dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
786
share rss forum feed


Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire
kudos:13

3 recommendations

Exploit Sat on LA Times Website for 6 Weeeks

from
»krebsonsecurity.com/2013/02/expl···6-weeks/
"...
The Los Angeles Times has scrubbed its Web site of malicious code that served browser exploits and malware to potentially hundreds of thousands of readers over the past six weeks.
.."

time it took to neuter aside, further confirmation of how javascript (used as a entry vector) should be controlled always

Cudni
--
"what we know we know the same, what we don't know, we don't know it differently."
Help yourself so God can help you.
Microsoft MVP, 2006 - 2012/13


therube

join:2004-11-11
Randallstown, MD
Reviews:
·Comcast
·Verizon Online DSL
> redirecting visitors to a third-party Web site

Who cares.

By default NoScript blocks JavaScript from running from any not allowed web site. And this specific not allowed (or any, for that matter - now how about that!) "third-party Web site" is covered by that.
Well gee, that was easy.
Protected.
(At the least from JavaScript exploits from those domains.)

Plus we have all those scanning (you name it: websites, like Google, & A/V programs that scan websites, & those websites that specifically scan other websites looking for exploits, all those "safe or trustworthy" scanners - WOT, McAfee, Safe Browsing Diagnostic, hpHost Report, Webmaster Tips Site Information, & on & on ...) & guess what, none of them picked up this malware on LAT, & so they did little or nothing in protecting you in that regard.

So go ahead, put your trust in WOT, heh.

(Reading further, quickly, I see that AVAST did pick up on something, so it may have helped somewhat?)


goalieskates
Premium
join:2004-09-12
land of big
reply to Cudni
Right on top of things, aren't they?

not ...


EUS
Kill cancer
Premium
join:2002-09-10
canada
Reviews:
·voip.ms
reply to therube
Avast dutifully notified me last night by way of another popup that this news story had occurred.
I hate it. I hope I cancelled the right notification in settings, or I won't be notified if something actually bad has occurred on my machine.
/Broken record re: Avast & Popups
--
~ Project Hope ~


antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable
reply to Cudni

LA Times Cleans Up Website, but over 320,000 Have Been Exposed


Secyurityet
Premium
join:2012-01-07
untied state
reply to Cudni

Re: Exploit Sat on LA Times Website for 6 Weeeks

I love their second response, essentially "nobody's personal information was compromised by our vendor's site, so no harm, no foul."

Maybe, except for the five hours per computer spent trying to clean the malware off...

HELLFIRE
Premium
join:2009-11-25
kudos:18
Welcome to IT, namely, are the hours 24/7?

quote:
“Of course.”
Overtime pay?

quote:
“This isn’t McDonald’s. We don’t pay by the hour.”
Compensation for overtime / above and beyond performance?

quote:
“No. That’s just part of the job.”
Total hours worked on average?

quote:
“We’re team players. We don’t count hours.”
Regards