1. Contracting
    1. General
      1. Brexit
    2. Business / Contracts
      1. Coronavirus Assistance
    3. Accounting / Legal
      1. Umbrella Companies
      2. HMRC Scheme Enquiries
      3. The Future of Contracting
      4. IR35 Reform
    4. Technical
    5. Welcome / FAQs
  2. Social
    1. Light Relief
    2. Social / Events
  • Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Top porn sites 'pose growing malware risk' to users

Collapse
X
11 to 19 of 19 Previous 1 2 template Next
Collapse
Reply to Thread
  •  
  • Filter
  • Time
  • Show
Clear All
new posts
11 to 19 of 19 Previous 1 2 template Next
    #11
    I do a bit of work on security and often my research takes me to websites which contain malicious code. To mitigate against my PC getting compromised, I switched to running machines under VMWare for high risk activities.

    If one of the VMs gets compromised I can easily contain the system and examine what happened to better understand the attack vector used or just throw the VM away and start a new one....

    Another good solution for visiting risky sites is to use one of the Linux distributions. CentOS, Mint and Ubuntu (before they fecked up the GUI with Gnome 3) are all dead easy to install and pretty much bullet proof security wise unless you do something Really Dumb. You can even give a Linux system to the kids to use and they are working pretty hard to trash it.
    Free advice and opinions - refunds are available if you are not 100% satisfied.

    Comment

      #12
      Originally posted by Wanderer View Post
      I do a bit of work on security and often my research takes me to websites which contain malicious code. To mitigate against my PC getting compromised, I switched to running machines under VMWare for high risk activities.
      It's much safer to keep PC turned off.

      Milan.

      Comment

        #13
        Originally posted by AtW View Post
        It's much safer to keep PC turned off.

        Milan.
        What's a PC???

        DodgyAgent
        What happens in General, stays in General.
        You know what they say about assumptions!

        Comment

          #14
          Originally posted by MarillionFan View Post
          What's a PC??? Someone who beats up miners.

          DodgyAgent
          FTFY
          While you're waiting, read the free novel we sent you. It's a Spanish story about a guy named 'Manual.'

          Comment

            #15
            Originally posted by VectraMan View Post
            Indeed. How is it even possible for Javascript, which is downloaded, compiled and run in the browser to do anything harmful to your computer?
            Having had some experience of the hacks on the ad server on this forum and attacks on other sites I host I have a little bit of experience with this. Often the JavaScript is used to sniff what OS / browser / Java version the end user is on and a payload is then triggered if known exploits exist for that combination.

            Originally posted by Platypus View Post
            It's users who are the problem, not browsers.
            Nah, it is the browser that is often the problem:
            PWN2OWN results Day One – Java, Chrome, IE 10 and Firefox owned | Naked Security

            No getting away from the fact that end users are gullible but really the OS should protect even the most stupid end users.

            Comment

              #16
              Originally posted by VectraMan View Post
              Indeed. How is it even possible for Javascript, which is downloaded, compiled and run in the browser to do anything harmful to your computer?
              If it runs then it can escape.

              Everything that parses data - runs it.

              Switch off your PC now

              Comment

                #17
                Why not make that search engine thing of yours into a specialised porn finder? You could make a fortune.
                bloggoth

                If everything isn't black and white, I say, 'Why the hell not?'
                John Wayne (My guru, not to be confused with my beloved prophet Jeremy Clarkson)

                Comment

                  #18
                  Originally posted by xoggoth View Post
                  You could make a fortune.
                  What for?

                  Comment

                    #19
                    Originally posted by VectraMan View Post
                    Indeed. How is it even possible for Javascript, which is downloaded, compiled and run in the browser to do anything harmful to your computer? I could write something in C++ in 2 minutes that'd delete all your files, but that's because it's native code. Sandboxie appears to be about protecting you against downloaded programs. Well don't download them.
                    Attacks are getting more and more sophisticated because there is real money in it. There have been vulnerabilities found in browsers that can be exploited by simply visiting a malicious page. A researcher who finds one of these can pass it to the software vendor or sell it on the black market to organised criminal gangs with teams of developers who exploit them to compromise computers for identity/data theft and botnets. It's no longer script kiddies doing it for laughs or people doing patently stupid things which result in their PC being compromised (though there are still a lot of these too), it's big business now.

                    Originally posted by VectraMan View Post
                    No doubt this is mostly about people who still run IE6. And in this instance, I feel it's justified to add a .
                    Agree that anyone who runs IE6 (including many large companies who should know better) suffers from terminal stupidity but as above - these attacks are increasingly sophisticated and organised so it's a running battle to keep ahead.
                    Free advice and opinions - refunds are available if you are not 100% satisfied.

                    Comment

                    Reply to Thread
                    11 to 19 of 19 Previous 1 2 template Next

                    Advertisers

                    1. Contracting
                      1. General
                        1. Brexit
                      2. Business / Contracts
                        1. Coronavirus Assistance
                      3. Accounting / Legal
                        1. Umbrella Companies
                        2. HMRC Scheme Enquiries
                        3. The Future of Contracting
                        4. IR35 Reform
                      4. Technical
                      5. Welcome / FAQs
                    2. Social
                      1. Light Relief
                      2. Social / Events
                    Working...
                    X