If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#31
|
|||
|
|||
Virus on page?
On Mon, 18 Mar 2019 14:09:16 +0000, David in Devon
wrote: On 18/03/2019 13:35, Shadow wrote: I have no idea why the OP posted to these two OT groups. Non OS specific malware discussions are he alt.comp.virus Anyone may, if they wish, post any question on any subject to either of the groups selected by Commander Kinsey. Good to know. As an "aside", I see your site has been updated again: https://web.archive.org/web/20190318...ks-stalker.php The bad thing about putting an OT up is that people tend to filter it. Since you are obviously a moderator, and removed the [OT], and ANY subject is OK, "Mrs Parrot", shall we discuss the webpage ? Seems like Carlos ER missed the warning. I can't see any malware on it. No Java, Adobe or Silverlight. Just a touch of css. It's safe. What do you think ? []'s -- Don't be evil - Google 2004 We have a new policy - Google 2012 Nineteen Eighty-Four was a work of FICTION !!!! - Orwell |
Ads |
#32
|
|||
|
|||
Virus on page?
On 18/03/2019 19:38, Shadow claimed:
Seems like Carlos ER missed the warning. Perhaps Carlos is fully aware that your link directs to a *FALSE* archive.org website which is operating from YOUR server! You shouldn't do such things or you'll end up in the 'bad guy' category of far more folk than me. :-P -- David B. Devon, UK |
#33
|
|||
|
|||
Virus on page?
"Commander Kinsey" wrote
| I think they should be responsible for ads running malicious code, because they put them there, but not for what somebody happens to write. If I went on Facebook and sent you a death threat, it should be between you, the police, and me. Facebook shouldn't be involved at all. | It gets complicated. Russians were setting up pages like American for Better Freedom, then filling them with made-up nonsense meant to agitate people and favor Trump. They were doing similar things with ads. It's been a planned misinformation campaign. And as you probably know, we Americans are not known for our critical thinking abilities. Facebook's position is like you said: What's on the site is not their concern. But now we're talking about malicious, government-run propaganda and pages that Facebook bots might present as "trending", so that more people view them and talk about them. Even if it's something like Putin's people fabricating convincing stories that say Hillary Clinton has introduced a law in the US Congress to force gay marriage among gun owners. Facebook's strategy is to try to keep people on their site, seeing ads, as much as possible. They have a vestd interest in not knowing what's going on. But they're presenting this stuff as news. In a newspaper, news is researched and an ad must be clearly marked as such if it could be mistaken for news. So Facebook is trying to play it both ways. I think that with all of this -- Facebook and Google ads, whether mailicious or not -- they don't want to deal with it. Their business models are based on the premise that very, very few humans are needed to run a tech company. Most of it can and should be automated. So they don't want to hire journalists for their news or ad salespeople for their ads. They want it all automated; nearly zero cost. | Another common attack | method is Wordpress plugins. People who don't know | what they're doing decide to have a website. Wordpress | helps them do that without understanding the process. | They set up a comment board, a shopping cart, etc. Later | someone finds a bug in the comment board plugin. But the | website founder doesn't know. They don't have the slightest | idea of how their website works and haven't given it a thought | ever since they set it up. So someone takes over | their site via that bug and starts serving malware. That's | not unusual. I get people trying to break into my website | daily via Wordpress bugs, because a very large number of | websites are based on Wordpress. | | Isn't Wordpress a big enough company to fix these flaws in their own plugins? | I assume that something on Wordpress is probably fine. But a large segment of the Internet is people who use Wordpress templates, tools and plugins on their own site. Wordpress makes it very easy to put something like a comment board on your site without knowing what you're doing. So Sam ends up with commentsPlugin v. 3.1521 on his web sever. He forgets about it. In 6 months a bug is found. Everyone who's keeping track updates the plugin. But Sam doesn't even really know he's using a plugin. so bots from Russia or China, testing front door locks, discover that Sam's site can be hacked and they upload malicious code. Sam's none the wiser. Here's a sample. The following is from my server logs this past weekend. "wp" is Wordpress. Soemone in Ukraine was teting for typical wordpress files, to see whether my site could be hacked. (Sometimes I get hackers from China that try hundreds of known vulnerabilities.) ---------------------------------------------------------- broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - - [16/Mar/2019:04:19:33 -0400] "GET //wp-includes/wlwmanifest.xml HTTP/1.1" 404 broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - - [16/Mar/2019:04:19:34 -0400] "GET //xmlrpc.php?rsd HTTP/1.1" 404 broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - - [16/Mar/2019:04:19:34 -0400] "GET / HTTP/1.1" 200 19859 "-" broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - - [16/Mar/2019:04:19:34 -0400] "GET //blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - - [16/Mar/2019:04:19:34 -0400] "GET //web/wp-includes/wlwmanifest.xml HTTP/1.1" 404 broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - - [16/Mar/2019:04:19:34 -0400] "GET //wordpress/wp-includes/wlwmanifest.xml HTTP/1.1" 404 broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - - [16/Mar/2019:04:19:35 -0400] "GET //website/wp-includes/wlwmanifest.xml HTTP/1.1" 404 broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - - [16/Mar/2019:04:19:35 -0400] "GET //wp/wp-includes/wlwmanifest.xml HTTP/1.1" 404 broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - - [16/Mar/2019:04:19:35 -0400] "GET //news/wp-includes/wlwmanifest.xml HTTP/1.1" 404 broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - - [16/Mar/2019:04:19:35 -0400] "GET //2015/wp-includes/wlwmanifest.xml HTTP/1.1" 404 broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - - [16/Mar/2019:04:19:35 -0400] "GET //2016/wp-includes/wlwmanifest.xml HTTP/1.1" 404 broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - - [16/Mar/2019:04:19:35 -0400] "GET //2017/wp-includes/wlwmanifest.xml HTTP/1.1" 404 broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - - [16/Mar/2019:04:19:36 -0400] "GET //2018/wp-includes/wlwmanifest.xml HTTP/1.1" 404 broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - - [16/Mar/2019:04:19:36 -0400] "GET //shop/wp-includes/wlwmanifest.xml HTTP/1.1" 404 broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - - [16/Mar/2019:04:19:36 -0400] "GET //wp1/wp-includes/wlwmanifest.xml HTTP/1.1" 404 broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - - [16/Mar/2019:04:19:36 -0400] "GET //test/wp-includes/wlwmanifest.xml HTTP/1.1" 404 broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - - [16/Mar/2019:04:19:36 -0400] "GET //media/wp-includes/wlwmanifest.xml HTTP/1.1" 404 broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - - [16/Mar/2019:04:19:36 -0400] "GET //wp2/wp-includes/wlwmanifest.xml HTTP/1.1" 404 broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - - [16/Mar/2019:04:19:37 -0400] "GET //site/wp-includes/wlwmanifest.xml HTTP/1.1" 404 broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - - [16/Mar/2019:04:19:37 -0400] "GET //cms/wp-includes/wlwmanifest.xml HTTP/1.1" 404 broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - - [16/Mar/2019:04:19:37 -0400] "GET //sito/wp-includes/wlwmanifest.xml HTTP/1.1" 404 ---------------------------------------------------------- | I don't and won't do online banking. | | You sound overly paranoid. Banks are pretty secure, and it's their responsibility if your money disappears. | Up to a point. In the US there are limits on debit cards. A card used for business isn't covered. A personal card is only covered if a problem is reported promptly. (Most people don't know that.) And what if someone gets into my account and steals money, but it looks like it was me? How do I make a case that the withdrawal should be insured? Another risk connected with that is scam emails that pretnd to be from your bank. Since I don't do such things online I can't be tricked by scams. | What if the product is faulty? Then you'll want to | know they actually have an address and phone number. | | This is the 21st century, I prefer an email address or an online chat. | What's that got to do with the 21st century? human relationships are out of date? | I've actually never in my entire life had anything nasty happen to my computer or my personal | details. I'm fairly careful but not that careful. I have AVG running all the time, and I use Opera browser rather than that buggy M$ ****, and I do a malware scan with Malwarebytes every month (not the realtime one, that costs money!) and Windows Firewall is running, but that's about it. | I haven't had trouble, either. I don't use AV or dubious products like MB. But I'm careful. On the other hand, the woman I live with got a popup awhile back and before I was up and awake she had given someone a $390 credit card payment for a problem the popup said was on her computer! She's not dumb. She's a teacher. But the popup was convincing and she didn't know better. |
#34
|
|||
|
|||
Virus on page?
On Mon, 18 Mar 2019 20:13:54 +0000, David in Devon
wrote: On 18/03/2019 19:38, Shadow declared: Seems like Carlos ER missed the warning. Perhaps Carlos is fully aware that your link directs to a *FALSE* archive.org website which is operating from YOUR server! Are you suggesting the entire DNS system has been compromised ? Or are you trying to hide your true nature again ? Please back up your statement with TECNICAL details. No, I think that Carlos E.R does not know you. A simple Google search for "David Brooks stalker" reveals what you are. https://web.archive.org/web/20190318...ks-stalker.php Checks out fine on Sucuri, Netcraft and WOT. 100% authentic and safe. Maybe you are not the only malware controlling your computer ? The problem is not the webpage. []'s -- Don't be evil - Google 2004 We have a new policy - Google 2012 Nineteen Eighty-Four was a work of FICTION !!!! - Orwell |
#35
|
|||
|
|||
Virus on page?
On Mon, 18 Mar 2019 20:36:46 -0000, Mayayana wrote:
"Commander Kinsey" wrote | Another common attack | method is Wordpress plugins. People who don't know | what they're doing decide to have a website. Wordpress | helps them do that without understanding the process. | They set up a comment board, a shopping cart, etc. Later | someone finds a bug in the comment board plugin. But the | website founder doesn't know. They don't have the slightest | idea of how their website works and haven't given it a thought | ever since they set it up. So someone takes over | their site via that bug and starts serving malware. That's | not unusual. I get people trying to break into my website | daily via Wordpress bugs, because a very large number of | websites are based on Wordpress. | | Isn't Wordpress a big enough company to fix these flaws in their own plugins? | I assume that something on Wordpress is probably fine. But a large segment of the Internet is people who use Wordpress templates, tools and plugins on their own site. Wordpress makes it very easy to put something like a comment board on your site without knowing what you're doing. So Sam ends up with commentsPlugin v. 3.1521 on his web sever. He forgets about it. In 6 months a bug is found. Everyone who's keeping track updates the plugin. But Sam doesn't even really know he's using a plugin. so bots from Russia or China, testing front door locks, discover that Sam's site can be hacked and they upload malicious code. Sam's none the wiser. Shouldn't the plugin get auto-updated? If Wordpress design a system where any old fool can make a website using their tools, the tools should run from somewhere where they're updated, without Joe Bloggs having to know. | I don't and won't do online banking. | | You sound overly paranoid. Banks are pretty secure, and it's their responsibility if your money disappears. Up to a point. In the US there are limits on debit cards. A card used for business isn't covered. A personal card is only covered if a problem is reported promptly. (Most people don't know that.) And what if someone gets into my account and steals money, but it looks like it was me? How do I make a case that the withdrawal should be insured? Maybe it's different in the US, but in the UK, I doubt I could lose anything if someone got into my bank account. It's up to them to make the system secure. Unless they can prove I was stupid enough to leave my password written somewhere everyone could see it. Another risk connected with that is scam emails that pretnd to be from your bank. Since I don't do such things online I can't be tricked by scams. You have to be really stupid to be tricked by one of those. The first thing I notice is they're full of deliberate spelling errors, designed to circumvent spam filters I guess. That just makes me notice it isn't official. Would anyone really click something that says "Your Amzon account has been compromised"? Even if I used Amazon, I wouldn't read Amzon as Amazon. | What if the product is faulty? Then you'll want to | know they actually have an address and phone number. | | This is the 21st century, I prefer an email address or an online chat. | What's that got to do with the 21st century? human relationships are out of date? Convenience. I can webchat with someone in my bank while I'm doing other things. Far easer than trying to old a verbal conversation. With webchat, either party is fine with the other not responding for a few minutes. The bank staff might be looking up some details, I might be grabbing a cup of coffee, etc, etc. And they can chat with more than one person at a time. | I've actually never in my entire life had anything nasty happen to my computer or my personal | details. I'm fairly careful but not that careful. I have AVG running all the time, and I use Opera browser rather than that buggy M$ ****, and I do a malware scan with Malwarebytes every month (not the realtime one, that costs money!) and Windows Firewall is running, but that's about it. I haven't had trouble, either. I don't use AV or dubious products like MB. Why do you call it dubious? And do you seriously have no antivirus?! But I'm careful. On the other hand, the woman I live with got a popup awhile back and before I was up and awake she had given someone a $390 credit card payment for a problem the popup said was on her computer! She's not dumb. She's a teacher. But the popup was convincing and she didn't know better. Giving someone you don't know $390 because something pops up on your screen is monumentally dumb. She's a catastrophic failure. And why did you include "she's a teacher"? Teachers are among the thickest people I've ever known. Hence the phrase "Those that can, do. Those that can't, teach." |
#36
|
|||
|
|||
Virus on page?
On 18/03/2019 21:10, Shadow wrote:
Are you suggesting the entire DNS system has been compromised No. I'm suggesting that *YOU* are posting links which have been 'doctored' (pun intended!) -- David B. Devon, UK |
#37
|
|||
|
|||
Virus on page?
"Commander Kinsey" wrote
| Shouldn't the plugin get auto-updated? If Wordpress design a system where any old fool can make a website using their tools, the tools should run from somewhere where they're updated, without Joe Bloggs having to know. | They give the tools away for free. It's not Wordpress' responsibility. | Convenience. I can webchat with someone in my bank while I'm doing other things. Far easer than trying to old a verbal conversation. With webchat, either party is fine with the other not responding for a few minutes. The bank staff might be looking up some details, I might be grabbing a cup of coffee, etc, etc. And they can chat with more than one person at a time. | That's fine, but if you need to do something like return a product and you get a run-around via email, it's nice to be able to actually reach a human. | I haven't had trouble, either. I don't use AV or dubious | products like MB. | | Why do you call it dubious? | | And do you seriously have no antivirus?! | I call it dubious because I once tried MB. It found 10 problems. None of them were problems. One was my boot and disk imaging program, BootIt. MB said it was malware. Several "problems" were Regitry settings I had chosen. But MB wasn't explaining the items. It even cooked up official sounding, scary names for things that it falsely identified. So anyone using it needs to know how to interpret the report and not let MB take action otherwise. No, I haven't used AV for a decade or more. I generally just don't do risky things. and AV is of limited use. So-called zero-days -- malware that's not yet known -- can get past AV. It was designed for a different time, when there were just a few bugs and the file could be identified. | computer! She's not dumb. She's a teacher. But the | popup was convincing and she didn't know better. | | Giving someone you don't know $390 because something pops up on your screen is monumentally dumb. She's a catastrophic failure. | | And why did you include "she's a teacher"? Teachers are among the thickest people I've ever known. Hence the phrase "Those that can, do. Those that can't, teach." | If you say so. She supervises student teachers and was using DOS before I knew how to turn on a computer. She's got a degree from Cornell and I only finished high school. But she's just not a tech expert. Hopefully you'll never get suckered and have to eat your words. Someone doesn't have to be dumb to get suckered. Most of these attacks are designed to scare people. |
#38
|
|||
|
|||
Virus on page?
On Mon, 18 Mar 2019 21:57:57 -0000, Mayayana wrote:
"Commander Kinsey" wrote | Shouldn't the plugin get auto-updated? If Wordpress design a system where any old fool can make a website using their tools, the tools should run from somewhere where they're updated, without Joe Bloggs having to know. | They give the tools away for free. It's not Wordpress' responsibility. Yeah lets make dodgy tools that are full of security holes and give them away. Great way to ruin your company's reputation. | Convenience. I can webchat with someone in my bank while I'm doing other things. Far easer than trying to old a verbal conversation. With webchat, either party is fine with the other not responding for a few minutes. The bank staff might be looking up some details, I might be grabbing a cup of coffee, etc, etc. And they can chat with more than one person at a time. | That's fine, but if you need to do something like return a product and you get a run-around via email, it's nice to be able to actually reach a human. It's a human emailing, it's just easier than speaking. You don't have to be there at the same time. | I haven't had trouble, either. I don't use AV or dubious | products like MB. | | Why do you call it dubious? | | And do you seriously have no antivirus?! I call it dubious because I once tried MB. It found 10 problems. None of them were problems. One was my boot and disk imaging program, BootIt. MB said it was malware. Several "problems" were Regitry settings I had chosen. But MB wasn't explaining the items. It even cooked up official sounding, scary names for things that it falsely identified. So anyone using it needs to know how to interpret the report and not let MB take action otherwise. I got about two. I identified them as programs I used for pirating software, checked them with virustotal, and gave malwarebytes a couple of exceptions. It's been quiet ever since, just removing some advertising cookies now and again. No, I haven't used AV for a decade or more. I generally just don't do risky things. and AV is of limited use. They can get in without being risky. I've had viruses downloaded from genuine freeware sites that clearly weren't checking everything first. So-called zero-days -- malware that's not yet known -- can get past AV. It was designed for a different time, when there were just a few bugs and the file could be identified. A different time?! | computer! She's not dumb. She's a teacher. But the | popup was convincing and she didn't know better. | | Giving someone you don't know $390 because something pops up on your screen is monumentally dumb. She's a catastrophic failure. | | And why did you include "she's a teacher"? Teachers are among the thickest people I've ever known. Hence the phrase "Those that can, do. Those that can't, teach." | If you say so. She supervises student teachers and was using DOS before I knew how to turn on a computer. She's got a degree from Cornell and I only finished high school. But she's just not a tech expert. Hopefully you'll never get suckered and have to eat your words. Someone doesn't have to be dumb to get suckered. Most of these attacks are designed to scare people. You have to have absolutely zero common sense to fall for what she did, you don't have to be technical, just sensible. She's an idiot. Those are the morons the scammers are after, and I don't really care. I knew a professor who could speak 17 languages and had 5 degrees, but she could break a computer in 10 seconds just trying to launch Microsoft Word. |
#39
|
|||
|
|||
Virus on page?
On 18/03/2019 14.31, Paul wrote:
Commander Kinsey wrote: On Mon, 18 Mar 2019 03:26:19 -0000, Carlos E.R. wrote: Possibly one of those adds you get triggered the blast (maybe from your antivirus?). I have heard that blast on a friend's laptop once, and scared me ****less. I must say that you guys on Windows get more fun that us poor lads on Linux :-P I've never had a bleep like that before.* It sounds like the BBC2 test signal. History of computing comes to mind... https://en.wikipedia.org/wiki/PC_speaker If the sound system is down (driver is not working), OSes are allowed to use "PCBeep". PCBeep is considered to be the "backup notification system". If the sound card goes missing, software is allowed to abuse that. On my desktop machine, the beeper is tiny and hardly heard. I could not find a bigger unit. On laptops, the pc beeper is usually routed via the sound card, and it can go at top volume by default :-/ .... The BIOS beeper/speaker has also been tied in the past, to games. The motherboard speaker can be used as a 1-bit DAC, and game soundtracks can be played through it. (A certain era of Macintosh gaming did this too, and there were probably 200 games that did the 1-bit DAC thing... The fidelity is surprisingly good. 1-bit DACs have also been used in expensive stereo equipment, in case you thought that nobody would dare try that :-) To make that work, just crank up the clock rate, and the 1 bit DAC does a damn good job. The DAC needs to be followed by a reconstruction filter, which is what makes it work.) https://en.wikipedia.org/wiki/La_Abad%C3%ADa_del_Crimen «The music played in the game corresponds to the Minuet in G major and the sonata for flute BWV 1033 from Bach, and Crystal Palace from Gwendal. The original PC version also featured the "Ave Maria" from Schubert, in a short chorus recording that played through the speaker when the player went to the church. There is a form of copy protection on the PC version: if an illegal copy of the game was created, in the church area, instead of "Ave Maria", a voice crying "Pirate! Pirate! Pirate!" several times will be heard instead, and after that the game will crash.» -- Cheers, Carlos. |
#40
|
|||
|
|||
Virus on page?
On 18/03/2019 15.15, nospam wrote:
In article , Mayayana wrote: | Technically yes, but the PDF is displayed in my browser and has links to click just like a webpage. | Not to nag, but you might also consider not allowing PDFs to load in your browser. They're a common attack method. They're not webpages. They only load at all because Adobe has been trying, for many years, to find a way to hijack the Internet. (Flash, PDF, AIR.) adobe isn't trying to hijack anything, certainly not with pdf, which isn't even owned by them. This is inexact. There is a published PDF standard, which they no longer own. But they can add, and do add, additional features that only them support properly (because they don't publish). Usually if a PDF is linked it's because you want a copy. not necessarily. So it makes sense to set your browser so that you download PDFs. Then you don't have to keep going back to the website every time you want to look at it. it makes a lot more sense to read it in the browser and save a copy if desired, rather than have to switch to a separate reader just to see the pdf and then trash it if it's not worth keeping. Actually, the browser always downloads the PDF to temporary storage before rendering it. In theory this can be done in memory, but why would they? It is more work. -- Cheers, Carlos. |
#41
|
|||
|
|||
Virus on page?
"Commander Kinsey" wrote
| So-called | zero-days -- malware that's not yet known -- can get | past AV. It was designed for a different time, when there | were just a few bugs and the file could be identified. | | A different time?! | When AV first came out it updated "definitions" once per month. There was a file of a couple of MB that contained byte patterns to identify known virii. I think there were something like 30K known bugs. It worked well. Today there are millions and the definitions are updated multiple times daily. It's a tremendous resource hog, yet many attacks won't be using a bug that's in their definitions. And many attacks are complex. I was reading that the most common now is spam. I'm guessing that's mostly spam that gets people to click a link and then run a 0-day. Like you did with your PDF. Luckily it probably didn't install malware. I run no sych risk because I'd never click that link with script enabled. And I know what to look for more than most people. If you don't mind the bloat then AV can be helpful insofar as it watches for suspicious activity. I install it for friends. It's better than nothing. But it's not nearly as good as being careful. Of course you'd have to be a moron and incredibly dumb to use AV, and even dumber to use MB, but maybe you're one of those halfwit teacher types? |
#42
|
|||
|
|||
Virus on page?
On 18/03/2019 15.03, Mayayana wrote:
"Commander Kinsey" wrote | Technically yes, but the PDF is displayed in my browser and has links to click just like a webpage. | Not to nag, but you might also consider not allowing PDFs to load in your browser. They're a common attack method. They're not webpages. They only load at all because Adobe has been trying, for many years, to find a way to hijack the Internet. (Flash, PDF, AIR.) Firefox has some support to display PDF internally without using a plugin from adobe or elseware. But the rendering is not as perfect. I don't know about other browsers, but I suspect they do similarly. I believe PDFs are safe as long as the reader does not supports or ignore the possible javascript code they can contain. Usually if a PDF is linked it's because you want a copy. So it makes sense to set your browser so that you download PDFs. Then you don't have to keep going back to the website every time you want to look at it. A PDF is not necessarily safer on your computer than in the browser, but there are two differences: And because the leaflet can be printed, with accuracy. 1) You can use a PDF reader with script disabled or with no scripting ability, to be safe. (Like Sumatra.) 2) A downloaded PDF is less likely to take you by surprise, in case you were tricked into clicking the link to it. -- Cheers, Carlos. |
#43
|
|||
|
|||
Virus on page?
On Mon, 18 Mar 2019 22:39:59 -0000, Carlos E.R. wrote:
On 18/03/2019 14.31, Paul wrote: Commander Kinsey wrote: On Mon, 18 Mar 2019 03:26:19 -0000, Carlos E.R. wrote: Possibly one of those adds you get triggered the blast (maybe from your antivirus?). I have heard that blast on a friend's laptop once, and scared me ****less. I must say that you guys on Windows get more fun that us poor lads on Linux :-P I've never had a bleep like that before. It sounds like the BBC2 test signal. History of computing comes to mind... https://en.wikipedia.org/wiki/PC_speaker If the sound system is down (driver is not working), OSes are allowed to use "PCBeep". PCBeep is considered to be the "backup notification system". If the sound card goes missing, software is allowed to abuse that. On my desktop machine, the beeper is tiny and hardly heard. I could not find a bigger unit. Most desktops don't even have one. This one is unusual. On laptops, the pc beeper is usually routed via the sound card, and it can go at top volume by default :-/ I didn't know there was still a beeper function unless you were using DOS! The BIOS beeper/speaker has also been tied in the past, to games. The motherboard speaker can be used as a 1-bit DAC, and game soundtracks can be played through it. (A certain era of Macintosh gaming did this too, and there were probably 200 games that did the 1-bit DAC thing... The fidelity is surprisingly good. 1-bit DACs have also been used in expensive stereo equipment, in case you thought that nobody would dare try that :-) To make that work, just crank up the clock rate, and the 1 bit DAC does a damn good job. The DAC needs to be followed by a reconstruction filter, which is what makes it work.) https://en.wikipedia.org/wiki/La_Abad%C3%ADa_del_Crimen «The music played in the game corresponds to the Minuet in G major and the sonata for flute BWV 1033 from Bach, and Crystal Palace from Gwendal. The original PC version also featured the "Ave Maria" from Schubert, in a short chorus recording that played through the speaker when the player went to the church. There is a form of copy protection on the PC version: if an illegal copy of the game was created, in the church area, instead of "Ave Maria", a voice crying "Pirate! Pirate! Pirate!" several times will be heard instead, and after that the game will crash.» Copyright sux. |
#44
|
|||
|
|||
Virus on page?
On Mon, 18 Mar 2019 22:44:23 -0000, Mayayana wrote:
"Commander Kinsey" wrote | So-called | zero-days -- malware that's not yet known -- can get | past AV. It was designed for a different time, when there | were just a few bugs and the file could be identified. | | A different time?! When AV first came out it updated "definitions" once per month. There was a file of a couple of MB that contained byte patterns to identify known virii. I think there were something like 30K known bugs. It worked well. Today there are millions and the definitions are updated multiple times daily. It's a tremendous resource hog, yet many attacks won't be using a bug that's in their definitions. And many attacks are complex. I was reading that the most common now is spam. I'm guessing that's mostly spam that gets people to click a link and then run a 0-day. Like you did with your PDF. Luckily it probably didn't install malware. I run no sych risk because I'd never click that link with script enabled. And I know what to look for more than most people. If you don't mind the bloat It uses about the same as an mp3 player. 1% of my CPU. then AV can be helpful insofar as it watches for suspicious activity. I install it for friends. It's better than nothing. But it's not nearly as good as being careful. Of course you'd have to be a moron and incredibly dumb to use AV, and even dumber to use MB, but maybe you're one of those halfwit teacher types? Funny how I've never been infected, yet both of AVG and MB have flagged up things and removed them. |
#45
|
|||
|
|||
Virus on page?
On 18/03/2019 20.08, Commander Kinsey wrote:
On Mon, 18 Mar 2019 14:03:54 -0000, Mayayana wrote: "Commander Kinsey" wrote | Technically yes, but the PDF is displayed in my browser and has links to click just like a webpage. | ** Not to nag, but you might also consider not allowing PDFs to load in your browser. They're a common attack method. They're not webpages. They only load at all because Adobe has been trying, for many years, to find a way to hijack the Internet. (Flash, PDF, AIR.) Hijack? Design technologies that get very popular on Internet, but being owned by them, they get paid in some manner. They also do not publish all the details of the technology so that it is hard by others to replicate the implementations. -- Cheers, Carlos. |
Thread Tools | |
Display Modes | Rate This Thread |
|
|