Chrome is throwing false 'Malware' detection for Free Republic

As you know I work for the Fedgov, and the government schooled me pretty well on stuff to look out for: XSS, XSRF, MiM attacks, Link injection, image injection, SQL injection (obviously), and even cross-tab hijacks (which are EXTREMELY devious and VERY inventive) — in which a dead tab of yours is made to mock up a secure login page in your accessible browser visit history. That’s why I never re-login to a page if it expires. I will request a serve-up a new login page if I ever time out. That prevents the attack from the user perspective. The only way to prevent it programmatically is to close all but focused tabs, which is not only difficult but impractical. Of course, a polished firewall and refusing to allow Java helps with that one, too.

Now the one they are using lately is serving up malicious code inside images/videos/music, and hoping that they can hook into editing or ‘playback’ executables. If they can spoof Paint into running something embedded in a picture, for example, they just might get machine code running. It is tricky as hell to pull it off, but I’ve heard of one or two successful hacks using it.

Here’s a mildly interesting and completely defensible, less dangerous technique some hackers are using. It relies too much on user cooperation to get it going. http://www.tgdaily.com/security-features/51056-embedded-malware-hidden-in-image-files

The really tricky ones are the ones that use image software itself as the hook, and they are particularly dangerous if various ‘semi-executable’ templates are used by the user.

It’s probably why Adobe keeps on sending me security patches. LOL

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.