flat assembler
Message board for the users of flat assembler.
 Home   FAQ   Search   Register 
 Profile   Log in to check your private messages   Log in 
flat assembler > Heap > Windows 10

Goto page Previous  1, 2, 3 ... 27, 28, 29
Author
Thread Post new topic Reply to topic
sleepsleep



Joined: 05 Oct 2006
Posts: 7191
Location: ˛                              ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣ Posts: 6699


revolution wrote:

sleepsleep wrote:
windows defender loves to scan every files inside your pendrive whenever you plug in the device, my question is, does all the scanned files filename and size get stored? because i suspect this kinda information are stored, and probably transferred out from our computer,

Yes. But this would be no different from any other AV though. They all send out stuff to the mother-ship whenever they feel like it.


this is so scary, damn, so scary,
i hate those explorer (i think some exists in linux) that scan all your files, and try to create the damn thumbnails, word, pdf, pictures, videos, wtf, and cached them,

further more, those cloud agents, can upload any files they want into the main cloud, all our files, Laughing by reading chunk by chunk into different memory files, upload them onto net, who know and who could actually spot what actually being uploaded,

crazy shits, but any software inside our pc could does this, easily, damn it,

the os must allow user to set permission for program in api level, not just the read/write and group, exec, looking forward this feature in android, linux and windows
Post 12 May 2018, 13:17
View user's profile Send private message Reply with quote
Furs



Joined: 04 Mar 2016
Posts: 1133


sleepsleep wrote:
this is so scary, damn, so scary,
i hate those explorer (i think some exists in linux) that scan all your files, and try to create the damn thumbnails, word, pdf, pictures, videos, wtf, and cached them,

Like database indexers, and yeah I fucking hate their guts, but it's easy to disable them in Linux since they're either cron jobs or systemd timers. In worst case, just remove their files and that's that (or unset the 'execute' bit on the files).


sleepsleep wrote:
further more, those cloud agents, can upload any files they want into the main cloud, all our files, Laughing by reading chunk by chunk into different memory files, upload them onto net, who know and who could actually spot what actually being uploaded,

Never used a "cloud agent", if you want to upload to the cloud, do it with the (sandboxed) browser, is that so hard? I'm always amazed at the amount of JUNK people install and use on their PCs.


sleepsleep wrote:
crazy shits, but any software inside our pc could does this, easily, damn it,

the os must allow user to set permission for program in api level, not just the read/write and group, exec, looking forward this feature in android, linux and windows

Nah, you just need a different mindset: deny by default.

Internet access? DENY it for ALL apps except those you handpick (e.g. your browser). Just block the outgoing access: the connections that aren't negotiated are dropped anyway, no need for input rule. How do you do that?

Run the internet apps as another user, and the user you log in with has no internet access at all. Bonus: the user with internet access that runs the browser can also be denied access to most of your personal files.
Post 12 May 2018, 13:32
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 15733
Location: Crossing the Cauchy horizon


sleepsleep wrote:
the os must allow user to set permission for program in api level, not just the read/write and group, exec, looking forward this feature in android, linux and windows

Say hello to your firewall. As Furs says, put it into deny by default.
Post 12 May 2018, 14:04
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 7191
Location: ˛                              ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣ Posts: 6699


Furs wrote:

Nah, you just need a different mindset: deny by default.



revolution wrote:

Say hello to your firewall. As Furs says, put it into deny by default.


thumbs up, now they just need to focus on the browser to crack the whole thing,


Furs wrote:

Run the internet apps as another user, and the user you log in with has no internet access at all. Bonus: the user with internet access that runs the browser can also be denied access to most of your personal files.


is such setting possible in windows? 7,8,8.1, or 10? using the default windows firewall?
Post 12 May 2018, 19:01
View user's profile Send private message Reply with quote
Furs



Joined: 04 Mar 2016
Posts: 1133


sleepsleep wrote:
thumbs up, now they just need to focus on the browser to crack the whole thing,

I'd rather have a fortified safe with one door they need to crack, than a house with doors on every wall so they have a choice of where to break in from, you know. Wink


sleepsleep wrote:
is such setting possible in windows? 7,8,8.1, or 10? using the default windows firewall?

No idea, I haven't used Windows connected online for a very long time, and when I did, I never used Windows Firewall, but 3rd party firewalls, which allowed you to make such rules (also per-application, not just per-user, but it was more involved).
Post 13 May 2018, 00:52
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 7191
Location: ˛                              ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣ Posts: 6699

Internet Explorer zero-day: browser is once again under attack
https://blog.malwarebytes.com/threat-analysis/2018/05/internet-explorer-zero-day-browser-attack/


Quote:

In late April, two security companies (Qihoo360 and Kaspersky) independently discovered a zero-day for Internet Explorer (CVE-2018-8174), which was used in targeted attacks for espionage purposes. This marks two years since a zero-day has been found (CVE-2016-0189 being the latest one) in the browser that won’t die, despite efforts from Microsoft to move on to the more modern Edge.

Post 13 May 2018, 14:21
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 15733
Location: Crossing the Cauchy horizon


sleepsleep wrote:
Internet Explorer zero-day: browser is once again under attack
https://blog.malwarebytes.com/threat-analysis/2018/05/internet-explorer-zero-day-browser-attack/


Quote:

In late April, two security companies (Qihoo360 and Kaspersky) independently discovered a zero-day for Internet Explorer (CVE-2018-8174), which was used in targeted attacks for espionage purposes. This marks two years since a zero-day has been found (CVE-2016-0189 being the latest one) in the browser that won’t die, despite efforts from Microsoft to move on to the more modern Edge.


Yet another scripting attack. This time a VBScript, not JS. I didn't even know that IE could execute VB code from random websites. Shocked

Why do people still trust random websites to run code? That is just crazy IMO.
Post 13 May 2018, 14:51
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 7191
Location: ˛                              ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣ Posts: 6699

Image
whose pc, whose windows, i cant even change my feedback option, damn it, windows 10
Post 21 May 2018, 09:08
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2, 3 ... 27, 28, 29

< Last Thread | Next Thread >

Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Main index   Download   Documentation   Examples   Message board
Copyright © 2004-2018, Tomasz Grysztar.
Powered by rwasa.