Hello, welcome to the Monday, June 20th, 2016 edition of the Santernet Storm Center's Stormcast.

My name is Johannes Ulrich.

And today I'm recording from Jacksonville, Florida.

We still see a lot of malvert that arrives as a sipped JavaScript file.

The problem here is that if you open such a JavaScript file on your system,

it doesn't run in the browser. Instead, it actually runs with the shell and JavaScript in this

context has far-reaching abilities to download additional software, execute commands, change files and the like. So it is really

not limited by any kind of browser sandbox in this case. But there is a real simple and

effective way to prevent execution and it's just associating a different program with JavaScript

files in particular, Notepad.

This way if a user does double click on a JavaScript file, it just opens in Notepad

and doesn't actually execute.

This should have minimum effects on the users.

Users aren't really supposed to run JavaScript files like that,

but it does protect the user from accidentally executing these files.

And as one of our readers comment, you should of course apply the same trick to various other scripting languages

that your users don't really need and just by associating them with Notepad, you essentially

make these exploits less likely to succeed.

And if you received the last couple of days an email from Log Me In that your password was

reset, well, the reason behind this is the same as we have seen for other large sites.

Team Viewer, sort of a Log Me in competitor had issues with accounts getting compromised

just due to password reuse,

...