When I'm logged in my bar at the top usually shows that the site is secure. Except for two threads - election results and coronavirus thread. Any ideas why?
View attachment 99148
View attachment 99149
View attachment 99150
Secure vs non-secure on some threads
- Thread starter FLA45fan
- Start date
- Status
It's not the threads, it's only those two pages in those threads (and possibly others I haven't seen) and it's because of links posted by members to sites that do not have a secure certificate. Has nothing to do with our SSL.
I've found links to thegatewaypundit.com and themostimportantnews.com to be the culprits on those two pages
Yeah close. Not the images, but direct links to pages on non-secure sites.
Not really our issue or much of a security threat, but I would consider it perhaps.. kinda-sorta.. bad form to send people to non-secure sites and so I've deleted those posts with links to those sites and you'll now see those pages are shown as secure.
For the reasons in the links below, I set my email client to not automatically download picture when I open email.
ccm.net
www.zdnet.com
umbrella.cisco.com
www.sentinelone.com
Can a JPEG File contain a virus?
A picture or photo in your PC can have different file extensions, such as jpeg, bmp, etc. In this article we will explain how these files can be altered to contain viruses that could harm your computer.
ccm.net
LokiBot malware now hides its source code in image files
The sophisticated malware has been upgraded to hide its source code in seemingly innocent images.
www.zdnet.com
Picture perfect: How JPG EXIF data hides malware
Learn some of the techniques hackers use to embed malware in jpgs, how to identify it and how to keep yourself protected!
umbrella.cisco.com
What is Steganography? - Protecting from Malicious Images
Discover Steganography's secrets, how malware exploits it, and strategies to safeguard against malicious image-based attacks.
www.sentinelone.com
Malwarebytes (premium) is your friend.
This thread is a little bit all over the place, so just for the sake of clarity here I feel like it's important to note that SSL secure servers vs. non-secure servers really has basically nothing at all to do with malware.
There are some ways that malware (generally that you must already be infected with) can make use of unsecured connections, but that's a complicated topic and really not especially important here.
The point here is that what a secure server really means is that all data transmitted between the server and client (you) happens over an established encrypted connection. Greatly simplified, but all you really need to know, this protects against interception of data you enter to a site. Entering passwords, credit card data, etc and so on is protected from anyone in a position to snoop on it. On a non-secure server, this data would not be encrypted and anyone with access to some point in the network path could see that entered data plainly.
So... this is why I say, somewhat non-committally, that it's "kinda-sorta" bad to link to unsecure sites. There's not much of a threat at all (if any) to simply read an article on a non-secure site (on which you aren't entering any personal data somewhere). There are some aspects to that statement that could be debated.. sort of, and so I say it with that slight trepidation. More than anything really though, it's a just a bad look to be SSL un-secured these days, and MAY say something about a site.
I don't like that pages on our site (or any site really) would be shown as unsecure simply because there are links to unsecured pages on the page. It's simply not true and a misrepresentation of the security of that page. Just poor design of the whole system as I see it, and one that could be so easily rectified with various simple solutions I can think of.
For the reasons in the links below, I set my email client to not automatically download picture when I open email.
Can a JPEG File contain a virus?
A picture or photo in your PC can have different file extensions, such as jpeg, bmp, etc. In this article we will explain how these files can be altered to contain viruses that could harm your computer.LokiBot malware now hides its source code in image files
The sophisticated malware has been upgraded to hide its source code in seemingly innocent images.Picture perfect: How JPG EXIF data hides malware
Learn some of the techniques hackers use to embed malware in jpgs, how to identify it and how to keep yourself protected!What is Steganography? - Protecting from Malicious Images
Discover Steganography's secrets, how malware exploits it, and strategies to safeguard against malicious image-based attacks.
Now as for this stuff, I definitely feel this could be quite misconstrued by most, and quite frankly those articles don't do a very good job of dissuading that. Perhaps I'll delve into this here later.
Cyber Security is complex and could discussed for years, this topic for months. I agree that the articles lack greater explanation, I just want people to be aware that attacks like this are possible. I hope that by post articles like these people might become interested and do their own research.
I am no expert but I have run my own server shared and/or vps since 1997. I agree, links to an unsecure site does not mean YOUR site is not secure as far as the purpose of SSL!
BTW, I am very much impressed with your installation of XenForo Forums - this forum is a pleasure to use and the features are great. Cloudflare serves it up fast too!
libertysnake
.338 Win Mag
For the reasons in the links below, I set my email client to not automatically download picture when I open email.
Can a JPEG File contain a virus?
A picture or photo in your PC can have different file extensions, such as jpeg, bmp, etc. In this article we will explain how these files can be altered to contain viruses that could harm your computer.
LokiBot malware now hides its source code in image files
The sophisticated malware has been upgraded to hide its source code in seemingly innocent images.
Picture perfect: How JPG EXIF data hides malware
Learn some of the techniques hackers use to embed malware in jpgs, how to identify it and how to keep yourself protected!
What is Steganography? - Protecting from Malicious Images
Discover Steganography's secrets, how malware exploits it, and strategies to safeguard against malicious image-based attacks.
You would still need something to specifically read that code, I guess, but you could conceal it as something else that legitimately views images. At leas, that's my understanding.
Opening the email itself with images wouldn't execute code but it could be delivering malicious code for use by another program -- at least, that's my understanding.
Would need something to both read those images, and specifically give them executable perms and then actually execute them that way.
ILOVEYOU - Wikipedia
How can I load an EMF file into WPF?
social.msdn.microsoft.com
Symantec Security Center
Symantec security research centers around the world provide unparalleled analysis of and protection from IT security threats that include malware, security risks, vulnerabilities, and spam.
www.symantec.com
Email security Insights | Microsoft Security Blog
Read the latest digital security insights regarding Email security from Microsoft's team of experts at Microsoft Security Blog.
How to exploit XSS with an image | Infosec
Cross-Site Scripting is one of the most common and powerful vulnerabilities on the Web. The OWASP organization has classified it in the third place in the
resources.infosecinstitute.com
libertysnake
.338 Win Mag
ILOVEYOU - Wikipedia
en.wikipedia.org
How can I load an EMF file into WPF?
Symantec Security Center
Symantec security research centers around the world provide unparalleled analysis of and protection from IT security threats that include malware, security risks, vulnerabilities, and spam.
Email security Insights | Microsoft Security Blog
Read the latest digital security insights regarding Email security from Microsoft's team of experts at Microsoft Security Blog.www.microsoft.com
How to exploit XSS with an image | Infosec
Cross-Site Scripting is one of the most common and powerful vulnerabilities on the Web. The OWASP organization has classified it in the third place in the
The two part javascript thing makes sense. This is also why I disable javascript for the most part.
There are a variety of ways the image could be executed, but with a few exceptions it seems it's a two part process.
Regardless, I, also, only render my emails in text -- which I think is both the default for Gmail and Protonmail.
- Status