Disabling Java Plugins

Disabling Java Plugins in browser

Many security researchers and national computer security organizations caution users to limit their usage of the Java Runtime Environment (JRE), unless required for business reasons, or to remove it entirely, including disabling Java plug-ins in web browsers.

Listed below are instructions for disabling Java plug-ins or add-ons in common web browsers.

Note: On systems with multiple user accounts, you may need to disable the plug-ins in each individual user account.

Mozilla Firefox

1.) From the main menu bar, select ‘Tools’ > ‘Add-ons’ > ‘Plugins’ (or press the key combination ‘Ctrl+Shift+A’).
2.) Look for plugins containing the term ‘Java’ and click the ‘Disable’ button next to them.
3.) Restart the browser.

Apple Safari

1.) Click ‘Preferences’, then ‘Security tab’.
2.) Uncheck ‘Enable Java’.

Microsoft Internet Explorer

1.) Click ‘Tools’ > ‘ Manage add-ons’.
2.) Select any add-ons with the name ‘Java’, then click the ‘Disable’ button.
3.) Restart the browser.

 

More
You can also disable Java from the Microsoft Windows Control Panel
1.) In Window’s Control Panel, click on ‘Java’; a Java Control Panel will appear.
2.) In the Java Control Panel, select the ‘Java’ tab and click the ‘View’ button.
3.) For any JRE versions listed, uncheck the ‘Enabled’ box. Click ‘OK’.
4.) In the Java Control Panel, click ‘Apply’ or ‘OK’.

Removing ‘Police-themed’ Ransomware

Ransomware is a type of harmful program that extorts money from a user by taking control of their device or data, then demanding a ransom for its return. ‘Police-themed’ ransomware disguise their ransom demands as official-looking warning messages from a local law enforcement agency.

The criminals responsible for ransomware usually distribute them using trojans or exploit kits. When it is run on a computer or device, the ransomware will first try and ‘lock’ or encrypt the device or its contents. Next, the ransom demand is displayed, usually in a text file or a webpage. Some ransomware also change the desktop background to display the demand.

If the affected device or data is confidential, business-critical or irreplaceable, the impact of a ransomware infection can be very disruptive. Ransomware exploit the user’s shock, embarrassment and fear to pressure them into paying the ransom demanded.

EXAMPLES OF ‘POLICE-THEMED’ RANSOM DEMANDS

‘Police-themed’ ransom demand

Though earlier ransomware samples we saw tended to be simple, blatant attempts at extortion, recent ones have been more subtle in design.

From 2012 onwards, we started seeing ransomware using the names, visual images and language of various law enforcement agencies to make their ransom demands look like official writs, usually regarding some alleged offense that the user supposedly committed.

The details of the ransom demand vary depending on the user’s geographical location. The most notable examples have come from Western European countries, notably France, Germany, Finland and Italy, but other countries have also reported instances of such ransomware.

While the actuals text of the demands vary, they generally follow the same pattern:

  1. Claim that the computer or device has been ‘locked’ after the authorities identified it as being used to visit websites related to:
    • terrorism or
    • Child abuse or
    • Pornography
  2. Display the device’s IP address and other details
  3. Claim that payment of a ‘fine’ is required to settle the ‘offense’.
  4. Provide instructions for paying the ‘fine’ using cash cards, vouchers or other payment methods that are difficult to trace

Should you pay the demand?

Security researchers and law enforcement authorities strongly recommend that affected user do not pay the ransom demand. There is no guarantee that payment will restore the affected device or data.

The recommended course of action is that the user report the incident to the proper local authorities, disinfect the affected device and restore the affected data from clean backups.

In some of the cases reported to legitimate authorities however, losing control of the affected device or data has been so disruptive that the users have chosen to pay the ransom demand. This has been especially true of businesses and individuals who have no clean backups to recover from, or who have critical business machines affected by the ransomware.

Of course, it is likely that many affected users do not report an infection or ransom payment to the authorities at all.

Responding to a ransomware infection

If the worst happens and ransomware does infect your device, there are a couple of steps you can take to contain the damage:

  • IMMEDIATELY disconnect the affected device or devices from the local network and/or the Internet. Doing so prevents the infection from spreading to other connected devices.
  • Scan all connected devices and /or cloud storage for similar flaws and additional threats. Not only should other connected devices and storage media be checked for infection by the same threat, but also for any other threats that may have been installed on the side.
  • If possible, identify the specific ransomware responsible. Knowing the specific family involved makes it easier to search online for information about remedial options. The ID-Ransomware project site may be able to help you identify the ransomware involved.

You can find more about responding to a ransomware infection at:

You may also be interested to check out:

No More Ransom!

This is an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre and security researchers aims to help victims retrieve their encrypted data without having to pay the criminals responsible for the threat.

Removing ‘police-themed’ ransomware

In most cases, F-Secure’s security products will will automatically detect and remove a ransomware file.

For certain ransomware families, manual removal is also possible, though it is only recommended for a technically skilled user.

Automatic Removal

We detect police-themed ransomware with multiple detections, including Trojan:W32/RevetonTrojan:W32/Ransom and generics.

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

For users who do not have an F-Secure security product installed, in most cases our Online Scanner removal tool is able to detect and automatically remove the ransomware.

Manual Removal

Trojan:W32/Reveton and Trojan:W32/Urausy variants may also be manually removed from the machine, using the following instructions:

CAUTION: Manual disinfection is a risky process; it is recommended only for advanced users. Otherwise, seek professional technical assistance.

  1. Boot the system into ‘Safe Mode with Command Prompt.’ To do so:
    • First, restart the system (Click Start, then Shut Down, select Restart in the drop-down dialog box that appears, then click OK).
    • As the computer restarts but before Windows launches, press F8.
    • Use the arrow keys to highlight ‘Safe Mode with Command Prompt’ and then press Enter.
  2. In the command prompt, type “regedit” and press Enter.
  3. Look for the following registry values and remove them.
    • For Reveton

      Delete the “ctfmon.exe” registry value from HKEY_CURRENT_USER\Software \Microsoft\Windows\CurrentVersion\Run

    • For Urausy

      Delete the “shell” registry value from HKEY_CURRENT_USER\Software\ Microsoft\WindowsNT\CurrentVersion\ Winlogon ONLY IFthese two conditions are met:

      1. The “shell” registry value is located under HKEY_CURRENT_USER and NOT HKEY_LOCAL_MACHINE.

        WARNING! Deleting the “shell” value if it is listed under HKEY_LOCAL_MACHINE may break the Windows system.

      2. There is a reference to a .dat file (e.g. skype.dat) in the value data.
  4.   Reboot the system again, this time into Normal mode.
  5.   Finally, run a full computer scan to repair any remaining files.

 

Source: Removing ‘Police-themed’ Ransomware | F-Secure Labs

How to connect to a MySQL database

MySQL
Setup to connect locally
create user username@localhost identified by ‘secret password’;
create database thor character set utf8;
grant all on thor.* to thor@localhost;

select User,Host from mysql.user;
SHOW GRANTS;
SHOW GRANTS FOR CURRENT_USER;

Setup to connect remotely
mysql> GRANT ALL ON fooDatabase.* TO fooUser@’1.2.3.4′ IDENTIFIED BY ‘my_password’;

This statement will grant ALL permissions to the newly created user fooUser with a password of ‘my_password’ when they connect from the IP address 1.2.3.4.

Testing Remotely
Now you can test your connection remotely. You can access your MySQL server from another Linux server:

# mysql -u fooUser -p -h 44.55.66.77
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 17
Server version: 5.0.45 Source distribution

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the buffer.

mysql> _

Windows Backup

http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline
http://windows.microsoft.com/en-US/windows/windows-defender-offline-faq#section_3

http://www.f-secure.com/en/web/labs_global/removal-tools/-/carousel/view/142

http://support.kaspersky.com/viruses/rescuedisk

http://windows.microsoft.com/sv-se/windows-live/essentials

https://www.dropbox.com/downloading
http://windows.microsoft.com/sv-se/skydrive/download

I dag då man har det mästa av sina minnen och dokument i digital form, lagrade på telefon och dator måste man ta till lite försigtighetsreglar.
Backup, backup och backup. Inga ursäktar för att undlåta göra detta. Hårddiskar krasjar, mobiltelefoner tappas, virus infektioner osv.

Jag anbefaller ett par enkla förebyggande steg. Backup är det alltid bra att ha på flera ställen. Här anbefaller jag två gratis tjänster. Dropbox och Skydrive , båda gratis i standard versionerna och fullt åtkomliga från båda smartphone och PC. Automatisk synkning osv. Kopplar du en digitalkamera eller din smartphone till datorn, laddar dom automatisk upp nya filer eller foto, synkroniserar med backuppen.

Man bör också, Innan katastrofen inträffar skapa sig en Windows Reparations Disk att ha i vertygslådan. Med hjälp av denna kan man f.ex kunna boota upp och reparera skadade operativsystem filer.

Så här skapar du en systemreparationsskiva

Öppna Säkerhetskopierings- och återställningscenter genom att klicka på StartBild av Start-knappen, Kontrollpanelen, System och underhåll och sedan på Säkerhetskopiering och återställning.

Klicka på Skapa en systemreparationsskiva till vänster och följ sedan instruktionerna. Administratörsbehörighet krävs Om du uppmanas att ange administratörslösenord eller bekräftelse, följer du uppmaningen.
Obs!

Om du uppmanas att sätta in en installationsskiva för Windows beror detta på att det inte går att hitta de filer som krävs för att skapa systemreparationsskivan på datorn. Sätt in en installationsskiva för Windows 7.

Så här använder du systemreparationsskivan

Sätt in systemreparationsskivan i DVD- eller CD-enheten.

Starta om datorn med hjälp av datorns strömbrytare.

Om du uppmanas till det trycker du på en valfri tangent för att starta datorn från systemreparationsskivan.

Om datorn inte har konfigurerats att starta från en cd eller dvd läser du den information som medföljde datorn. Du kan behöva göra ändringar i datorns BIOS-inställningar.

Välj språkinställningar och klicka på Nästa.

Välj ett återställningsalternativ och klicka sedan på Nästa.

Minor upgrade of FreeBSD 11.0 to FreeBSD 11.1

Performing a minor version upgrade of Freebsd 11.0 to Freebsd 11.1
using the FreeBSD Update tool.

hasse@ymer:~ % sudo uname -a
FreeBSD ymer.bara1.se 11.0-RELEASE-p12 FreeBSD 11.0-RELEASE-p12 #0: Wed Aug 9 10:03:39 UTC 2017 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64

hasse@ymer:~ % sudo freebsd-update -r 11.1-RELEASE upgrade
Looking up update.FreeBSD.org mirrors… none found.
Fetching metadata signature for 11.0-RELEASE from update.FreeBSD.org… done.
Fetching metadata index… done.
Fetching 1 metadata files… done.
Inspecting system… done.

The following components of FreeBSD seem to be installed:
kernel/generic src/src world/base world/doc world/lib32

The following components of FreeBSD do not seem to be installed:
kernel/generic-dbg world/base-dbg world/lib32-dbg

Does this look reasonable (y/n)? y

Fetching metadata signature for 11.1-RELEASE from update.FreeBSD.org… done.
Fetching metadata index… done.
Fetching 1 metadata patches. done.
Applying metadata patches… done.
Fetching 1 metadata files… done.
Inspecting system… done.
Fetching files from 11.0-RELEASE for merging… done.
Preparing to download files… done.
Fetching 48363 patches…..10….20….30….40….50…. and so on until in my case,.. 48360. done.

Applying patches… done.
Fetching 2476 files… done.
Attempting to automatically merge changes in files… done.

After manually merging some config files,
To install the downloaded upgrades, run “/usr/sbin/freebsd-update install”.

% sudo /usr/sbin/freebsd-update install
Installing updates…
Kernel updates have been installed. Please reboot and run
“/usr/sbin/freebsd-update install” again to finish installing updates.

% sudo reboot

% sudo freebsd-update install
Installing updates…
Completing this upgrade requires removing old shared object files.
Please rebuild all installed 3rd party software (e.g., programs
installed from the ports tree) and then run “/usr/sbin/freebsd-update install”
again to finish installing updates.

% sudo portsnap fetch update
% sudo pkg-static upgrade -f

and in my case,
Number of packages to be installed: 7
Number of packages to be reinstalled: 122
Number of packages to be downgraded: 67

The process will require 22 MiB more space.
153 MiB to be downloaded.

Number of packages to be reinstalled: 121
Number of packages to be downgraded: 66

Proceed with this action? [y/N]: y

When finish,

% sudo reboot

and again run

% sudo freebsd-update install

% sudo portmaster -aRd

Voila !

% uname -a

Further reading at the excellent FreeBSD Handbook https://www.freebsd.org/doc/handbook/updating-upgrading-freebsdupdate.html
FreeBSD ymer.bara1.se 11.1-RELEASE-p1 FreeBSD 11.1-RELEASE-p1