Meltdown and Spectre

Meltdown and Spectre

Vulnerabilities in modern computers leak passwords and sensitive data.
Outlined for “NoTechies”

Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.

Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider’s infrastructure, it might be possible to steal data from other customers.

Meltdown

Meltdown

Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.

If your computer has a vulnerable processor and runs an unpatched operating system, it is not safe to work with sensitive information without the chance of leaking the information. This applies both to personal computers as well as cloud infrastructure. Luckily, there are software patches against Meltdown.

Spectre

Spectre

Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre

Spectre is harder to exploit than Meltdown, but it is also harder to mitigate. However, it is possible to prevent specific known exploits based on Spectre through software patches.

Who reported Meltdown?

Meltdown was independently discovered and reported by three teams:

Who reported Spectre?

Spectre was independently discovered and reported by two people:


Questions & Answers

Am I affected by the vulnerability?

Most certainly, yes.

Can I detect if someone has exploited Meltdown or Spectre against me?

Probably not. The exploitation does not leave any traces in traditional log files.

Can my antivirus detect or block this attack?

While possible in theory, this is unlikely in practice. Unlike usual malware, Meltdown and Spectre are hard to distinguish from regular benign applications. However, your antivirus may detect malware which uses the attacks by comparing binaries after they become known.

What can be leaked?

If your system is affected, our proof-of-concept exploit can read the memory content of your computer. This may include passwords and sensitive data stored on the system.

Has Meltdown or Spectre been abused in the wild?

We don’t know.

Is there a workaround/fix?

There are patches against Meltdown for Linux ( KPTI (formerly KAISER)), Windows, and OS X. There is also work to harden software against future exploitation of Spectre, respectively to patch software after exploitation through Spectre ( LLVM patch ARM speculation barrier header).

Which systems are affected by Meltdown?

Desktop, Laptop, and Cloud computers may be affected by Meltdown. More technically, every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013). We successfully tested Meltdown on Intel processor generations released as early as 2011. Currently, we have only verified Meltdown on Intel processors. At the moment, it is unclear whether AMD processors are also affected by Meltdown.  According to ARM, some of their processors are also affected.

Which systems are affected by Spectre?

Almost every system is affected by Spectre: Desktops, Laptops, Cloud Servers, as well as Smartphones. More specifically, all modern processors capable of keeping many instructions in flight are potentially vulnerable. In particular, we have verified Spectre on Intel, AMD, and ARM processors.

Which cloud providers are affected by Meltdown?

Cloud providers which use Intel CPUs and Xen PV as virtualization without having patches applied. Furthermore, cloud providers without real hardware virtualization, relying on containers that share one kernel, such as Docker, LXC, or OpenVZ are affected.

What is the difference between Meltdown and Spectre?

Meltdown breaks the mechanism that keeps applications from accessing arbitrary system memory. Consequently, applications can access system memory. Spectre tricks other applications into accessing arbitrary locations in their memory. Both attacks use side channels to obtain the information from the accessed memory location. For a more technical discussion we refer to the papers ( Meltdown and  Spectre)

Why is it called Meltdown?

The vulnerability basically melts security boundaries which are normally enforced by the hardware.

Why is it called Spectre?

The name is based on the root cause, speculative execution. As it is not easy to fix, it will haunt us for quite some time.

Is there more technical information about Meltdown and Spectre?

Yes, there is an  academic paper and  a blog post about Meltdown, and an  academic paper about Spectre. Furthermore, there is a  Google Project Zero blog entry about both attacks.

What are CVE-2017-5753 and CVE-2017-5715?

CVE-2017-5753 and CVE-2017-5715 are the official references to Spectre. CVE is the Standard for Information Security Vulnerability Names maintained by MITRE.

What is the CVE-2017-5754?

CVE-2017-5754 is the official reference to Meltdown. CVE is the Standard for Information Security Vulnerability Names maintained by MITRE.

Can I see Meltdown in action?

Both the Meltdown and Spectre logo are free to use, rights waived via  CC0. Logos are designed by  Natascha Eibl.

LogoLogo with textCode illustration
Meltdown PNG   /    SVG PNG   /    SVG PNG   /    SVG
Spectre PNG   /    SVG PNG   /    SVG PNG   /    SVG

Where can I find official infos/security advisories of involved/affected companies?

Link
Intel Security Advisory    /     Newsroom    /     Whitepaper
ARM Security Update
AMD Security Information
RISC-V Blog
NVIDIA Security Bulletin   /    Product Security
Microsoft Security Guidance    /     Information regarding anti-virus software    /     Azure Blog    /     Windows (Client)    /     Windows (Server)
Amazon Security Bulletin
Google Project Zero Blog    /     Need to know
Android Security Bulletin
Apple Apple Support
Lenovo Security Advisory
IBM Blog
Dell Knowledge Base   /    Knowledge Base (Server)
HP Vulnerability Alert
Huawei Security Notice
Synology Security Advisory
Cisco Security Advisory
F5 Security Advisory
Mozilla Security Blog
Red Hat Vulnerability Response   /    Performance Impacts
Debian Security Tracker
Ubuntu Knowledge Base
SUSE Vulnerability Response
Fedora Kernel update
Qubes Announcement
Fortinet Advisory
NetApp Advisory
LLVM Spectre (Variant #2) Patch   /    Review __builtin_load_no_speculate   /    Review llvm.nospeculateload
CERT Vulnerability Note
MITRE CVE-2017-5715   /    CVE-2017-5753    /     CVE-2017-5754
VMWare Security Advisory   /    Blog
Citrix Security Bulletin   /    Security Bulletin (XenServer)
Xen Security Advisory (XSA-254)   /    FAQ

Acknowledgements

We would like to thank Intel for awarding us with a bug bounty for the responsible disclosure process, and their professional handling of this issue through communicating a clear timeline and connecting all involved researchers. Furthermore, we would also thank ARM for their fast response upon disclosing the issue.

This work was supported in part by the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation programme (grant agreement No 681402).

This work was supported in part by NSF awards #1514261 and #1652259, financial assistance award 70NANB15H328 from the U.S. Department of Commerce, National Institute of Standards and Technology, the 2017-2018 Rothschild Postdoctoral Fellowship, and the Defense Advanced Research Project Agency (DARPA) under Contract #FA8650-16-C-7622.

Source: Meltdown and Spectre

Vulnerability in phpMyAdmin

Vulnerability in phpMyAdmin Requires Immediate Patch

critical CSRF Vulnerability in phpMyAdmin Database administration tool has been found and a patch is available for all computers and servers running the MySQL database.

If you are using phpMyAdmin,

Contact your web host to ensure it’s updated immediately.

If you are self-hosted and manage your own server, update phpMyAdmin immediately.

If you are using WordPress or phpMyAdmin and MySQL on your computer through WAMPMAMPXAMPPInstant WordPressDesktopServerBitNami or any of the other ways you can install WordPress on your computer or a stick (USB), update phpMyAdmin by using the patch or check the install technique’s site for updates.

If you are using WordPress.com, don’t worry. This does not apply to you or your site.

The flaw affects phpMyAdmin versions 4.7.x prior to 4.7.7. Hopefully, your server/web host company has been updating phpMyAdmin all along and you don’t need to worry, but even though this is a medium security vulnerability, it is your responsibility as a site owner and administrator to ensure that your site is safe. Don’t just rely on GoDaddy, Dreamhost, or whatever hosting service you use to take care of these things for you. Sometimes they are on top of these before an announcement is made public. Other times, they are clueless and require customer intervention and nagging.

Now, what is phpMyAdmin?

MySQL is an open source database program, and phpMyAdmin is the free, open source tool that makes the administration and use of MySQL easier to manage. It is not a database. It is a database manager. You can easily search and replace data in the database, make changes, and do other maintenance and utility tasks in the database.

To find out if phpMyAdmin is installed on your site:

    1. Check with your web host and ask. Don’t expect their customer service staff to know for sure. Make them check your account and verify whether or not it is installed, and if they’ve updated. Push them for a specific answer.
    2. Check the site admin interface (cPanel, Plesk, etc.) to see if it is installed.
    3. Log into your site through secure FTP into the root (if you have access) and look for the installation at /usr/share/phpmyadmin or localhost/phpmyadmin. Unfortunately, it could be anywhere depending upon the installation as these are virtual folders, not folders found on your computer, so it must be assigned to a location.

Full Source at : Vulnerability in phpMyAdmin Requires Immediate Patch « Lorelle on WordPress

How to protect your PC from the major Meltdown and Spectre CPU flaws

UPDATE How to protect your PC from the major Meltdown and Spectre CPU flaws Stay safe(r) with this guide.

UPDATE

How to protect your PC from the major Meltdown and Spectre CPU flaws

thinkstockphotos 499123970 laptop security

A pair of nasty CPU flaws exposed this week have serious ramifications for home computer users. Meltdown and Spectre let attackers access protected information in your PC’s kernel memory, potentially revealing sensitive details like passwords, cryptographic keys, personal photos and email, or anything else you’ve used on your computer. It’s a serious flaw. Fortunately, CPU and operating system vendors pushed out patches fast, and you can protect your PC from Meltdown and Spectre to some degree.

It’s not a quick one-and-done deal, though. They’re two very different CPU flaws that touch every part of your operating system, from hardware to software to the operating system itself. Check out PCWorld’s Meltdown and Spectre FAQ for everything you need to know about the vulnerabilities themselves. We’ve cut through the technical jargon to explain what you need to know in clear, easy-to-read language. We’ve also created an overview of how the Spectre CPU bug affects phones and tablets.

The guide you’re reading now focuses solely on protecting your computer against the Meltdown and Spectre CPU flaws.

Editor’s note: This article was last updated to update the situation with antivirus conflicts and the Windows 10 patch, and to remove a link to an Intel support page for an unrelated vulnerability, SA-00086. 

How to protect your PC against Meltdown and Spectre CPU flaws

Here’s a quick step-by-step checklist, followed by the full process.

  • Update your operating system
  • Check for firmware updates
  • Update your browser
  • Keep your antivirus active

First, and most important: Update your operating system right now. The more severe flaw, Meltdown, affects “effectively every [Intel] processor since 1995,” according to the Google security researchers that discovered it. It’s an issue with the hardware itself, but the major operating system makers have rolled out updates that protect against the Meltdown CPU flaw.

windows update meltdown

Brad Chacos/IDG

Where to update Windows 10.

Microsoft pushed out an emergency Windows patch late in the day on January 3. If it didn’t automatically update your PC, head to Start > Settings > Update & Security > Windows Update, then click the Check now button under “Update status.” (Alternatively, you can just search for “Windows Update,” which also works for Windows 7 and 8.) Your system should detect the available update and begin downloading it. Install the update immediately.

You might not see the update, though. Some antivirus products aren’t playing nice with the emergency patch, causing Blue Screens of Death and boot-up errors. Microsoft says it’s only “offering the Windows security updates released on January 3, 2018 to devices running anti-virus software from partners who have confirmed their software is compatible with the January 2018 Windows operating system security update.” Security researcher Kevin Beaumont is maintaining an updated list of antivirus compatibility status. Most are supported at this point. If your AV isn’t supported, do not manually download the Meltdown patch unless you turn it off and switch to Windows Defender first.

But machines with compatible antivirus still may not automatically apply the update. If you’re sure your security suite won’t bork your system, you can also download the Windows 10 KB4056892 patch directly here. You’ll need to know whether to grab the 32-bit (x86) or 64-bit (x64) version of the update. To determine if your PC runs a 32- or 64-bit version of Windows, simply type “system” (without the quotation marks) into Windows search and click the top listing. It’ll open a Control Panel window. The “System type” listing will tell you which version of Windows you’re running. Most PCs released in the past decade will be using the 64-bit operating system.

windows system info
The System information you’re looking for.

Apple quietly worked Meltdown protections into macOS High Sierra 10.13.2, which released in December. If your Mac doesn’t automatically apply updates, force it by going into the App Store’s Update tab. Chromebooks should have already updated to Chrome OS 63 in December. It contains mitigations against the CPU flaws. Linux developers are working on kernel patches. Patches are also available for the Linux kernel.

Now for the bad news. The operating system patches will slow down your PC, though the extent varies wildly depending on your CPU and the workloads you’re running. Intel expects the impact to be fairly small for most consumer applications like games or web browsing, and initial testing supports that. Our FAQ digs into potential PC performance slowdowns from the patches. You still want to install the updates for security reasons.

Check for a firmware update

Core i7-8700K Coffee Lake

Gordon Mah Ung

Intel’s Core i7-8700K CPU is vulnerable to Meltdown and Spectre.

Because Meltdown’s CPU exploits exist on a hardware level, Intel is also releasing firmware updates for its processors. “By the end of next week, Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years,” it said in a statement on January 4.

Actually getting those firmware updates is tricky, because firmware updates aren’t issued directly from Intel. Instead, you need to snag them from the company that made your laptop, PC, or motherboard—think HP, Dell, Gigabyte, et cetera. Most prebuilt computers and laptops have a sticker with model details somewhere on their exterior. Find that, then search for the support page for your PC or motherboard’s model number.

Update your browser

You also need to protect against Spectre, which tricks software into accessing your protected kernel memory. Intel, AMD, and ARM chips are vulnerable to Spectre to some degree. Software applications need to be updated to protect against Spectre. The major PC web browsers have all issued updates as a first line of defense against nefarious websites seeking to exploit the CPU flaw with Javascript.

chrome site isolation
Enabling Site Isolation in Chrome 63.

Microsoft updated Edge and Internet Explorer alongside Windows 10. Firefox 57 also wraps in some Spectre safeguards. Chrome 63 made “Site Isolation” an optional experimental feature. You can activate it right now by entering chrome://flags/#enable-site-per-process into your URL bar, then clicking Enable next to “Strict site isolation.” Chrome 64 will have more protections in place when it launches on January 23.

Keep your antivirus active

Finally, this ordeal underlines how important it is to keep your PC protected. The Google researchers who discovered the CPU flaws say that traditional antivirus wouldn’t be able to detect a Meltdown or Spectre attack. But attackers need to be able to inject and run malicious code on your PC to take advantage of the exploits. Keeping security software installed and vigilant helps keep hackers and malware off your computer. Plus, “your antivirus may detect malware which uses the attacks by comparing binaries after they become known,” Google says.

Source: How to protect your PC from the major Meltdown and Spectre CPU flaws | PCWorld

Meltdown and Spectre: ‘worst ever’ CPU bugs affect virtually all computers | Technology | The Guardian

Everything from smartphones and PCs to cloud computing affected by major security flaw found in Intel and other processors – and fix could slow devices

Meltdown and Spectre security flaws now have their own logos.
 Meltdown and Spectre security flaws: so big they have their own logos. Photograph: tcareob72/Natascha Eibl/Getty Images/iStockphoto

Serious security flaws that could let attackers steal sensitive data, including passwords and banking information, have been found in processors designed by Intel, AMD and ARM.

The flaws, named Meltdown and Spectre, were discovered by security researchers at Google’s Project Zero in conjunction with academic and industry researchersfrom several countries. Combined they affect virtually every modern computer, including smartphones, tablets and PCs from all vendors and running almost any operating system.

Meltdown is “probably one of the worst CPU bugs ever found”, said Daniel Gruss, one of the researchers at Graz University of Technology who discovered the flaw.

Q&A

What can I do about the Meltdown and Spectre flaws?

Meltdown is currently thought to primarily affect Intel processors manufactured since 1995, excluding the company’s Itanium server chips and Atom processors before 2013. It could allow hackers to bypass the hardware barrier between applications run by users and the computer’s core memory. Meltdown, therefore, requires a change to the way the operating system handles memory to fix, which initial speed estimates predict could affect the speed of the machine in certain tasks by as much as 30%.

The Spectre flaw affects most modern processors made by a variety of manufacturers, including Intel, AMD and those designed by ARM, and potentially allows hackers to trick otherwise error-free applications into giving up secret information. Spectre is harder for hackers to take advantage of but is also harder to fix and would be a bigger problem in the long term, according to Gruss.

Intel and ARM insisted that the issue was not a design flaw, although it will require users to download a patch and update their operating system to fix.

Intel
Pinterest
 ‘Intel has begun providing software and firmware updates to mitigate these exploits,’ said the company in statement Photograph: Fabian Bimmer/Reuters

“Intel has begun providing software and firmware updates to mitigate these exploits,” Intel said in a statement, denying that fixes would slow down computers based on the company’s chips. “Any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.”

Google said it informed the affected companies about the Spectre flaw on 1 June 2017 and later reported the Meltdown flaw before 28 July 2017. Both Intel and Google said they were planning to release details of the flaws on 9 January, when they said more fixes would be available, but that their hand had been forced after early reports led to Intel stock falling by 3.4% on Wednesday.

Google and the security researchers it worked with said it was not known whether hackers had already exploited Meltdown or Spectre and that detecting such intrusions would be very difficult as it would not leave any traces in log files.

Dan Guido, chief executive of cybersecurity consulting firm Trail of Bits, said that he expects hackers will quickly develop code they can use to launch attacks exploiting the vulnerabilities. He said: “Exploits for these bugs will be added to hackers’ standard toolkits.”

Researchers said Apple and Microsoft had patches ready for users for desktop computers affected by Meltdown, while a patch is also available for Linux. Microsoft said it was in the process of patching its cloud services and had released security updates on 3 January for Windows customers.

“All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time,” said Apple in a blog post, in reference to the fact that although the security flaws make it possible to steal data using malicious software, there was no evidence to suggest that this had happened.

The company advised customers to update their devices’ operating systems and only download software from “trusted sources such as the App Store”.

Google said that Android devices running the latest security updates were protected, including its own Nexus and Pixel devices, and that users of Chromebooks would have to install updates.

ARM said that patches had already been shared with the companies’ partners.

AMD said it believes there “is near zero risk to AMD products at this time.”

Cloud services are also affected by the security problems. Google said it updated its G Suite and cloud services, but that some additional customer action may be needed for its Compute Engine and some other Cloud Platform systems.

Amazon said all but a “small single-digit percentage” of its Amazon Web Services EC2 systems were already protected, but that “customers must also patch their instance operating systems” to be fully protected.

It was not immediately clear whether Intel would face any significant financial liability arising from the reported flaw.

“The current Intel problem, if true, would likely not require CPU replacement in our opinion. However the situation is fluid,” Hans Mosesmann of Rosenblatt Securities in New York said in a note, adding it could hurt the company’s reputation.

Source: Meltdown and Spectre: ‘worst ever’ CPU bugs affect virtually all computers | Technology | The Guardian

Updated Debian 9: 9.3 released

The Debian project is pleased to announce the third update of its stable distribution Debian 9 (codename stretch). This point release mainly adds corrections for security issues, along with a few adjustments for serious problems. Security advisories have already been published separately and are referenced where available.

Please note that the point release does not constitute a new version of Debian 9 but only updates some of the packages included. There is no need to throw away old stretch media. After installation, packages can be upgraded to the current versions using an up-to-date Debian mirror.

Those who frequently install updates from security.debian.org won’t have to update many packages, and most such updates are included in the point release.

New installation images will be available soon at the regular locations.

Upgrading an existing installation to this revision can be achieved by pointing the package management system at one of Debian’s many HTTP mirrors. A comprehensive list of mirrors is available at:

Source: Debian — News — Updated Debian 9: 9.3 released

Ubuntu 17.10 no longer available for download

Ubuntu 17.10 no longer available for download due to LENOVO bios getting corrupted

Posted onin CategoriesLinux News last updated December 25, 2017

ubuntu-17-download-disabled
Lenovo is a Chinese multinational technology company that is well known for LENOVO laptops, desktops and other IT equipment. The download of Ubuntu Linux 17.10 is currently discouraged due to an issue on specific Lenovo laptop models that are causing BIOS corruption or laptop bricking.

From the page:

Many users are reporting issues with bios corruption with Ubuntu Linux 17.10. This seems to stem from enabling the intel-spi-* drivers in the kernel, which don’t appear to be ready for use on end-user machines. It’s not possible to save new settings in BIOS anymore and after rebooting, the system starts with the old settings. Moreover (and most important) USB booting is not possible anymore since USB is not recognized. It’s very serious, since our machines do not have a CDROM.

Ubuntu Linux 17.10 and LENOVO/others machines affected so far

  1. Lenovo B40-70
  2. Lenovo B50-70
  3. Lenovo B50-80
  4. Lenovo Flex-3
  5. Lenovo Flex-10
  6. Lenovo G40-30
  7. Lenovo G50-70
  8. Lenovo G50-80
  9. Lenovo S20-30
  10. Lenovo U31-70
  11. Lenovo Y50-70
  12. Lenovo Y70-70
  13. Lenovo Yoga Thinkpad (20C0)
  14. Lenovo Yoga 2 11″ – 20332
  15. Lenovo Z50-70
  16. Lenovo Z51-70
  17. Lenovo ideapad 100-15IBY

The bug also affects Acer laptop models:

  1. Acer Aspire E5-771G
  2. Acer TravelMate B113
  3. Acer TravelMate B113
  4. Toshiba Satellite S55T-B5233
  5. Toshiba Satellite L50-B-1R7
  6. Toshiba Satellite S50-B-13G
  7. Dell Inspiron 15-3531
  8. Mediacom Smartbook 14 Ultra M-SB14UC

It seems like Yoga series is mostly affected. ThinkPads are not affected by this issue. You can still download and use Ubuntu Linux 16.10. Personally, I have no issues with my LENOVO x230. I am writing this post on X230 laptop with Ubuntu 17.10. To find out your Linux distro name/release:
$ lsb_release -a
Sample outputs:

No LSB modules are available.
Distributor ID:Ubuntu
Description:Ubuntu 17.10
Release:17.10
Codename:artful

Linux kernel version:
$ uname -r
4.13.0-19-generic

You can use the dmidecode command to find out more about your bios and laptoptoo:
$ sudo dmidecode | more
$ sudo dmidecode -t 1

Sample outputs:

# dmidecode 3.1
Getting SMBIOS data from sysfs.
SMBIOS 2.7 present.

Handle 0x000D, DMI type 1, 27 bytes
System Information
Manufacturer: LENOVO
Product Name: 2325YX3
Version: ThinkPad X230
Serial Number: xxxxxx
UUID: 78E94B81-5244-11CB-BF24-zzzzzzzz
Wake-up Type: Power Switch
SKU Number: LENOVO_MT_2325
Family: ThinkPad X230

A note about other Linux distros

The bug seems to related to intel-spi-* drivers in the Linux kernel. So it is entirely possible that other Linux distro might be affected too. Check your Linux distribution mailing list or bug tracker for more info.

Bricking Linux based systems using rm

This reminds me of an older bug in BIOS. Back in 2016 many Linux based system were affected by another bug:

Deleting all files starting at the root (i.e. rm -rf /) is generally ill-advised; it is almost always a mistake of some sort. But, even if it is done intentionally, a permanently unbootable system—a brick—is not expected to be the result. The rm command can cause all of the Extensible Firmware Interface (EFI) variables to be cleared; due to some poorly implemented firmware in some systems, that can render the device permanently unable to even run the start-up firmware.

What should I do next?

You need to wait until Ubuntu release fix. Do not install Ubuntu 17.10 on affected devices. See the following links for more info:

Source: Linux News Enthusiast Blog Post Category Archives – nixCraft

Disabling Java Plugins

Disabling Java Plugins in browser

Many security researchers and national computer security organizations caution users to limit their usage of the Java Runtime Environment (JRE), unless required for business reasons, or to remove it entirely, including disabling Java plug-ins in web browsers.

Listed below are instructions for disabling Java plug-ins or add-ons in common web browsers.

Note: On systems with multiple user accounts, you may need to disable the plug-ins in each individual user account.

Mozilla Firefox

1.) From the main menu bar, select ‘Tools’ > ‘Add-ons’ > ‘Plugins’ (or press the key combination ‘Ctrl+Shift+A’).
2.) Look for plugins containing the term ‘Java’ and click the ‘Disable’ button next to them.
3.) Restart the browser.

Apple Safari

1.) Click ‘Preferences’, then ‘Security tab’.
2.) Uncheck ‘Enable Java’.

Microsoft Internet Explorer

1.) Click ‘Tools’ > ‘ Manage add-ons’.
2.) Select any add-ons with the name ‘Java’, then click the ‘Disable’ button.
3.) Restart the browser.

 

More
You can also disable Java from the Microsoft Windows Control Panel
1.) In Window’s Control Panel, click on ‘Java’; a Java Control Panel will appear.
2.) In the Java Control Panel, select the ‘Java’ tab and click the ‘View’ button.
3.) For any JRE versions listed, uncheck the ‘Enabled’ box. Click ‘OK’.
4.) In the Java Control Panel, click ‘Apply’ or ‘OK’.

Removing ‘Police-themed’ Ransomware

Removing ‘Police-themed’ Ransomware

Ransomware is a type of harmful program that extorts money from a user by taking control of their device or data, then demanding a ransom for its return. ‘Police-themed’ ransomware disguise their ransom demands as official-looking warning messages from a local law enforcement agency.

The criminals responsible for ransomware usually distribute them using trojans or exploit kits. When it is run on a computer or device, the ransomware will first try and ‘lock’ or encrypt the device or its contents. Next, the ransom demand is displayed, usually in a text file or a webpage. Some ransomware also change the desktop background to display the demand.

If the affected device or data is confidential, business-critical or irreplaceable, the impact of a ransomware infection can be very disruptive. Ransomware exploit the user’s shock, embarrassment and fear to pressure them into paying the ransom demanded.

EXAMPLES OF ‘POLICE-THEMED’ RANSOM DEMANDS

‘Police-themed’ ransom demand

Though earlier ransomware samples we saw tended to be simple, blatant attempts at extortion, recent ones have been more subtle in design.

From 2012 onwards, we started seeing ransomware using the names, visual images and language of various law enforcement agencies to make their ransom demands look like official writs, usually regarding some alleged offense that the user supposedly committed.

The details of the ransom demand vary depending on the user’s geographical location. The most notable examples have come from Western European countries, notably France, Germany, Finland and Italy, but other countries have also reported instances of such ransomware.

While the actuals text of the demands vary, they generally follow the same pattern:

  1. Claim that the computer or device has been ‘locked’ after the authorities identified it as being used to visit websites related to:
    • terrorism or
    • Child abuse or
    • Pornography
  2. Display the device’s IP address and other details
  3. Claim that payment of a ‘fine’ is required to settle the ‘offense’.
  4. Provide instructions for paying the ‘fine’ using cash cards, vouchers or other payment methods that are difficult to trace

Should you pay the demand?

Security researchers and law enforcement authorities strongly recommend that affected user do not pay the ransom demand. There is no guarantee that payment will restore the affected device or data.

The recommended course of action is that the user report the incident to the proper local authorities, disinfect the affected device and restore the affected data from clean backups.

In some of the cases reported to legitimate authorities however, losing control of the affected device or data has been so disruptive that the users have chosen to pay the ransom demand. This has been especially true of businesses and individuals who have no clean backups to recover from, or who have critical business machines affected by the ransomware.

Of course, it is likely that many affected users do not report an infection or ransom payment to the authorities at all.

Responding to a ransomware infection

If the worst happens and ransomware does infect your device, there are a couple of steps you can take to contain the damage:

  • IMMEDIATELY disconnect the affected device or devices from the local network and/or the Internet. Doing so prevents the infection from spreading to other connected devices.
  • Scan all connected devices and /or cloud storage for similar flaws and additional threats. Not only should other connected devices and storage media be checked for infection by the same threat, but also for any other threats that may have been installed on the side.
  • If possible, identify the specific ransomware responsible. Knowing the specific family involved makes it easier to search online for information about remedial options. The ID-Ransomware project site may be able to help you identify the ransomware involved.

You can find more about responding to a ransomware infection at:

You may also be interested to check out:

No More Ransom!

This is an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre and security researchers aims to help victims retrieve their encrypted data without having to pay the criminals responsible for the threat.

Removing ‘police-themed’ ransomware

In most cases, F-Secure’s security products will will automatically detect and remove a ransomware file.

For certain ransomware families, manual removal is also possible, though it is only recommended for a technically skilled user.

Automatic Removal

We detect police-themed ransomware with multiple detections, including Trojan:W32/RevetonTrojan:W32/Ransom and generics.

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

For users who do not have an F-Secure security product installed, in most cases our Online Scanner removal tool is able to detect and automatically remove the ransomware.

Manual Removal

Trojan:W32/Reveton and Trojan:W32/Urausy variants may also be manually removed from the machine, using the following instructions:

CAUTION: Manual disinfection is a risky process; it is recommended only for advanced users. Otherwise, seek professional technical assistance.

  1. Boot the system into ‘Safe Mode with Command Prompt.’ To do so:
    • First, restart the system (Click Start, then Shut Down, select Restart in the drop-down dialog box that appears, then click OK).
    • As the computer restarts but before Windows launches, press F8.
    • Use the arrow keys to highlight ‘Safe Mode with Command Prompt’ and then press Enter.
  2. In the command prompt, type “regedit” and press Enter.
  3. Look for the following registry values and remove them.
    • For Reveton

      Delete the “ctfmon.exe” registry value from HKEY_CURRENT_USER\Software \Microsoft\Windows\CurrentVersion\Run

    • For Urausy

      Delete the “shell” registry value from HKEY_CURRENT_USER\Software\ Microsoft\WindowsNT\CurrentVersion\ Winlogon ONLY IFthese two conditions are met:

      1. The “shell” registry value is located under HKEY_CURRENT_USER and NOT HKEY_LOCAL_MACHINE.

        WARNING! Deleting the “shell” value if it is listed under HKEY_LOCAL_MACHINE may break the Windows system.

      2. There is a reference to a .dat file (e.g. skype.dat) in the value data.
  4.   Reboot the system again, this time into Normal mode.
  5.   Finally, run a full computer scan to repair any remaining files.

 

Source: Removing ‘Police-themed’ Ransomware | F-Secure Labs

How to connect to a MySQL database

MySQL
Setup to connect locally
create user username@localhost identified by ‘secret password’;
create database thor character set utf8;
grant all on thor.* to thor@localhost;

select User,Host from mysql.user;
SHOW GRANTS;
SHOW GRANTS FOR CURRENT_USER;

Setup to connect remotely
mysql> GRANT ALL ON fooDatabase.* TO fooUser@’1.2.3.4′ IDENTIFIED BY ‘my_password’;

This statement will grant ALL permissions to the newly created user fooUser with a password of ‘my_password’ when they connect from the IP address 1.2.3.4.

Testing Remotely
Now you can test your connection remotely. You can access your MySQL server from another Linux server:

# mysql -u fooUser -p -h 44.55.66.77
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 17
Server version: 5.0.45 Source distribution

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the buffer.

mysql> _

Windows Backup

Windows Defender Offline
About Windows Defender

F-Secure Removal tool

Kaspersky Rescue Disk

Microsoft Essentials Antivirus

DropBox Downloads
Skydrive Downloads

I dag då man har det mästa av sina minnen och dokument i digital form, lagrade på telefon och dator måste man ta till lite försigtighetsreglar.
Backup, backup och backup. Inga ursäktar för att undlåta göra detta. Hårddiskar krasjar, mobiltelefoner tappas, virus infektioner osv.

Jag anbefaller ett par enkla förebyggande steg. Backup är det alltid bra att ha på flera ställen. Här anbefaller jag två gratis tjänster. Dropbox och Skydrive , båda gratis i standard versionerna och fullt åtkomliga från båda smartphone och PC. Automatisk synkning osv. Kopplar du en digitalkamera eller din smartphone till datorn, laddar dom automatisk upp nya filer eller foto, synkroniserar med backuppen.

Man bör också, Innan katastrofen inträffar skapa sig en Windows Reparations Disk att ha i vertygslådan. Med hjälp av denna kan man f.ex kunna boota upp och reparera skadade operativsystem filer.

Så här skapar du en systemreparationsskiva

Öppna Säkerhetskopierings- och återställningscenter genom att klicka på StartBild av Start-knappen, Kontrollpanelen, System och underhåll och sedan på Säkerhetskopiering och återställning.

Klicka på Skapa en systemreparationsskiva till vänster och följ sedan instruktionerna. Administratörsbehörighet krävs Om du uppmanas att ange administratörslösenord eller bekräftelse, följer du uppmaningen.


Obs!
Om du uppmanas att sätta in en installationsskiva för Windows beror detta på att det inte går att hitta de filer som krävs för att skapa systemreparationsskivan på datorn. Sätt in en installationsskiva för Windows 7.

Så här använder du systemreparationsskivan

Sätt in systemreparationsskivan i DVD- eller CD-enheten.

Starta om datorn med hjälp av datorns strömbrytare.

Om du uppmanas till det trycker du på en valfri tangent för att starta datorn från systemreparationsskivan.

Om datorn inte har konfigurerats att starta från en cd eller dvd läser du den information som medföljde datorn. Du kan behöva göra ändringar i datorns BIOS-inställningar.

Välj språkinställningar och klicka på Nästa.

Välj ett återställningsalternativ och klicka sedan på Nästa.