DHCP Security threats,Mitigation and Assessment

Similar Messages

• Have A "Security Threat Analysis" Problem

  While browsing with Firefox today, I received a pop up box warning me of a "Security Threat Analysis" and inviting me to click "OK" to start the analysis. The Firefox browser window showed "www1.avforall119.co.cc" I tried to shut the box using the red "X" and the Firefox window minimised. Thereafter, I could not get Firefox to open except in the minimised "Security Analysis" window.
  I have scanned with Windows Defender and Malwarebytes, but nothing found. Meanwhile, I have been able to get an operational Firefox back by uninstalling it and reinstalling it. However, I am concerned that there is still a hidden nasty on my PC. Grateful for advice as to what to do next.
  == This happened ==
  Just once or twice
  == Browsing

  You probably picked something up when you clicked on the red X in that window - in the future you should open the Windows Task Manager > Processes tab and kill the process that exploit opened.
  First thing to do is to update your AntiVirus program definitions, and then run a full, deep scan of your PC.
  Second, I don't know how good Windows Defender is, but Malwarebytes seems to pickup like 90% - only, you should do a scan using other programs, too.
  SuperAntispyware - [http://www.superantispyware.com/]
  Spybot Search & Destroy - [http://www.safer-networking.org/en/index.html]
  These forums specialize in Malware detection and removal.
  [http://www.spywarewarrior.com/index.php]
  [http://forum.aumha.org/]
  [http://www.spywareinfoforum.com/]
  [http://bleepingcomputer.com]

• Firefox will not let me get on any websites (safe AND not safe), claiming that it "may pose a security threat to your system"; when I try to choose the "proceed unprotected" option, it won't let me.

  My computer's anti-virus software recently expired. A few days later, I went to download a new anti-virus software . . . when I opened up Firefox, I received a warning that claimed Firefox was infected with "Trojan-BNK.Win32.Keylogger.gen", and gave me two options: "Activate XP Security 2011 (recommended)" (this was a $60 charge and required credit card info) or "Continue unprotected (Dangerous)"
  Since I needed to install new anti-virus, I figured I would continue unprotected, download my new software quickly, and remove the virus. But when Firefox opened, it gave me a message saying: "Firefox alert. Visiting this site may pose a security threat to your system!". Gave me three options:
  1. "Get a copy of 'XP Security 2011' to safeguard your PC while surfing the web (RECOMMENDED)"
  2. "Run a spyware, virus and malware scan" (I already did this)
  3. "Continue surfing without any security measures (DANGEROUS)"
  I tried clicking on different links, but the same warning kept showing up, even on verified and safe sites. I tried to choose the third option so that I could download my anti-virus software quickly, but nothing happened when I clicked on it - the page reloads and the warning shows up again.
  My computer is still without anti-virus software because Firefox will not let me surf the internet. Please help!

  It sounds as though your PC is infected with fake antivirus software. The detailed cleanup instructions vary depending on which fake AV you have. However, as a first step, try this:
  Download the following on a different PC, copy them to a USB flash drive or CD, and then run them on the infected PC:
  Malwarebytes Anti-malware : http://www.malwarebytes.org/mbam.php
  SUPERAntiSpyware : http://www.superantispyware.com/
  Hopefully these will get you back online safely. If not, search for clean-up instructions for the specific malware.

• Has anyone seen the following on their WP? Message from webpage WARNING: Time Warner Cable Customer – Your Internet Explorer browser and  computer may be compromised by security threats. Call 844-600-6224 now for IMMEDIATE assistance.  OK

  Has anyone seen the following on their WP?
  Message from webpage
  WARNING: Time Warner Cable Customer –
  Your Internet Explorer browser and
  computer may be compromised by
  security threats. Call 844-600-6224 now for
  IMMEDIATE assistance.
  OK

  This sounds like a virus or malware program that has made its way onto your computer.  I would ensure you have the latest virus definitions on your computer and run a thorough (complete) scan of your system.  If this doesn't work, I would suggest  you use Microsoft's Malware Removal Tool.  You can download it at the link below.   Hope this helps.
  http://www.microsoft.com/security/pc-security/malware-removal.aspx

• How will the Time Capsule support IPv6 and coop with the new emerging security threats that will emerge due to the new technical possibilities that IPv6 provide?

  How will the Time Capsule support IPv6 and coop with the new emerging security threats that will emerge due to the new technical possibilities that IPv6 provide?

  Cross your fingers and hope.
  Obviously if there is any big or known threat Apple will send out a firmware fix.
  But the TC is designed to be end user simple device. It has no firewall that is visible at any rate. I don't know that it truly doesn't have a firewall but it is not part of the end user controls.
  IMO if you have major security concerns that go beyond end device firewall, which is where Apple do put most of the security, since firewall in the router is plainly not a stop to anybody deliberately downloading an infected file or website, and most end users.. do not want a firewall that prevents them using the web like a business does, where only certain ports are allowed. Everything else tough luck.. you are not allowed to use it. Then TC is unsuitable for you anyway.. buy a proper firewall appliance.

• Is there any security threat?

  Hi Group,
  I have my IIS webserver outside the fire wall and my coldfusion application server and SQL Server is behind the firewall . Can IIS Still access the cold fusion application server and SQL Server for coldfusion pages, is it for this situation do i need to open the port no 1433 in the firewall for SQL Server, if so is there any security threat?
  Thank You for your Time

  You can run CF in a distributed mode if it is running on JRUN.  So the IIS server would only need access over JRUN ports (which are uncommon) to the CF server.
  This is a little harder to setup, but is covered in the livedocs.
  Alternately, if the person who does your firewall knows how to, you can place everything behind the firewall and segment the firewall into zones, so only your application has access to the database.
  Then your only concern would be what code is being placed on the server and by whom, internally.
  Of course, if your internal network is not secure and accessible, this is a "way in".
  Best practice is to allow no access, and grant only what is necessary.  This applies to all networks and routes that would have access to the entity being protected.
  There is also something to be said for security by obscurity.  Meaning if you have to make 6 jumps to upload code to your server, and only a handful or people know this process, that makes it all the harder to be compromised.
  Byron Mann
  [email protected]
  [email protected]
  Software Architect
  hosting.com | hostmysite.com
  http://www.hostmysite.com/?utm_source=bb

• Is my OS X Mountain Lion installation vulnerable to security threats?

  Hello dear community members,
  I am a bit concerned about my OS X installation being vulnerable to known security threats which may not have been patched. Also came across an article:
  http://www.zdnet.com/os-x-mountain-lion-users-no-more-security-updates-700002232 2/
  What are your thoughts on this and how are you handling this issue?
  I can not upgrade my mac to Mavericks because I need to use some software which is only compatible with Mountain Lion.

  Aceattack wrote:
  It is not Apple's responsibility to ensure 3rd party compatability however the concern was that Apple continue to support and provide security fixes for old OS X versions rather than force people to upgrade just because Mavericks is a free upgrade.
  But Mavericks is a free upgrade. And any Mac that runs Mountain Lion will also run Mavericks.
  It is standard procedure to discontinue support for old products. I will quote the AppGate on the topic:
  Important note: End of Life AppGate Version 9*
  After due consideration, Cryptzone is declaring End of Life (EOL) on AppGate Security Server v9.x This became effective on October 30, 2013. Full support will continue to be provided for AppGate Security Server v9.x up until the end of Q2 2014 After this time any customers wishing to continue to receive support and updates must move to version 10.x (or newer). Most customers have already migrated, but if you have any still on this version please work with them to migrate to version 10.x.
  Why is it acceptable for one company to stop supporting an old product but unacceptable for another? And why do I suspect that the AppGate upgrade is not free?
  If you depend on AppGate and eToken and those products do not run on Mavericks, you should be asking why. Like all developers, they have had access to Mavericks since early June. What was so radically different about Mavericks that takes over 7 months get working? Either they aren't very committed to the platform or they really don't know how to write OS X software. Considering that the product seems to be Java-based, I suspect both.
  That is an interesting conundrum that is pretty typical for enterprise customers. You are running an old OS version without security updates because you depend on 3rd party security software that depends on 4th party Java software proven to be one of the last major malware conduits. And people wonder why these enterprise servers are always the ones to get hacked and hand over 45 million customer records.
  I feel your pain. I only recently updated my work machine to Mountain Lion due to similar enterprise security issues. Our market-leading antivirus vendor that protects us against the latest zero-day malware was unaware or just didn't care that Apple had released a new OS. And I'm talking about Lion! I have similar problems with my Java-based Juniper VPN. The Apple-provided VPN works fine, as it always has. And I can't really do without my Mac because I need it to develop on when my Linux servers with 24x7 on-site support from IBM and Oracle are out of commision for 4 months. Apple is not the cause of either of our problems.

• The whtopic.js  file was identified as a security threat

  Hello,
  We generate WebHelp using RoboHelp HTML. The security teams contantly runs security checks on the applications and the whtopic.js file that RoboHelp generates was identified as a security threat becuase of "DOM ocde injection". The comment was that the document.location.href is controllable and, at a minimum, ought to be run through some html encoding.
  Any one else ever run into security analysis of the RoboHelp generated files?
  Anything we can do about it?
  Thanks,
  Rakefet

  These security things sometimes come up in tools. As the code here doesn’t have anything to do with cross frame scripting, so I very much doubt this is an XSS vulnerability. I have asked the people who know about this to look it over.
  Greet,
  Willam

• Intego Internet Security Barrier X6 and OS X's firewall

  Hi!
  This may be the wrong place ot ask this question, but I coundn't find any better.
  I'm wondering if the internet security program Intego Internet Security Barrier X6 works well with OS X's built-in firewall...
  I also wonder if it is recommended/neccesarly to use such software on a mac - but I guess there have become a lot of mac-user these days, that means more viruses/threaths.
  And, at last, I also wonder if other products than Intego's are "better"; such software as Norton and Kaspersky.
  Thanks!

  1. This comment applies to malicious software ("malware") that's installed unwittingly by the victim of a network attack. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the victim's computer. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.
  2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user, but internally Apple calls it "XProtect." The malware recognition database is automatically updated once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
  The following caveats apply to XProtect:
  It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets (see below.)
  It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
  3. Starting with OS X 10.7.5, there has been another layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't actually been tested by Apple (unless it comes from the Mac App Store), but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. For most practical purposes, applications recognized by Gatekeeper as signed can be considered safe.
  Gatekeeper has, however, the same limitations as XProtect, and in addition the following:
  It can easily be disabled or overridden by the user.
  A malware attacker could get control of a code-signing certificate under false pretenses, or could find some other way to evade Apple's controls.
  For more information about Gatekeeper, see this Apple Support article.
  4. Beyond XProtect and Gatekeeper, there’s no benefit, in most cases, from any other automated protection against malware. The first and best line of defense is always your own intelligence. All known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and the malware attacker. If you're smarter than he thinks you are, you'll win.
  That means, in practice, that you never use software that comes from an untrustworthy source. How do you know whether a source is trustworthy?
  Any website that prompts you to install a “codec,” “plug-in,” "player," "archive extractor," or “certificate” that comes from that same site, or an unknown one, is untrustworthy.
  A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim. (Some reputable websites did legitimately warn users who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
  Pirated copies or "cracks" of commercial software, no matter where they come from, are unsafe.
  Software of any kind downloaded from a BitTorrent or from a Usenet binary newsgroup is unsafe.
  Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. If it comes from any other source, it's unsafe.
  5. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was never a good idea, and Java's developers have had a lot of trouble implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style "virus" affecting OS X. Merely loading a page with malicious Java content could be harmful. Fortunately, Java on the Web is mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice.
  Java is not included in OS X 10.7 and later. A separate Java installer is distributed by Apple, and another one by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it — not JavaScript — in your browsers. In Safari, this is done by unchecking the box marked Enable Java in the Security tab of the preferences dialog.
  Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a specific task, enable Java only when needed for the task and disable it immediately when done. Close all other browser windows and tabs, and don't visit any other sites while Java is active. Never enable any version of Java on a public web page that carries third-party advertising. Use it, if at all, only on well-known, password-protected, secure business or government websites without ads. In Safari 6 or later, you'll see a lock icon in the address bar with the abbreviation "https" when visiting a secure site.
  Follow these guidelines, and you’ll be as safe from malware as you can reasonably be.
  6. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good, if they do any good at all. If you need to be able to detect Windows malware in your files, use the free software ClamXav — nothing else.
  Why shouldn't you use commercial "anti-virus" products?
  Their design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere.
  In order to meet that nonexistent threat, the software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
  By modifying the operating system, the software itself may create weaknesses that could be exploited by malware attackers.
  7. ClamXav doesn't have these drawbacks. That doesn't mean it's entirely safe. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
  ClamXav is not needed, and should not be relied upon, for protection against OS X malware. It's useful only for detecting Windows malware. Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else.
  A Windows malware attachment in email is usually easy to recognize. The file name will often be targeted at people who aren't very bright; for example:
  ♥♥♥♥♥♥♥♥♥♥♥♥♥♥!!!!!!!H0TBABEZ4U!!!!!!!.AVI♥♥♥♥♥♥♥♥♥♥♥♥♥♥.exe
  ClamXav may be able to tell you which particular virus or trojan it is, but do you care? In practice, there's seldom a reason to use ClamXav unless a network administrator requires you to run an anti-virus application.
  8. The greatest harm done by anti-virus software, in my opinion, is in its effect on human behavior. It does little or nothing to protect people from emerging threats, but they get a false sense of security from it, and then they may behave in ways that expose them to higher risk. Nothing can lessen the need for safe computing practices.
  9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.

• USA declares Chinese companies a security threat (...

  Hey all,
  I know most, if not all of us are using Huawei VDSL2 modems with BT Infinity. I was just wondering how much BT is relying on Huawei as a vendor to provide hardware for their network. According to the article below, US ISPs and businesses are being dissuaded from using Huawei and ZTE products because of the potential security threat posed by control that the Chinese government could exert over Huawei and ZTE. Australia has also blocked Huawei out of their next generation fibre rollout. 
  Here's the article:
  http://www.abc.net.au/news/2012-10-08/usa-declares-chinese-companies-a-security-threat/4302304
  The US Congressional Intelligence Committee has labelled China's top two telecommunications manufacturers a security threat and says Huawei Technologies and the ZTE Corporation should be shut out of the American market because they are open to Chinese state influence.
  I'm not looking to start a new tin foil hat association. I'm just genuinely interested in your opinions. I don't know much about networks, and this article might be a little sensationalist. I just thought it was interesting (especially seeing as we all rely on Huawei hardware to connect to the internet).

  Ultimately as a residential customer I would put the tin foil hats away it would be impossible for the chinese to slurp all your data to China as I think BT would notice all that extra traffic on there links! For anything really sensitive just ensure you are using a HTTPS connection to the website in question or for business use consider setting up some sort of VPN. I'd be far more worried about someone sniffing out passwords on badly written websites on unencrypted wifi links. Historically there used to be a number of websites for all sorts of things including banks that sent the initial login information in clear text before switching to an SSL/TLS encrypted session, that sort of newbie error has been fixed for the most part though.

• Online security threats

  Is macbook pro prone to security threat? like to virus and malware

  I strongly disagree with using ClamxAV or any antivirus software on a Mac.  There just are no wild viruses out there, so why waste system resources for a nonexistent problem.  Malware is so rare, and is dependent upon user incompetence.  For example, Flashback makes you think that it's a Flash installer, but why would anyone install Flash that wasn't downloaded from Adobe directly?  I certainly wouldn't.
  Furthermore, both Snow Leopard and Lion have a Malware Protection System that is updated whenever necessary by Apple to block these trojan horses and such. 
  Seriously, use strong password protection for your admin access, don't open strange emails (and certainly not the attachments), and don't download anything that you don't absolutely trust.  That's how you protect yourself.

• WEB CLIP SECURITY THREAT???

  My Dashboard was not active, wherein I have 3 web clips stored. Suddenly my system started to hang, and I force restarted the Dock. When I did I regained control of the system. And I checked the console and found the following disturbing message. Is this a security threat with web clips and how could it activate without my opening the Dashboard?
  Jul 25 12:43:47 G5 [0x0-0xcc0cc].com.apple.dock[0]: Unsafe JavaScript attempt to access frame with URL http://www.kbb.com/KBB/UsedCars/PricingReport.aspx?YearId=2004&Mileage=13200&Veh icleClass=UsedCar&ManufacturerId=15&ModelId=111&PriceType=Trade-In&VehicleId=254 7&SelectionHistory=2547%7c25436%7c16001%7c0%7c0%7c100169%7ctrue%7c100187%7ctrue% 7c100215%7ctrue%7c100243%7ctrue%7c100292%7ctrue%7c100425%7ctrue%7c100418%7ctrue& Condition=Excellent&QuizConditions= from frame with URL http://usedcars.kbb.com/inc/cookiesync.jsp?ATCID=undefined&DK=kbb.com. Domains, protocols and ports must match.
  Also, how in the heck do you delete web clips from the dashboard. Nothing seems to work except turning OFF webclips entirely.
  Thanks
  Jeff

  I say NO!
  I say that is Kelly Blue Book's website you are attempting to clip, that site has problems on a good day and rarely works
  at all with Safari. Try it with Firefox 3.1 and I bet it works just fine.
  Could be your version of Safari/Javascript, but it usually bombs when it pops up with your zip code. Delete the clip
  in Manage widgets and it should be fine.
  The latest downloadable version of Safari from Apple's download is 3.1.2, when you download that update it it says
  Safari311UpdLeo.dmg when it SHOULD be Safari312UpdLeo.dmg, but it doesn't matter I cannot get it to update my
  Safari Version 3.0.4 (5523.15) (just did it 5 minutes ago).
  I'm finding I use FireFox 3.1 more and more since every time I pick up Safari it doesn't display a site or is completely
  broken. If you only have one browser installed, well, you are missing a whole lot of what you visit.

• Any open current internet security threats?

  CNN and others are periodically announcing a internet security threat that has been active for 2 years and is a threat to steal passwords -- suggesting that all passwords be changed.
  This has upset my wife -- i am an apple only household since the 1980s with all s/w completely updated to this moment.
  what is the status of this threat?   do i need to take further percautions?
  i think not  -- but looking for confirmation.
  thnx - j

  OpenSSL Heartbleed bug

• Received security threat analysis- Mozilla Firefox which detected 5 viruses on harddrive & recommendation was "click to start protection". Is this trustworthy & should I click?

  Five viruses detected on security threat analysis. Is the message trustworthy and should I click "start protection"?
  == This happened ==
  Just once or twice
  == Today ==
  == User Agent ==
  Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.4; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729)

  No.
  You should never respond to such unsolicited pop-up messages.
  Doing that is a sure way to get infected with malware.
  Do a malware check with a few malware scan programs.
  You need to use all programs because each detects different malware.
  http://www.malwarebytes.org/mbam.php - Malwarebytes' Anti-Malware
  http://www.superantispyware.com/ - SuperAntispyware
  http://www.safer-networking.org/en/index.html - Spybot Search & Destroy
  http://www.lavasoft.com/products/ad_aware_free.php - Ad-Aware Free
  http://www.microsoft.com/windows/products/winfamily/defender/default.mspx - Windows Defender: Home Page
  See also "Spyware on Windows": http://kb.mozillazine.org/Popups_not_blocked

• Got a Security Threat Analysis claiming to be from Firefox showing multiple viruses on my computer. Is this legitimate?

  Got a Security Threat Analysis claiming to be from Firefox showing multiple viruses on my computer. Is this legitimate? It wanted me to download and open a fix it binary file.
  == This happened ==
  Just once or twice
  == today

  <u>'''In some cases'''</u>, the fake anti-virus will install malware if you click on a "Close" button or the "X" on the fake alert window. Generally, close in Task Manager's Processes tab, <u>'''''IF'''''</u> you can recognize the correct process to terminate.
  Yes, do a complete, thorough malware scan.