidental.

  7. #1067
    rufuske's Avatar
    Join Date
    April 9, 2011
    Posts
    2,718
    With those kinds of vulnerabilities they can't afford to sit on fixes. You can tell by them shipping it asap to military etc just now. Had they done that last year or two years you would have had a substantial claim, otherwise it's pure tinfoil.

  8. #1068

    Join Date
    April 14, 2011
    Posts
    7,438
    https://portal.msrc.microsoft.com/en.../CVE-2020-0601

    tl;dr update your shit sooner rather than later. ECC cert validation is spoofable on windows.

  9. #1069

    Join Date
    May 30, 2011
    Location
    asleep
    Posts
    6,875
    When the NSA is telling MS stuff, it's probably serious.
    or the russians are doing it now :tinfoil:

    Please don't teach me what to do with my pc.

  10. #1070

    Join Date
    April 14, 2011
    Posts
    7,438
    It's hard to articulate actually just how bad this is. The only reason you're not seeing so much more noise about it on the internet is because it doesn't have a stupid name and a logo, so the idiots of r/sysadmin can't pretend to know what they're talking about. In principal any mechanism in Windows that depends on certificate verification can be spoofed, and it also breaks a bunch of AV/Defender heuristics. This means, in theory, someone could send you a binary that is fully signed by your own organisation's CA and passes pretty much every AV check you're likely to put it through. Likewise for your general TLS traffic. And you'd have no way to detect it bar manually checking cert serial numbers.

  11. #1071

    Join Date
    May 31, 2011
    Posts
    4,919
    Quote Originally Posted by Daneel Trevize View Post
    The timing w.r.t. Win7's last official update is mighty curious...
    Even the opposite. If you're still on Windows 7, you're good it seems:
    Microsoft's scheduled security update for Windows includes a fix to a potentially dangerous bug that would allow an attacker to spoof a certificate, making it look like it came from a trusted source. The vulnerability, reported to Microsoft by the National Security Agency, affects Windows 10, Windows Server 2016, Windows Server 2019, and Windows Server version 1803.
    https://arstechnica.com/information-...ion-is-broken/

    [Added]
    For everyone's convenience, here are the MS patches for all the different affected OSs: https://portal.msrc.microsoft.com/en.../CVE-2020-0601

    Scratch that, elmicker has already linked the site above.
    Last edited by Hel OWeen; January 15 2020 at 12:25:58 PM.

  12. #1072
    Donor Spaztick's Avatar
    Join Date
    April 10, 2011
    Location
    No Longer up High Sierra's Ass
    Posts
    10,269
    >tfw you refuse to upgrade to 10 so you end up being more secure with 7

  13. #1073

    Join Date
    May 30, 2011
    Location
    asleep
    Posts
    6,875
    Word on the street is it may go back as far as Windows 2000 server.
    Please don't teach me what to do with my pc.

  14. #1074
    rufuske's Avatar
    Join Date
    April 9, 2011
    Posts
    2,718
    Quote Originally Posted by Itiken View Post
    Word on the street is it may go back as far as Windows 2000 server.
    Surprised not NT 5.0.

  15. #1075

    Join Date
    May 30, 2011
    Location
    asleep
    Posts
    6,875
    Quote Originally Posted by rufuske View Post
    Quote Originally Posted by Itiken View Post
    Word on the street is it may go back as far as Windows 2000 server.
    Surprised not NT 5.0.
    Please don't teach me what to do with my pc.

  16. #1076

    Join Date
    May 31, 2011
    Posts
    4,919
    Quote Originally Posted by Itiken View Post
    Word on the street is it may go back as far as Windows 2000 server.
    Seeing the issues seems to be with ECC, first introduced to Windows in Server 2008, I doubt that it manifests in earlier (server) versions.

    Windows 7 might be another issue. I could very well imagine that both Windows 2008 and Windows 7 might be affected, but it hasn't been discovered yet.

  17. #1077

    Join Date
    April 14, 2011
    Posts
    7,438
    ECC support goes back as far as Vista. It's likely in there. MS are sticking to their EoL commitment here though so no one has officially checked or officially gives a shit.

  18. #1078
    Donor Spaztick's Avatar
    Join Date
    April 10, 2011
    Location
    No Longer up High Sierra's Ass
    Posts
    10,269
    On a scale of Trump Derangement Syndrome to a Ron Paul its_happening.gif, how bad is it really? Anyone reporting security breaches that would've happened after it was patched?

  19. #1079

    Join Date
    May 31, 2011
    Posts
    4,919
    I guess it's too early to answer this question. We'll find out in a couple of month, when still unpatched systems will become breached. And now that every script kiddy on this planet knows about it and surely the various exploit kids will implement it ... wait and watch.

  20. #1080

    Join Date
    April 14, 2011
    Posts
    7,438
    Quote Originally Posted by Spaztick View Post
    how bad is it really?
    In terms of degree of breaches, probably low, because it was responsibly disclosed. In terms of "you need to be patching everything you own right fucking now", about as bad as it gets.

    Anyone reporting security breaches that would've happened after it was patched?
    Well you likely won't know because it's effectively undetectable until you patch it.

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •