Avast WEBforum

Other => General Topics => Topic started by: polonus on July 05, 2013, 11:15:25 PM

Title: Tests and other Media topics
Post by: polonus on July 05, 2013, 11:15:25 PM
Test if your IP address does not form part of Pobelka botnet: http://check.botnet.nu/infected.php
Check your IP for botnet-blacklists: http://www.robtex.com/ip/xxx.xxx.xxx.xxx.html#blacklists
Check also here: https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS

polonus
Title: Re: Do another test...
Post by: wyrmrider on July 06, 2013, 03:49:59 AM
note that the third link to the fbi asks for your IP address which is conveniently provided by the first link
cheers
Title: Re: Tests and other Media Topics
Post by: polonus on July 07, 2013, 07:51:40 PM
Test whether your dns is good: http://www.provos.org/dns_test.js?site=yoursite
and then go here: http://www.provos.org/index.php?/archives/42-DNS-and-Randomness.html

polonus
Title: Re: Tests and other Media Topics
Post by: polonus on July 10, 2013, 09:21:04 PM
A test for X-Frame-options (clickjacking) -> http://int21.de/frametest/  (courtesy/credits to Hanno Böck)
No red boxes on the left for me, all green!

polonus
Title: Re: Tests and other Media Topics
Post by: polonus on July 10, 2013, 09:41:19 PM
Not for the client site, but if you wanna scan a website, see: This one comes with a clickjacking warning: https://asafaweb.com/Scan?Url=www.ad.nl
vulnerable for clickjacking and a cookie warning (brought to us by AppHarbor making use of simple http requests...no pentesting whatsoever...)

enjoy,

polonus
Title: Re: Tests and other Media Topics
Post by: polonus on July 16, 2013, 12:08:08 AM
Not a test bit another topic of interest...

See: http://techblog.netflix.com/2013/06/html5-video-in-ie-11-on-windows-81.html
FEE is against: https://www.fsf.org/blogs/community/cancel-netflix-if-you-value-freedom
Should DRM come to HTML5 and will other browser makers being urged to follow these standards.
Netflix, Google and Microsoft are pro DRM in HTML5.
Will this mean the end of the open web we know today?
The proposal: https://dvcs.w3.org/hg/html-media/raw-file/tip/encrypted-media/encrypted-media.html

polonus
Title: Re: Tests and other Media topics
Post by: bob3160 on July 16, 2013, 12:53:46 AM
It means not needing to depend on Flash any more which has more holes than swiss cheese.
It means they'll now need to find the insecurities in HTML5. I'm sure it will not take long.  :'(
Title: Re: Tests and other Media topics
Post by: polonus on July 16, 2013, 01:04:32 PM
Hi bob3160,

That is already happening, while you start to discuss this: http://deadliestwebattacks.com/2012/05/25/html5-unbound-part-2-of-4/ (link author = Mike)
With the new features come new insecurities and again the culprit is spelled like js, right javascript. Example see here: http://stackoverflow.com/questions/12480892/framebuffer-html5-canvas-audio-api-insecure-operation-error -> audio and web page must be same origin
so you'd have to go to  about:config in firefox and disable the security.fileuri.strict_origin_policy. (credits David Humphrey).

polonus
Title: Re: Tests and other Media topics
Post by: polonus on July 16, 2013, 06:02:23 PM
So test how your bowser performs in the HTML5 test: http://html5test.com/index.html
Google Chrome has issues with Microdata.  459 points + 13 bonus points for me...
A non-html5 browser would score 78 points, but will render web applications.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on July 16, 2013, 07:35:55 PM
See: http://www.appremover.com/
downloadable free version http://www.appremover.com/download
AppRemover enables you to thoroughly uninstall many antivirus and antispyware products from your computer. It removes traces that are often left behind by the standard uninstaller, including registry keys, folders and files. AppRemover offers support for many popular antivirus/antispyware products.
Is it better as RevoUninstaller? Can it be used on an emergency USB?

Damian
Title: Re: Tests and other Media topics
Post by: polonus on July 16, 2013, 08:16:10 PM
Insecure Spy Extension amazon-1-button!

Read: http://blog.kotowicz.net/2013/07/jealous-of-prism-use-amazon-1-button.html
1-button extension in Chrome Amazon to listen in on all encrypoted SSL traffic... and they still are...
link article author = @kkotowicz
This story was confirmed here: http://www.heise.de/newsticker/meldung/Amazons-Einkaufshilfe-spioniert-Nutzer-aus-1916578.html
translate using Google Translate...

polonus
Title: Re: Tests and other Media topics
Post by: bob3160 on July 16, 2013, 11:47:54 PM
So test how your bowser performs in the HTML5 test: http://html5test.com/index.html (http://html5test.com/index.html)
Google Chrome has issues with Microdata.  459 points + 13 bonus points for me...
A non-html5 browser would score 78 points, but will render web applications.

polonus
Also using Chrome:
(http://www.screencast-o-matic.com/screenshots/u/Lh/1374011219028-34387.png)
Title: Re: Tests and other Media topics
Post by: bob3160 on July 16, 2013, 11:51:03 PM
See: http://www.appremover.com/ (http://www.appremover.com/)
downloadable free version http://www.appremover.com/download (http://www.appremover.com/download)
AppRemover enables you to thoroughly uninstall many antivirus and antispyware products from your computer. It removes traces that are often left behind by the standard uninstaller, including registry keys, folders and files. AppRemover offers support for many popular antivirus/antispyware products.
Is it better as RevoUninstaller? Can it be used on an emergency USB?

Damian
Have you already forgotten ???
http://forum.avast.com/index.php?topic=102237.msg851908#msg851908 (http://forum.avast.com/index.php?topic=102237.msg851908#msg851908)

Title: Re: Tests and other Media topics
Post by: polonus on July 17, 2013, 12:00:58 AM
Hi bob3160,

Credits go where they should.
You win. No Competition.  ;D
I just have to check the browser test results for Chrome on my new Win8 machine.  :P
The test was done on Vista.

Damian
Title: Re: Tests and other Media topics
Post by: polonus on July 18, 2013, 06:21:53 PM
Only for advanced users that know what they do!

Users with firefox that wanna go on without Java,
will find that Oracle will not uninstall everything firefox related and leaves debri behind
Whenever everything in combination with Java has been uninstalled,
just open up  regedit, go to key HKEY_LOCAL_MACHINE\Software\MozillaPlugins
delete all subkeys there starting with @java.com.
Also delete the subkey HKEY_CLASSES_ROOT\CLSID\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}.
Moreover also delete file: C:\WINDOWS\system32\npDeployJava1.dll.
Before doing this make a copy of your registry in case anything goes wrong,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on July 19, 2013, 02:20:18 PM
Marketeers want Firefox to block ad-blockers: http://www.iab.net/iablog/2013/07/has-mozilla-lost-its-values.html
Profiling can still be done, but using third party cookies made this quite easy for ad-launchers.

By the way: tracking protection in IE9 and IE 10 could also be done, use
\ EasyPrivacy (tracking protection)
\ EasyList Standard (adblock) en/of Dutch etc. EasyList (adblock)

The reason we do not want ad-blockers to leave our browsers, is that adblockers also protect us from malicious cybercriminal marketeers.
The method adfree has already been blocked in the Google Play market, because most ads do not come locally but from big sites.

polonus
Title: Re: Tests and other Media topics
Post by: mag on July 19, 2013, 02:42:56 PM
I only returned to IE in Windows after I discovered how to use tracking protection to block ads.

If firefox disables adblocking I will find a different linux browser (if I can't find a workaround).
Title: Re: Tests and other Media topics
Post by: polonus on July 20, 2013, 02:30:40 PM
Another botnet IP check. Are you in a database? https://www.check-and-secure.com/ipcheck/_en/solution/clean.php
Good I am not, and also here on Webbot/Spider check: http://bot.myip.ms/

polonus
Title: Re: Tests and other Media topics
Post by: bob3160 on July 20, 2013, 05:43:44 PM
Another botnet IP check. Are you in a database? https://www.check-and-secure.com/ipcheck/_en/solution/clean.php (https://www.check-and-secure.com/ipcheck/_en/solution/clean.php)
Good I am not, and also here on Webbot/Spider check: http://bot.myip.ms/ (http://bot.myip.ms/)

polonus
Neither am I. :)
Title: Re: Tests and other Media topics
Post by: polonus on July 20, 2013, 11:41:48 PM
Like the online tests from Steve Gibson.

Do this DNS Nameserver Spoofability Test here: https://www.grc.com/dns/dns.htm

I have two different nameservers that is good,
and my results were "excellent"

For best results, you should have all green in-
External ping should be not/less visible,
External query should be ignored,
DNSSEC Security should be supported,
Alphabetic Case should be mixed,
Extra Anti-spoofing should be present.

What were your results?

polonus
Title: Re: Tests and other Media topics
Post by: polonus on July 21, 2013, 12:19:27 AM
Another test to perform is a router crash test.
Hurrah, my router survived,
but my MalwareBytes Anti-Exploit Shield crashed on the test
and had to be closed. Well I have put that beta version up again.
For the test go here: https://www.grc.com/dns/crashtest.htm
And again, nice test from Steve Gibson.
Enjoy,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on July 21, 2013, 07:42:45 PM
What HTTP server is that site running, online scan: http://andrew.hedges.name/experiments/what-server/

polonus

P.S. more from this site:  http://andrew.hedges.name/experiments/

This one is strange by andrew hedges: http://andrew.hedges.name/experiments/whatevernator/#31

polonus
Title: Re: Tests and other Media topics
Post by: polonus on July 25, 2013, 11:36:29 PM
Just look at the latest sandbox comparison test, Google and Adobe sandboxes more secure than Sandboxie.
Some tools were not considered like for instance Anubis iseclab, example: http://anubis.iseclab.org/?action=result&task_id=1976684dda45722241551da96229482f6
The Bromium Test results here: http://labs.bromium.com/2013/07/23/application-sandboxes-a-pen-testers-perspective/
Well you always have to consider the weaknesses of a sandbox.
Save someting and you are seen.
Condensed files won't run.
No driver access permitted,
So sandboxes for malware analysis certainly come with specific limitations.
Not clear what is the position of the avast sandbox here? 

Anyone to comment?

polonus
Title: Re: Tests and other Media topics
Post by: JuninhoSlo on July 27, 2013, 05:03:07 PM
Like the online tests from Steve Gibson.

Do this DNS Nameserver Spoofability Test here: https://www.grc.com/dns/dns.htm

I have two different nameservers that is good,
and my results were "excellent"

For best results, you should have all green in-
External ping should be not/less visible,
External query should be ignored,
DNSSEC Security should be supported,
Alphabetic Case should be mixed,
Extra Anti-spoofing should be present.

What were your results?

polonus

I ran Steve Gibson DNS Nameserver Spoofability Test and my results were "Bad" and I also have 2different nameservers,just like you Polonus.

Title: Re: Tests and other Media topics
Post by: mag on July 28, 2013, 12:24:22 PM
Just look at the latest sandbox comparison test, Google and Adobe sandboxes more secure than Sandboxie.
Some tools were not considered like for instance Anubis iseclab, example: http://anubis.iseclab.org/?action=result&task_id=1976684dda45722241551da96229482f6
The Bromium Test results here: http://labs.bromium.com/2013/07/23/application-sandboxes-a-pen-testers-perspective/
Well you always have to consider the weaknesses of a sandbox.
Save someting and you are seen.
Condensed files won't run.
No driver access permitted,
So sandboxes for malware analysis certainly come with specific limitations.
Not clear what is the position of the avast sandbox here? 

Anyone to comment?

polonus

Would have been interested to hear what they thought of the Linux Chromium sandbox set-up with seccomp sandbox (plus  Mandatory Access Control enforced by Apparmor or SELinux).
Title: Re: Tests and other Media topics
Post by: polonus on July 28, 2013, 01:09:33 PM
You could also perform a test here: http://www.dnssy.com/report.php?q=
I got: Hostname looks good. Found 8 parent nameservers. Glue from root nameservers to parent nameservers is missing. This means that an extra lookup is required to find your parent nameservers. There is nothing you can do about this. No nameservers found at parent nameserver, as I have no domain nor website.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on July 28, 2013, 03:12:14 PM
Performing an IP Reputation Scan.

I tested here for my IP Reputation: http://ipremoval.sms.symantec.com/lookup/#
result: -
Quote
does not have a negative reputation and therefore cannot be submitted for investigation.
And not blacklisted here: http://www.ipvoid.com/scan/
Check also here: http://labs.alienvault.com/own_ip_reputation.php -> IP not found
Also check here against honeypot resources: https://www.projecthoneypot.org/ip_
and here: http://www.botsvsbrowsers.com/ip/your ip/index.html
and here: http://www.linuxmagic.com/products/bms/lookup
O.K. Do not forget to check IP here: http://www.senderbase.org/lookup?search_string=your IP
and here: https://support.proofpoint.com/rbl-lookup.cgi?ip=your IP
Quote
result: Your IP address is not currently being blocked nor delayed....

D
Title: Re: Tests and other Media topics
Post by: polonus on August 08, 2013, 10:03:37 AM
Check the health of the DNS of your domain here: http://dnscheck.pingdom.com/?domain=avast.com
This check is part of a couple of characteristic-tests that will set out malicious URLs.
We may look for:

1 DNS anomalities, open resolvers, check against urlquery dot net scanner.
 Resolved IP count Integer
2 Name server count Integer
3 Name server IP count Integer
4 Malicious ASN ratio of resolved IPs Real
5 Malicious ASN ratio of name server IPs Real

DNS fluxinet features

URL token/path characteristics: (delimited by ‘.’, ‘/’, ‘?’, ‘=’, ‘-’, ‘ ’) check with firekeeper and IDS
1 Domain token count
2 Path token count
3 Average domain token length Real
4 Average path token length Real
5 Longest domain token length
6 Longest path token length
7-9 Spam, phishing and malware SLD hit ratio Real
10 Brand name presence Binary

Web content characteristics. etc. check against : http://scanurl.net/?u='+encodeURIComponent(location.href)+'&k#results');})();
Backlinks and link popularity etc. ->  http://smallseotools.com/backlink-checker/  etc.

Info from hyunsang choi. Delecting Malicious Weblinks etc.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on August 08, 2013, 03:03:21 PM
Some tools to help you here: http://www.webtoolhub.com/tools.aspx
Online security tools -> example: http://evuln.com/labs/cooptraiss.com/
and example like:
http://www.iwebtool.com/google_banned?domain=www.toolshack.com
http://www.iwebtool.com/code_viewer?domain=www.toolshack.com  (10 requests allowed per hour)

polonus
Title: Re: Tests and other Media topics
Post by: polonus on August 09, 2013, 09:49:46 PM
Also check here for domain info: http://sitesentral.com/www.avast.com (last updated June 8, 2013)

polonus
Title: Re: Tests and other Media topics
Post by: polonus on August 21, 2013, 05:25:20 PM
Did firefox developers give in to advertisers (and malvertisers) taking some features out of the browser,
read: http://stopmalvertising.com/security/changes-in-firefox-23-get-the-disabled-options-back.html
Can be adjusted back to previous default settings via this extension: https://addons.mozilla.org/en-us/firefox/addon/settingsanity/
Is firefox also going to be an ad-launching browser rather than a browser taken out of the hands of the general user that likes to tweak it and use script-blocking and ad-blocking?

polonus
Title: Re: Tests and other Media topics
Post by: bob3160 on August 21, 2013, 05:36:30 PM
Could it be that Firefox want's to survive financially ???
Title: Re: Tests and other Media topics
Post by: polonus on August 21, 2013, 06:01:55 PM
Hi bob3160,

As long as I can work ABP together with NoScript and RequestPolicy in the browser I feel secure. A lot of the "a la default users" won't work a browser to their personal settings (secure) or do not know how to do this or find it "a drag". I  have no problem with the "poor" adscript developers to earn a honest slice of bread and butter (even a piece of cake once in a while), but I do not want malvertisers and malcreants (SEO click fraud malsite redirectors) to be able to play their foul games because the browser went advertiser friendly by default now.
That is why I rather use Chrome now with additional extensions over fx oruse my personal flaw of an updated version of flock socio-browser (left by developers and therefore more secure with NS and RP installed and essential code added)...
Also read: http://limi.net/checkboxes-that-kill  link article author = Alex Limi

Damian
Title: Re: Tests and other Media topics
Post by: polonus on August 27, 2013, 10:31:22 PM
Is this firefox extension a good idea or not? https://addons.mozilla.org/en-us/firefox/addon/http-nowhere/
This is to block unencrypted web traffic for added security.
Or is it just as with https everywhere that the avast shields may not scan this unencrypted traffic and therefore the use of it is not advisable?

Anyone to comment?

polonus
Title: Re: Tests and other Media topics
Post by: bob3160 on August 27, 2013, 10:39:17 PM
Is this firefox extension a good idea or not? https://addons.mozilla.org/en-us/firefox/addon/http-nowhere/ (https://addons.mozilla.org/en-us/firefox/addon/http-nowhere/)
This is to block unencrypted web traffic for added security.
Or is it just as with https everywhere that the avast shields may not scan this unencrypted traffic and therefore the use of it is not advisable?

Anyone to comment?

polonus
So you're supposed to create a whitelist of acceptable unencrypted sites ??? Enjoy, not something I intend to slow my system down with.
avast! already checks all these "unencrypted" sites so why add a man in the middle to make life more complicated. ???
Title: Re: Tests and other Media topics
Post by: polonus on August 27, 2013, 10:44:47 PM
Hi bob3160,

Thanks for your comment. I hope DavidR could come up with some similar opinion of this extension and why he would not use it.

Damian
Title: Re: Tests and other Media topics
Post by: !Donovan on August 27, 2013, 11:45:36 PM
Hi Polonus,

I believe that websites shouldn't be "blocked" due to the use of http, even if part https.

~!Donovan
Title: Re: Tests and other Media topics
Post by: DavidR on August 28, 2013, 12:01:06 AM
Hi bob3160,

Thanks for your comment. I hope DavidR could come up with some similar opinion of this extension and why he would not use it.

Damian

This could be a real pain in the backside blocking http content unless you specifically allow it. So it is forcing the user down the https route, by whatever means (probably having to use http everywhere) otherwise the user would be blocked from lots of site, a pain.

I don't know if this may also give the user lots of mixed content errors seen many times in these forums.

I don't think that forcing https (or blocking http) makes you any safer, so it means your traffic is encrypted, but that doesn't mean safer. You all know my feelings about that as currently it means that the web shield can't protect you. Just because a connection is https doesn't mean you can't get infected, just the reverse as you lose some of the avast protection.

####
Now I know avast are looking at ways to be able to have https traffic scanned, not just http. When this comes to fruition, then forcing https isn't such an issue.

But even then this add-on would be a pain in the backside, a little like some feel about NoScript but much more severe as it would be blocking http, crazy.
Title: Re: Tests and other Media topics
Post by: polonus on August 28, 2013, 10:01:43 AM
Hi DavidR,

Agree with you and bob3160 here, https only or http nowhere are inferior solutions as we compare this to the combination of the no script and request policy extension, where we still have the complete avast! Shields protection against http malcoded content ((obfuscated) malscripts, malicious iFrames and various malicious redirects, backlinks to drive-by-malware). Additionally users have google safebrowsing, pre-scanning guidance, so in order to get infested you have to ignore warnings and this could be qualified as "unwise" user intervention. Https only and http nowhere extensions never helped against the PEBKAC problem as the main cause of malcode getting onto computers and peripherals,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on August 28, 2013, 10:58:04 AM
For instance this extension may not protect against mouse snooping here: http://www.ispreview.co.uk/index.php/2013/08/isp-sky-broadband-uk-says-no-need-to-worry-about-sessioncam-snooping.html
Anyway NoScript was able to detect and eventually stop/block this alleged privacy invasion. (SessionCam, ClickTale used by British providers to analyze user interaction with/on certain websites)

polonus
Title: Re: Tests and other Media topics
Post by: bob3160 on August 28, 2013, 01:26:31 PM
For instance this extension may not protect against mouse snooping here: http://www.ispreview.co.uk/index.php/2013/08/isp-sky-broadband-uk-says-no-need-to-worry-about-sessioncam-snooping.html (http://www.ispreview.co.uk/index.php/2013/08/isp-sky-broadband-uk-says-no-need-to-worry-about-sessioncam-snooping.html)
Anyway NoScript was able to detect and eventually stop/block this alleged privacy invasion. (SessionCam, ClickTale used by British providers to analyze user interaction with/on certain websites)

polonus
In order for NoScript to help, you first need to know how to use it and, you need to know when not to bypass it.
Something most users don't know and therefore, NoScript is a great tool for the knowledgeable user but most novices,
simply hit the allow button.  :(
Title: Re: Tests and other Media topics
Post by: DavidR on August 28, 2013, 01:46:13 PM
There are many things that require some user knowledge, but some would say they have to have some knowledge to even find out about these tools/add-ons to start with.

NoScript isn't that complex, the complexity comes on sites that have a myriad of content from 3rd party sites. But like everything else in life you have to put in some effort to get results.
Title: Re: Tests and other Media topics
Post by: bob3160 on August 28, 2013, 02:42:47 PM
There are many things that require some user knowledge, but some would say they have to have some knowledge to even find out about these tools/add-ons to start with.

NoScript isn't that complex, the complexity comes on sites that have a myriad of content from 3rd party sites. But like everything else in life you have to put in some effort to get results.
The one good thing is that you're blocked from an immediate infection if NoScript is active. The remainder is up to you, your other protection and some luck. :)
Title: Re: Tests and other Media topics
Post by: polonus on August 28, 2013, 05:46:48 PM
Hi bob3160,

Main site links aren't mostly the problem or the site must be malicious by intent. In most cases it is unchecked injected content or redirecting external (third party) links and iFrames that will abuse the vulnerable computer. As you said google safebrowsing and otherrs already block the main bulk of known malicious links. I think the users which have all the avast shields up and running and also checked their software through the avast software updater will become rare victims and then only if they venture out where dangers are luring (pr0n, hacks, cracks, pirated and illegal content), so going to the Interweb's back alley where cybercriminal and friends are known to be active. A grain of common security sense will prevent you better against malware infections than ten tons of protection, at least that is known to us by experience,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on August 29, 2013, 10:21:47 PM
Interesting real-time data to identify the global regions with the greatest attack traffic
-> http://www.akamai.com/html/technology/dataviz1.html  (source akamai technologies)
also available as app: https://itunes.apple.com/app/akamai-internet-visualization/id502695146?mt=8

polonus
Title: Re: Tests and other Media topics
Post by: polonus on September 01, 2013, 10:08:33 PM
Try the final version of ABP for IE: Adblock Plus for Internet Explorer page:

https://adblockplus.org/nl/internet-explorer
https://adblockplus.org/en/internet-explorer

polonus
Title: Re: Tests and other Media topics
Post by: polonus on September 04, 2013, 12:02:26 PM
Test your site against clickjacking.
One way to do this is test at ASafaWeb Scanner: https://asafaweb.com/Scan?Url=www etc.
Another way to pentest on your own website is  make a html page with this code:
Code: [Select]
<html>
  <head>
    <title>Clickjack test page</title>
  </head>
  <body>
    <p>You’ve been clickjacked!</p>
    <iframe sandbox="allow-scripts allow-forms" src="http://yoursite :8080" style="width:100%;height:90%"></iframe>
  </body>
</html>
  Code credits go to ITSecurity's lakshmi Prudhvi  * yoursite = main url of site  e.g. www dot mysite dot com
Whenever vulnerable and opened in the browser you see: "You have been clickjacked!"

polonus
Title: Re: Tests and other Media topics
Post by: polonus on September 04, 2013, 11:53:04 PM
Public Malware Database: http://owl.nchc.org.tw/km/

pol
Title: Re: Tests and other Media topics
Post by: polonus on September 08, 2013, 10:40:47 PM
Does a https site use PFS?
Check with the Netcraft extension for Google Chrome and firefox.
Read: http://toolbar.netcraft.com/help/faq/index.html#pfs
PFS makes https more secure against surveillance.
even if the private key of the website has been cracked.
with PFS every session has to be cracked seperately
for instance in national security agency surveillance.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on September 13, 2013, 09:13:34 PM
Free malware scan as a service from this University on Saturday 9-14-2013 ->
http://www.ky3.com/news/ky3-free-computer-virus-scan-saturday-at-sbu-20130912,0,1341868.story
Free computer virus scan Saturday at SBU 'Disinfection Day'

polonus
Title: Re: Tests and other Media topics
Post by: polonus on September 21, 2013, 12:48:53 PM
Test that https page for insecure content here: http://www.whynopadlock.com/check.php
Another check I did with this extension in Google Chrome: RECX HTTP Header and Cookie Security Analyzer
from Recx Ltd - www.recx.co.uk
results:
Analysis results for:

https://www.security.nl/

HTTP security headers
Name   Value   Setting secure   Secure connection
x-frame-options   deny   
OK - follows best practice
OK - follows best practice
cache-control   no-store, no-cache, must-revalidate, post-check=0, pre-check=0   
OK - follows best practice
OK - follows best practice
strict-transport-security   max-age=31536000   
OK - follows best practice
OK - follows best practice
x-content-type-options   N/A   
Investigate - does not follow best practice
OK - follows best practice
x-xss-protection   N/A   
Investigate - does not follow best practice
OK - follows best practice
x-content-security-policy   N/A   
Investigate - does not follow best practice
OK - follows best practice
access-control-allow-origin   N/A   
OK - follows best practice
OK - follows best practice
Show all HTTP headers.
Cookie information (1 cookies)
Name   Domain   Secure attribute   HTTP only attribute   Host only attribute   Secure connection
sessionid   .www.security.nl   


Information - no risk or does not apply
OK - follows best practice
Show extended cookie properties.
Page meta security headers
Name   Value   Setting secure   Secure connection

polonus
Title: Re: Tests and other Media topics
Post by: bob3160 on September 21, 2013, 01:54:51 PM
Nice addition. Thanks :)
Title: Re: Tests and other Media topics
Post by: polonus on September 22, 2013, 11:19:55 PM
Wanna know where redirects go?

Good online check: http://www.internetofficer.com/seo-tool/redirect-check/
For the site here: Response


Checked link: http://forum.avast.com/index.php

Type of link: direct link

Another example -
Response


Checked link: http://www.w3.org/Protocols/rfc2616/rfc2616-s
ec10.html.

Type of redirect: 300 Multiple Choices  *

Redirected to: http://www.w3.org/Protocols/rfc2616/rfc2616-s
ec10.html.

This is explained here: http://www.checkupdown.com/status/E300.html  (info link from Pitdale)

polonus
Title: Re: Tests and other Media topics
Post by: polonus on September 29, 2013, 12:29:34 PM
Do we need a hosting web reputation system?

There are various parties involved  to work towards a more secure Internet.
It is not only the (avast!) user with his, her or its webclient that has to have security at mind and work towards a more secure Internet.
It is also the website owner, webmaster and the website software coder that has to be (more) security aware.
In the virus and worms we cover all these aspects.

But it also goes higher up.
I see loads of website scanners and security analyzers exist. But what about the web hosters?
Shouldn't we put them under some form of scrutiny also?

There certainly is abusive and malicious website and IP hosting, where (criminal) money interests come first and security last.
Sitevet is a scanner to give an idea about the Autonomous System health,
also on Clean MX we can get these details and there are other (re)sources.

In a time where we see it has now more or less been confirmed (by Mrs. Feinstein's utterances)
that grands scale telco surveillance "snarfing" is being performed and the integrity of the Interwebs are at stake,
it is of the utmost importance to give security a higher priority as it had previously and as it has now.

When  even European AMX-IX is gonna have a US base now as has been decided by votes, we know this is not idle talk.
Government and other commercial snarfing will go on and only will be limited by what they see as  technically impossible.
If hosters and telco's do not work towards more secure infrastructures the situation will only get worse or stay like it is.
Therefore we not only need a website rep system but also a hosting rep system.
Google Safebrowsing is giveing such details,
but I have a hunch general users and website owners/webmasters aren't at all that aware.
I hope I am wrong here!

polonus
Title: Re: Tests and other Media topics
Post by: polonus on October 03, 2013, 11:57:26 AM
Saw a double.click generated ad on a Romanian scan site
Analyzed it here: http://www.urlanalyser.net/www.mapazdrowia.pl  (adsite Romanian of course)
Analyzer is interesting while it will give resolved mistypes going there.
Analyzing adsite domains with this might be rewarding: http://www.urlanalyser.net/www.mapazdrowia.pl
Normally I do not see these ads because I neatly have them blocked, but interesting to see what doubleclick (google ads) serves up once in a while,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on October 06, 2013, 04:51:43 PM
To clarify specific security problems for a given site some SEO scanners certainly assist us (for social sites etc.)
For instanced an online Meta Tag analyzer (when not checked for input/output validation, embedded, should be checked with regular expressions)
we find it here: http://www.submitexpress.com/analyzer/
http://analyzer.metatags.org/  and tools here: http://seotools.scrubtheweb.com/
Read on malicious meta tag: http://blog.unmaskparasites.com/2009/07/23/goscanpark-13-facts-about-malicious-server-wide-meta-redirects/
link article author = Denis Sinegubko
These were also found to be helpful: http://www.internetofficer.com/seo-tool/redirect-check/  (watch out for malicious redirects)
Read instruction s here: http://www.stopthehacker.com/2012/11/05/how-to-discover-and-remove-malicious-redirects-in-the-htaccess-file/

http://www.seoimage.com/seo-tools/check-server-headers.php (for this I use HTTP Spy extension in Google Chrome)
combine this with a scan via urlquery dot net...see an example here: http://urlquery.net/report.php?id=6317707
go down the report page to http transactions

Enjoy and put these to good use, my friends,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on October 09, 2013, 11:35:13 PM
See the malicious DNS world activity. This is growing to be a real malware threat, my good forum friends, see: http://exposure.iseclab.org/
Click the drop down menu on search and search for domains and IPs into this.
Exposure is also part of this metascanner: http://www.urlvoid.com/scan

Enjoy this scan, all you folks that are into pres-scanning links,
and also try this metascanner, a real good one, as I may say so:
http://scanurl.net/?u= 
This is a nice multiscanner to check out suspicious URLs and uri's,

Stay safe through avast! and keep the avast! Shields up,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on October 11, 2013, 12:10:27 AM
Another nice link checker also with advice on broken links etc:
An example http://www.ranks.nl/cgi-bin/ranksnl/tools/checklink.cgi?uri=www.otrforum.com
and an additional one here: http://www.brokenlinkcheck.com/broken-links.php#status
It also alerts for (conditional) redirects and following is to give in the redirect uri.

Enjoy whenever in need of checking...

polonus
Title: Re: Tests and other Media topics
Post by: polonus on October 11, 2013, 12:16:41 PM
Price of exploitkit went up with 2200% for non-Russians after exit of Blackhole vendor  ->: http://malware.dontneedcoffee.com/2013/10/paunch-arrestationthe-end-of-era.html

polonus
Title: Re: Tests and other Media topics
Post by: polonus on October 17, 2013, 03:47:53 PM
Again I stumbled upon an awesome test site...
Go here: http://check-host.net/check-dns?host=
For instance see DNS check for the forum: http://check-host.net/check-dns?host=forum.avast.com
What about the different result from the Vienna and Ukraine servers?
Another one: http://www.watchmouse.com/en/checkit.php
http://www.watchmouse.com/en/dnstool.php?vhost=_&vtt=1382018577&varghost=http%3A%2F%2Fforum.avast.com&vaction=trace&trace=analyse
and this: http://www.dnssy.com/report.php?q=

Enjoy, my good forum friends,

pol
Title: Re: Tests and other Media topics
Post by: polonus on October 17, 2013, 11:38:36 PM
Nice Sucuri URL Mapping and cross domains links online tool.
Example for our forum: http://urlfind.org/?site=http%3A%2F%2Fforum.avast.com%2Findex.php

polonus
Title: Re: Tests and other Media topics
Post by: polonus on October 18, 2013, 12:05:59 AM
Viewed the avast forum source code through this: http://validator.w3.org/check?charset=iso-8859-1&fbc=1&doctype=HTML+4.01+Transitional&fbd=1&group=1&uri=http%3A%2F%2Fforum.avast.com%2Findex.php
Quote
Validation Output: 2 Errors

   1. Error required attribute X not specified

      ✉

      The attribute given above is required for an element that you've used, but you have omitted it. For instance, in most HTML and XHTML document types the "type" attribute is required on the "script" element and the "alt" attribute is required for the "img" element.

      Typical values for type are type="text/css" for <style> and type="text/javascript" for <script>.
          * Line 662, column 193: required attribute "alt" not specified

            …/Themes/default/images/icon_twitter.png" class="icon" />avast! on Twitter</a> |

          * Line 663, column 218: required attribute "alt" not specified

            …Themes/default/images/icon_facebook.png" class="icon" />avast! on Facebook</a>

polonus
Title: Re: Tests and other Media topics
Post by: polonus on October 29, 2013, 12:16:46 AM
Get the SSL Encryption report for your browser: https://www.fortify.net/sslcheck.html (the calomel certification check for fortify is moderate)
Try this one for a server: http://www.sslshopper.com/ssl-checker.html#hostname=https://forum.avast.com/index.php?

polonus
Title: Re: Tests and other Media topics
Post by: polonus on November 19, 2013, 07:17:04 PM
Test your site for speed, example http://scanftree.in/speed/www.plancorp.com
Our forums results: http://scanftree.in/speed/forum.avast.com/

enjoy,

pol
Title: Re: Tests and other Media topics
Post by: polonus on November 21, 2013, 07:38:57 PM
Test your internet connection against being part of a botnet, do the first step: https://www.check-and-secure.com/ipcheck/_nl/solution/clean.php

polonus
Title: Re: Tests and other Media topics
Post by: polonus on November 22, 2013, 06:08:46 PM
Did you pass this entrance exam? http://searchsecurity.techtarget.com/feature/Entrance-exam-Web-attack-prevention-and-defense
link author = by Michael Cobb (Security School)
Enjoy,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on November 28, 2013, 06:51:15 PM
Test your DNS server against running open resolvers, 28 million DNS servers ate vulnerable.
Check your IP space: http://openresolverproject.org/
自動アクセスの場合は、電子メールを (for automatic access/e-mail)

polonus
Title: Re: Tests and other Media topics
Post by: polonus on December 11, 2013, 10:22:59 PM
A check and secure test, do it here ->  http://www.check-and-secure.com/portcheck/_en/index.html

enjoy,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on December 12, 2013, 01:16:17 AM
Hi blacklist check: http://whatismyipaddress.com/blacklist-check

pol
Title: Re: Tests and other Media topics
Post by: polonus on December 29, 2013, 12:08:02 AM
Nice project to search on: http://hostcabi.net/

enjoy,

pol
Title: Re: Tests and other Media topics
Post by: polonus on January 01, 2014, 11:34:16 PM
Scan how you are connected out: http://www.ipscanner.nl/wat_is_mijn_ip_adres.html

pol
Title: Re: Tests and other Media topics
Post by: bob3160 on January 02, 2014, 12:05:45 AM
Scan how you are connected out: http://www.ipscanner.nl/wat_is_mijn_ip_adres.html (http://www.ipscanner.nl/wat_is_mijn_ip_adres.html)

pol
The firewall in Windows 8.1 is obviously doing it's job. :)
(http://www.screencast-o-matic.com/screenshots/u/Lh/1388617483153-13856.png)
Title: Re: Tests and other Media topics
Post by: polonus on January 03, 2014, 01:12:51 PM
Thank you, bob3160, for testing this. Had similar results  ;D

Damian
Title: Re: Tests and other Media topics
Post by: Para-Noid on January 03, 2014, 11:46:29 PM
A check and secure test, do it here ->  http://www.check-and-secure.com/portcheck/_en/index.html

enjoy,

polonus

I have used the grc.com "shieldsup" test.
Each of them showed no holes.
I use the port stealthing in Comodo Firewall.  8)

Title: Re: Tests and other Media topics
Post by: polonus on January 03, 2014, 11:55:51 PM
Hi Para-Noid,

I could not think of Para-Noid other than being "completely stealth". And so he is.
Thanks for the feedback, my good friend,

pol
Title: Re: Tests and other Media topics
Post by: polonus on January 08, 2014, 11:49:44 PM
My router survived the crash test. Yours also? Time to celebrate or weep... ;D
Take the test: https://www.grc.com/dns/crashtest.htm  (courtesy of GRC- thank you Steve!)

polonus
Title: Re: Tests and other Media topics
Post by: Simion on January 09, 2014, 12:22:51 AM
Mine, too!  ;D
Title: Re: Tests and other Media topics
Post by: marc-d-l on January 09, 2014, 12:58:55 AM
Mine survived yet another test (cheer)
Title: Re: Tests and other Media topics
Post by: polonus on January 13, 2014, 05:58:46 PM
Test that site-uri before you click through to venture out somewhere for the first time.
I won't go places without pre-scanning the URL.

Some URL pre-scanning possibilities are given below.
Go to: http://www.google.com/safebrowsing/diagnostic?site=
example http://www.google.com/safebrowsing/diagnostic?site=http://lfmonline.de/test/test.php
or http://scanurl.net/?u=   (a nice metascanner)
or http://online.us.drweb.com/?url=1
or http://soswebscan.jobandproject.com/beta_scan.php
or http://www.websicherheit.at/en/website-security-check/

Whenever avast! shields block you from going there or Google Safebrowsing or Bitdefender TrafficLight stay away!
When in doubt post in the virus and worms section for a sec op and help from a qualified removal expert.

Do not act like those in the attached picture, play safe, stay secure!

polonus
Title: Re: Tests and other Media topics
Post by: Simion on January 13, 2014, 11:30:49 PM
Hi Damien,

I'm getting a 400 error on the first one.
Title: Re: Tests and other Media topics
Post by: polonus on January 13, 2014, 11:37:59 PM
Well the 400 error won't come when you give in a site name to follow that, like for instance:
-> http://www.google.com/safebrowsing/diagnostic?site=http://en.wikipedia.org/wiki/Kinloch_Rannoch
So you need to add the site to scan to the query!

pol
Title: Re: Tests and other Media topics
Post by: Simion on January 13, 2014, 11:40:48 PM
Doh! I'm an idiot. I was trying to bookmark it. ;D

Thanks
Title: Re: Tests and other Media topics
Post by: !Donovan on January 14, 2014, 02:39:09 AM
Hi,

It is possible to use JavaScript in your bookmark so that clicking the bookmark will show you the Google SafeBrowsing results for the current site you're on.

Cheers,
~!Donovan
Title: Re: Tests and other Media topics
Post by: polonus on January 31, 2014, 06:12:14 PM
Test how modern your browser is: http://modernizr.github.io/Modernizr/test/index.html
Here are my results: Tests completed in 758 milliseconds.
836 tests of 836 passed, 0 failed.

OK Google Chrome - very modern!

polonus
Title: Re: Tests and other Media topics
Post by: polonus on January 31, 2014, 06:21:11 PM
Generate some bogus data for the snoopers: http://www.generatedata.com/  (demo)

Enjoy,

polonus


Title: Re: Tests and other Media topics
Post by: marc-d-l on January 31, 2014, 08:19:20 PM
Tests completed in 174 milliseconds.
823 tests of 823 passed, 0 failed.

Firefox 26.0
Title: Re: Tests and other Media topics
Post by: DavidR on January 31, 2014, 09:18:28 PM
Tests completed in 174 milliseconds.
823 tests of 823 passed, 0 failed.

Firefox 26.0

He He, I always fail these because they can't run (JavaScript blocked), NoScript and RequestPolicy add-ons.
Title: Re: Tests and other Media topics
Post by: polonus on January 31, 2014, 11:23:54 PM
Hi DavidR,

That is what we call a very secure "fail",  ;D

pol

Title: Re: Tests and other Media topics
Post by: polonus on February 07, 2014, 11:57:22 PM
Remote Access Test, so test whether your wifi modem is accessible from the Internet: https://www.xs4all.nl/klant/veiligheid/telefoniemisbruik/?port=3000&submitfritz=Test+mijn+Fritzmodem  The custum port for abuse is 443
Mine is not remotely accessible - remote access is off.

polonus

Title: Re: Tests and other Media topics
Post by: polonus on February 08, 2014, 12:19:19 AM
Is this Israeli starter av solution an absolute av-panacea for now and the future?
All malcode is basically re-inventive and evolutionary, so all new malware comes as some "new wine in old skins".
Read on this revolutionary concept here: http://www.cyactive.com/
Re: http://www.timesofisrael.com/hack-this-start-up-claims-it-can-stop-all-viruses-permanently/  article author = David Shamah

pol
Title: Re: Tests and other Media topics
Post by: polonus on February 11, 2014, 03:17:34 PM
Cookies and security report. Do a scan!
Example: http://webcookies.info/cookies/forum.avast.com/1126549/
6 persistent cookies found, no third party domains and that is good!

pol
Title: Re: Tests and other Media topics
Post by: CraigB on February 11, 2014, 03:31:41 PM
Cookies and security report. Do a scan!

6 persistent cookies found, no third party domains and that is good!
Same score for me with 12 avast session cookies :)
Title: Re: Tests and other Media topics
Post by: Para-Noid on February 11, 2014, 04:19:37 PM
Cookies and security report. Do a scan!

6 persistent cookies found, no third party domains and that is good!
Same score for me with 12 avast session cookies :)

+3  8)
Title: Re: Tests and other Media topics
Post by: bob3160 on February 11, 2014, 04:39:29 PM
(http://www.screencast-o-matic.com/screenshots/u/Lh/1392133147521-1743.png)
Title: Re: Tests and other Media topics
Post by: polonus on February 13, 2014, 12:57:52 AM
Right O, bob3160,

Let us now check whether we can reach our IP6 address: http://myip6.com/
Access via CloudFlare Ray ID at https://www.cloudflare.com

polonus

Title: Re: Tests and other Media topics
Post by: bob3160 on February 13, 2014, 02:21:24 AM
Right O, bob3160,

Let us now check whether we can reach our IP6 address: http://myip6.com/ (http://myip6.com/)
Access via CloudFlare Ray ID at https://www.cloudflare.com (https://www.cloudflare.com)

polonus
(http://www.screencast-o-matic.com/screenshots/u/Lh/1392254346435-84175.png)
Apparently the avast! SecureLine does an excellent job since it has me totally where I'm not :)
Title: Re: Tests and other Media topics
Post by: polonus on February 19, 2014, 06:47:31 PM
Hackers and attackers start with reconnaissance test(s).
Do a zone transfer test
Let us see if they could succeed to perform a zone transfer: http://hackertarget.com/zone-transfer/
I have got: no results found  ;D ; (1 server found)
;; global options: +cmd
; Transfer failed.

polonus
Title: Re: Tests and other Media topics
Post by: bob3160 on February 19, 2014, 07:42:32 PM
Same results for me. :)
Title: Re: Tests and other Media topics
Post by: polonus on February 22, 2014, 11:36:05 PM
Do the test.
What is my referer? here: http://www.whatismyreferer.com/
My outcome: No referer / Hidden    You're one step further on your way to anonymity on the internet!
And test here: http://darklaunch.com/tools/test-referer
Link with rel="noreferrer" -> no referrer was sent!
Link -> no referrer was sent!
Form via POST and GET was sent.
Also configure per site with RefControl see: http://www.stardrifter.org/refcontrol/

Here they also say I have no referer (header response) http://www.zeigen.com/refer/

enjoy,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on February 22, 2014, 11:45:48 PM
About the security implications of the above tests: https://isc.sans.edu/forums/diary/When+does+your+browser+send+a+Referer+header+or+not+/16433
link article author Johannes B. Ullrich, Ph. D.
Mind you that firefox has a different referer policy opposed to Google Chrome.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on February 24, 2014, 03:10:48 PM
Is your server up? Test here:  www.serverstatus.nl/status.php

polonus
Title: Re: Tests and other Media topics
Post by: polonus on February 25, 2014, 04:23:35 PM
Test your browser here: https://www.ssllabs.com/ssltest/viewMyClient.html  This is a SSL Client test.

polonus
Title: Re: Tests and other Media topics
Post by: bob3160 on February 25, 2014, 04:45:09 PM
Test your browser here: https://www.ssllabs.com/ssltest/viewMyClient.html (https://www.ssllabs.com/ssltest/viewMyClient.html)  This is a SSL Client test.

polonus
"Chrome and Firefox are not vulnerable, even when running on a vulnerable operating system."
Title: Re: Tests and other Media topics
Post by: polonus on March 09, 2014, 02:57:34 AM
Is your firewall working and stealth, tetst here: http://www.shieldcheck.com/firewall_test/
Mine is working and stealth is good, all green.
Drag this link to your browser's toolbar to check occasionally: http://www.shieldcheck.com/auto/

enjoy,

pol
Title: Re: Tests and other Media topics
Post by: bob3160 on March 09, 2014, 03:07:45 PM
(http://www.screencast-o-matic.com/screenshots/u/Lh/1394374022194-67515.png)
Nothing special, just the firewall that's part of Windows 8.1 :)
Title: Re: Tests and other Media topics
Post by: polonus on March 11, 2014, 11:20:29 PM
Want to know about the technologies a site was built with, scan here, example: http://builtwith.com/aspentheseries.com
One could sign up for free and see the technolgical history of a site.
Your HTTP analyzer and debugger could be Fetch: http://fetch.scritch.org/bookmarklet/?u=

enjoy my good forum friends, enjoy,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on March 13, 2014, 04:54:38 PM
Hi a nice link to test how fast a webpage will load (also in Polish): http://test.watchscript.com/?lang=en
Total loading time of this forum site was 11.157 seconds.
Also nice for scanning defaced sites.

Or use Mill Test Reports from here: https://www.websitepulse.com/help/testtools.mtr-test.html
Other free tools there also.

enjoy,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on April 02, 2014, 07:28:14 PM
Do a resolver check here: http://www.openresolver.nl/ 
Please, give in resolver ip or hostname
No reaction from server is green and OK.

pol

P.S. Another one on a slightly different footing:
http://www.thinkbroadband.com/tools/dnscheck.html

D

Title: Re: Tests and other Media topics
Post by: AdrianH on April 02, 2014, 07:42:47 PM
The Anti-Malware Testing Standards Organization (AMTSO TM )

Test your Anti-Malware Settings here..  http://www.amtso.org/

Title: Re: Tests and other Media topics
Post by: polonus on April 02, 2014, 07:51:50 PM
The PUP download is thwarted by my Google Chrome browser.
Avast blocks the access of htxp://www.amtso.org/uploads/cloudcar.exe

So I am good to go,

pol
Title: Re: Tests and other Media topics
Post by: Para-Noid on April 02, 2014, 10:41:47 PM
The Anti-Malware Testing Standards Organization (AMTSO TM )

Test your Anti-Malware Settings here..  http://www.amtso.org/

This test has been around for a while. It was in a post from over a year ago, if I remember right.
But, it's great to see it pop-up every now and then.  8)
Title: Re: Tests and other Media topics
Post by: polonus on April 02, 2014, 10:57:17 PM
Hi Para-Noid,

For some it will be new, so thanks to AdrianH to remind us (again),

polonus
Title: Re: Tests and other Media topics
Post by: Para-Noid on April 02, 2014, 11:26:08 PM
+1  8)

Like I said it's great to see it pop-up now and then. 
It's a fantastic set of tests.  :)
Title: Re: Tests and other Media topics
Post by: polonus on April 12, 2014, 04:40:25 PM
Do this test: https://browsercheck.qualys.com/?scan_type=js
My results were:
Congratulations! You passed Qualys BrowserCheck.
We recommend you scan your browser regularly to stay up to date with the latest versions and plugins.
And yours?

polonus
Title: Re: Tests and other Media topics
Post by: polonus on April 13, 2014, 02:40:19 AM
Check your SSL client, is it OK?
Test here: https://www.howsmyssl.com/

pol
Title: Re: Tests and other Media topics
Post by: polonus on April 13, 2014, 07:13:27 PM
Test SSL domains for Heartbleed: https://www.ssllabs.com/ssltest/

pol
Title: Re: Tests and other Media topics
Post by: polonus on April 19, 2014, 05:57:49 PM
Test whether your router could be turned into a zombie proxie to be used in amplification attacks through this test:
http://www.openresolver.nl/
I get a no reaction, so that is OK.

Or test here: http://openresolver.com/?ip=
You should get Recursive resolver is not detected on (ip address)
IP address (so and so) is not vulnerable to DNS Amplification attacks.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on April 20, 2014, 04:12:25 PM
Do a SSL configuration test here: https://sslcheck.x509labs.com/nl/sslcheck?host=
First choose your location, then proceed.

pol
Title: Re: Tests and other Media topics
Post by: polonus on May 07, 2014, 12:30:00 AM
Check and secure your browser plug-ins: http://www.check-and-secure.com/browsercheck/_en/
I mean just the first informational part,
not the supposed hardening or the proposed non-avast scanners and cleaners mentioned on that page.
This plug-in and find was a surprise yo me: http://techdows.com/2012/08/is-it-possible-to-remove-chrome-remote-desktop-viewer-plugin-from-chrome.html

enjoy,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on May 09, 2014, 10:53:11 PM
Do the JonDonym full anonymity  test: http://ip-check.info/?lang=en

polonus
Title: Re: Tests and other Media topics
Post by: polonus on May 09, 2014, 11:36:53 PM
NoScript and Request Policy in Firefox can help get better results.

polonus

P.S. There is another way to go quite quite stealth in firefox with SecretAgent add-on: https://www.dephormation.org.uk/index.php?page=81
What Secret Agent Does... -> https://addons.mozilla.org/en-US/firefox/user/SecretAgent/
With every web request (or page load, or browser session), Secret Agent does the following things;
Compares the web site host to a white list
If the host isn't on the white list,
Request Headers;
Overrides your browser's 'User Agent' with a random alternative selected from a customizable list
Overrides your browser's 'Accept' header with a random alternative selected from a customizable list
Javascript;
Overrides your brower's Javascript navigator.oscpu value using a random alternative selected from a customizable list
Proxy Headers;
Sets an HTTP X-Forwarded-For header with a random IP address
Sets an HTTP Via header with a random IP address
Cache Headers;
Sets a spoof ETag header with a random string of characters
If the optional 'If-Modified-Since' spoofing feature is enabled, overrides incoming 'Last-Modified' headers with a random time offset
If the host is on the white list
Request Headers;
Presents your browser's default 'User Agent' (or overrides with a user configurable value)
Presents your browser's default 'Accept' header (or overrides with a user configurable value)
Javascript;
Presents your browser's default Javascript naivator.oscpu value (or overrides with a user configurable value)
Proxy Headers;
Unaffected
Cache Headers;
Unaffected
N.B.
Mind you to whitelist the pages you want to use, because in stealth mode you are no longer being able for instance to post in the forums,
in that case disable the add-on or whitelist forum dot avast dot com in the extension.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on May 10, 2014, 12:01:12 AM
I checked with Panopticlick and indeed these results changed per request:
user agent one time like xxxxxx Gecko, next time it was xxxxx Galeon 1.3.21
HTTP accept headers also changed text/etc   and  next time application/application/
No Plug-in details, No time-zone, No Screen Size, No System fonts, just cookies enabled (first domain)
Limited supercookie test failed. Just have to test the webshields with this in action.
I tested it out and yes WebShield is normally detecting in a SecretAgent's Stealth mode enabled browser.
Read a review here: http://www.wilderssecurity.com/threads/firefox-top-security-privacy-extension.329939/page-2
We haveto update secret agents useragent list in the PHP script to be actual.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on May 10, 2014, 01:23:06 AM
For what it is worth, automatic firewall check: http://www.shieldcheck.com/auto/

For me all green, my firewall is working!

pol
Title: Re: Tests and other Media topics
Post by: TerraX on May 10, 2014, 01:30:39 AM
Hi,

with me everything is green ... i have avast! Firewall. 8) ;)
Thanks for the test page.

TerraX
Title: Re: Tests and other Media topics
Post by: Callender on May 10, 2014, 02:20:09 AM
Another "interesting" Firefox Add On.

User Agent Cleaner.

Warning. Page is in Russian and requires translation: http://fxprivacy.8vs.ru/

Translated: http://translate.google.com/translate?hl=en&sl=ru&tl=en&u=http%3A%2F%2Ffxprivacy.8vs.ru%2F

Note: A better bet is to visit this page using Firefox: https://addons.mozilla.org/en-US/firefox/addon/http-useragent-cleaner/?src=userprofile

Like SecretAgent it increases privacy and will also prevent logins working on most sites. The add on can be disabled with a single click. It's pretty advanced and I haven't really got to grips with it just yet - particularly with enabling or disabling specific settings on a per site basis.

Title: Re: Tests and other Media topics
Post by: polonus on May 10, 2014, 04:12:55 PM
Hi Callender,

Thanks for your contribution to the discussion. Interesting and will give it a look,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on May 10, 2014, 04:45:07 PM
Do a proxy test: http://www.lagado.com/proxy-test
and a cache test: http://www.lagado.com/tools/cache-test
Also check your accurate time: http://www.lagado.com/tools/time
you can sync with: http://www.worldtimeserver.com/atomic-clock/atomic.exe  (891 KB)

polonus
Title: Re: Tests and other Media topics
Post by: polonus on May 11, 2014, 05:54:57 PM
Whenever you installed SecretAgent 1.26 you can renewed check the User Agent Spoofing here: http://whatsmyuseragent.com/
# You!! Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.13) Gecko/20060417
next Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20060206 Songbird/0.1
then Mozilla/5.0 (compatible; Konqueror/3.5; Linux; X11; i686; en_US) KHTML/3.5.3 (like Gecko)
then Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.7) Gecko/20070606
etc. etc.
With stealth mode active  I get an error going to
http://browserspy.dk/os.php e.g. Fatal error: Multiple access type modifiers are not allowed in /home2/gemal/public_html/inc/gsite.php on line 1788

This check worked fine: https://browsercheck.qualys.com/  and also this one: http://www.healthstream.com/browsercheck/?bhcp=1
retested in stealth mode. Strange that a pop-up blocker should be disabled: Popup blocking disabled is recommended.

pol
Title: Re: Tests and other Media topics
Post by: polonus on May 12, 2014, 11:27:24 PM
Another Free SSL Web Server Tester: https://www.wormly.com/test_ssl/h/www.security.nl/i/213.156.0.246/p/443
(with an random example search query)
nice to use next to this one for comparison: https://www.ssllabs.com/ssltest/index.html

enjoy,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on May 13, 2014, 04:08:23 PM
A commercial site integrity checker:
example: http://www.sitetruth.com/fcgi/ratingdetails.fcgi?url=bufferapp.com&details=true
Scan will produce identifying info data,
also a link going here (example) http://validator.w3.org/check?uri=http%3A%2F%2Fforum.avast.com%2Findex.php%3F

enjoy,

pol
Title: Re: Tests and other Media topics
Post by: polonus on May 15, 2014, 12:01:45 AM
Content Security Policy Test.

Take it here: https://isc.sans.edu/tools/csptest.html?csp=N

test is brought to us by Johannes Ullrich

polonus

In Google Chrome all four pop-up alerts were neatly blocked by CSP.
Title: Re: Tests and other Media topics
Post by: polonus on May 15, 2014, 12:47:22 AM
Now test your browsers adblocker: http://ads-blocker.com/testing

and top it off with this one: http://thepcspy.com/blockadblock/

and a completely other one: http://pseudo-flaw.net/content/adblock/  (checking to circumvent an adblocker - they are anti-adblocking and firefox)

pol
Title: Re: Tests and other Media topics
Post by: polonus on May 23, 2014, 12:14:50 AM
Please, avast! friends, test your browser with Device Fingerprint here: http://noc.to/

Great tools, great info...what information my/your  browser is leaking to websites, be aware.
Every user of Ghostery will like like this site.

Damian

Title: Re: Tests and other Media topics - Etag Tracking Test
Post by: Callender on June 14, 2014, 09:59:16 PM
Etag Tracking - apparently not a method used or detected by Panopticlick.

 I've also known about tracking users via the use of Etags for some time now and when using any browser I tend to try to find ways to stop this from happening. That's not because it's a huge concern but just because if it's possible to block it then I see no disadvantage.

I found a site that can be used to test if your browser is trackable via the Etag method.

https://ochronus.com/tracking-without-cookies/

 There's some interesting info. With Etags blocked in my browser each visit or page refresh results in the site visit counter remaining at 1.

 If I unblock Etags it records each subsequent visit.
Title: Re: Tests and other Media topics
Post by: polonus on June 18, 2014, 01:54:02 AM
Time to test your pop-up blocking here: http://www.popuptest.com/
Coutesy of WebAttack

pol
Title: Re: Tests and other Media topics
Post by: polonus on June 19, 2014, 10:38:51 PM
Are you aware you should always use strong enough passwords?
Would you use a site like these given below or you 'd rather not..
Test here: https://howsecureismypassword.net/
or here: https://www.grc.com/haystack.htm
Hopefully these sites aren't https-stripped, read about this threat here:
http://blog.zimperium.com/linkedin-0day-vulnerability-puts-your-data-at-risk/
link article authors: zteam

pol
Title: Re: Tests and other Media topics
Post by: MikeBCda on June 19, 2014, 11:38:02 PM
Please, avast! friends, test your browser with Device Fingerprint here: http://noc.to/

Great tools, great info...what information my/your  browser is leaking to websites, be aware.
Every user of Ghostery will like like this site.

Damian
Mostly accurate, but some of their info is way out of date.  They show my ISP provider as Golden Triangle, which was bought out by Execulink something like 5 or 6 years ago ... the "Golden" name hasn't been used since then with one exception:  they retained the golden.net domain strictly for email, so users wouldn't have to change their addys.
(Edit) Was all but that first bit from me one sentence?? Sorry about that.  :-[
Title: Re: Tests and other Media topics
Post by: polonus on June 20, 2014, 06:28:35 PM
Hi MikeBCda,

Well the geolocation coordinates are precise and that means they can very precisely pinpoint your wifi router connection or your smartphone location etc.. Without the geo-location active they cannot get further than the ISP access point wherever that may be. Nevertheless your tranparency is growing the better and more refined device fingerprinting becomes.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on June 27, 2014, 12:33:51 PM
Check your IP space for Open Resolver Threat: http://openresolverproject.org/search2.cgi?botnet=yessir&search_for=  (give in your IP)

polonus
Title: Re: Tests and other Media topics
Post by: polonus on June 29, 2014, 04:49:28 PM
See: http://www.nlnetlabs.nl/projects/dnssec-trigger/
Dnssec-trigger reconfigures the local unbound DNS server. This unbound DNS server performs DNSSEC validation, but dnssec-trigger will signal it to to use the DHCP obtained forwarders if possible, and fallback to doing its own AUTH queries if that fails, and if that fails prompt the user via dnssec-trigger-applet the option to go with insecure DNS only.

This software is experimental at this time.
Info & link credits and go to "Erwtensoep".

polonus
Title: Re: Tests and other Media topics
Post by: polonus on July 04, 2014, 12:39:00 AM
Learn more about your browser here: http://www.browserleaks.com/flash

polonus
Title: Re: Tests and other Media topics
Post by: polonus on July 07, 2014, 05:26:36 PM
For those who want to know: https://www.eff.org/https-everywhere/atlas/index.html
Example: https://www.eff.org/https-everywhere/atlas/domains/avast.com.html

polonus
Title: Re: Tests and other Media topics
Post by: polonus on August 14, 2014, 12:08:10 PM
Perform this drive-by-download check: http://www.amtso.org/feature-settings-check-drive-by-download.html

polonus
Title: Re: Tests and other Media topics
Post by: Asyn on August 14, 2014, 12:36:01 PM
Perform this drive-by-download check: http://www.amtso.org/feature-settings-check-drive-by-download.html

polonus
Why..!? We're covered. :)
Title: Re: Tests and other Media topics
Post by: polonus on August 28, 2014, 04:19:37 PM
OK problems with your domain, check using Domain Doctor.
An example: https://manage.centralnic.com/support/domain_doctor/superfactura.com.ar

Enjoy, my good friends, enjoy,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on September 07, 2014, 02:17:52 PM
Test here is free: https://www.wormly.com/test_ssl
and here: https://www.ssllabs.com/ssltest/

(Mind you result data cannot be used online as you cannot use these specific information against any online entity, while this is/may not be allowed under the present residing law of certain countries without explicit previously given written consent or just for non-public educational and research purposes which should not be revealed)

Why scan? Well, read here:
https://community.rapid7.com/community/infosec/sonar/blog/2014/09/04/107000-web-sites-no-longer-trusted-by-mozilla

Also test your client security here: https://www.howsmyssl.com/  (mine is OK)
Quote
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5

enjoy, my friends, enjoy,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on September 07, 2014, 02:44:35 PM
Here is where you can also check for weak keys (blacklisted): http://certlogik.com/ssl-checker/
Example: -http://certlogik.com/ssl-checker/forum.avast.com/summary

pol
Title: Re: Tests and other Media topics
Post by: polonus on September 08, 2014, 01:24:38 PM
Can this free tool be used next to avast! ?

https://www.gdata.nl/nl-usb-keyboard-guard

Protects a PC against manipulated pendrives/USB-sticks.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on September 16, 2014, 01:03:36 PM
Has your site or mail been compromised or are you one of the lucky ones?
Test here: https://haveibeenpwned.com/PwnedWebsites
https://haveibeenpwned.com/DomainSearch
and https://pwnedlist.com/query

polonus
Title: Re: Tests and other Media topics
Post by: polonus on September 26, 2014, 11:10:02 PM
Cookiechecker says avast forum site is OK: http://www.cookiechecker.nl/check-cookies.php?url=https://forum.avast.com/index.php
Refreshed here: http://www.cookiechecker.nl/check-cookies.php?url=https://forum.avast.com/index.php&cache=false

Enjoy, my good friends, enjoy,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on September 27, 2014, 05:27:30 PM
For website security testers, http security header misery and the consequences.
Test online: https://securityheaders.com/
What is being tested?
Headers We Examine
Access Control Allow Origin
Content Security Policy
Cross Domain Meta Policy
NoSniff
Server Information
Strict Transport Security
UTF-8 Character Encoding
X-Frame-Options
X-Powered-By
X-XSS-Protection

Get going, get aware, get secure!

polonus
Title: Re: Tests and other Media topics
Post by: polonus on October 16, 2014, 05:28:50 PM
Test against the SSLv3 Poodle Attack. When you vulnerable you see a poodle, a springfield terrier whenever you are safe!
Go to https://www.poodletest.com/
Firefox Users are advised to install this add-on: https://addons.mozilla.org/en-US/firefox/addon/ssl-version-control/

polonus
Title: Re: Tests and other Media topics
Post by: polonus on October 28, 2014, 10:47:58 PM
Google All Over The World!
Test: http://best-seo-tools.net/googlecheck/

polonus
Title: Re: Tests and other Media topics
Post by: polonus on November 09, 2014, 04:39:30 PM
Test the SSL capabilities of your browser here: https://www.ssllabs.com/ssltest/viewMyClient.html

polonus

P.S. Read on backward compatibility: http://tools.ietf.org/html/rfc2246#appendix-E
Title: Re: Tests and other Media topics
Post by: polonus on November 26, 2014, 07:14:36 PM
Hi folks, here is the online tracker tracker: https://tools.digitalmethods.net/beta/trackerTracker/       (credits Maurits Martijn)
Quote
The tool Tracker Tracker uses Ghostery to detect in a set of URLs a predefined set of 'fingerprints' of web technologies, such as social buttons and trackers, and outputs a list of technologies used per URL.

The tool Tracker Tracker can be used to make (some parts of) the 'cloud' visible.
Enjoy, my good forum friend, enjoy,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on November 26, 2014, 07:25:32 PM
Results for example, example is raventools.com

url   scheme   host   path   type   query   aid   cid   date   patterns   objects   name   affilition
http://raventools.com   http   raventools.com      analytics      13   81   2014-11-26 19:23:36   google-analytics\.com\/(analytics\.js|urchin\.js|ga_exp\.js|ga\.js|u\/ga_debug\.js|u\/ga_beta\.js|u\/ga\.js|cx\/api\.js|collect) ; google-analytics\.com   http://www.google-analytics.com/analytics.js ; http://www.google-analytics.com/analytics.js   Google Analytics   
http://raventools.com   http   raventools.com      tracker      588   881   2014-11-26 19:23:37   cdn\.optimizely\.com\/js\/ ; optimizely\.com   http://cdn.optimizely.com/js/2185221172.js ; http://cdn.optimizely.com/js/2185221172.js   Optimizely   
http://raventools.com   http   raventools.com      widget      655   1008   2014-11-26 19:23:37   \.olark\.com

pol
Title: Re: Tests and other Media topics
Post by: polonus on November 28, 2014, 12:14:25 AM
Does this actually work? Re: http://www.iconico.com/emailProtector/
Or is obfuscation already hopeless protection to prevent mail spam harvesting?

Anyone to comment?

polonus

P.S. Browser rendered the mail address sooner as one could say the proverbial phrase...
Another hopeless attempt: http://www.cha4mot.com/t_mailto.html

D
Title: Re: Tests and other Media topics
Post by: Callender on December 20, 2014, 08:39:27 AM
Does this actually work? Re: http://www.iconico.com/emailProtector/
Or is obfuscation already hopeless protection to prevent mail spam harvesting?

Anyone to comment?

polonus

P.S. Browser rendered the mail address sooner as one could say the proverbial phrase...
Another hopeless attempt: http://www.cha4mot.com/t_mailto.html

D

What I tend to use when I need a way for someone to contact me without revealing my email address:

http://xinbox.com/

If you post the URL (obfuscated in my sreenshot since i don't wish to post it here) then any message gets sent to your email inbox.

You get your own URL - example: h**p://xinbox.com/polonus



Title: Re: Tests and other Media topics
Post by: polonus on January 31, 2015, 04:19:49 PM
Test my DNS: https://www.dns-oarc.net/oarc/services/dnsentropy 
Web-based DNS check all results for me were GREAT
Some other online tests for websites: http://www.dnsinspect.com/
and http://mxtoolbox.com/ and  http://www.dnsqueries.com/en/dns_lookup.php

polonus
Title: Re: Tests and other Media topics
Post by: polonus on February 11, 2015, 09:04:07 AM
Nice test site for website developers: http://caniuse.com/
Does your browser support and can you use the technology?

polonus
Title: Re: Tests and other Media topics
Post by: polonus on February 12, 2015, 05:30:18 PM
Test your computer IP for rogue-DNS here: https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS#googtrans(en)
My IP is not configured to use malicious DNS-servers.
link with thanks/credits to FBI - USA v. Vladimir TSASTSIN, ET AL.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on February 22, 2015, 03:45:35 PM
Test for the Superfish Komodia problem on your machine!
Test is here: https://filippo.io/Badfish/

No badfish for me, probably not intercepting my connections!

How are yours?

polonus
Title: Re: Tests and other Media topics
Post by: bob3160 on February 22, 2015, 04:12:46 PM
Test for the Superfish Komodia problem on your machine!
Test is here: https://filippo.io/Badfish/ (https://filippo.io/Badfish/)

No badfish for me, probably not intercepting my connections!

How are yours?

polonus
I prefer a good steak. :) No fish on my systems either. :)
Title: Re: Tests and other Media topics
Post by: polonus on February 22, 2015, 04:28:58 PM
Hi bob3160,

Also rather have a good burger than  Komodia's "gefillte fisj"  ;)

Damian
Title: Re: Tests and other Media topics
Post by: polonus on February 22, 2015, 04:57:27 PM
But you should do that test, as others/malcreants can now also intercept Superfish encrypted proxy communications: http://threatpost.com/lenovo-superfish-certificate-password-cracked/111165
Good that Windows Defender removes it.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on February 22, 2015, 05:18:49 PM
Time to clean the crap and junk from your computer: http://www.pcworld.com/article/2141881/beat-it-bloatware-how-to-clean-the-crap-off-your-pc.html

polonus
Title: Re: Tests and other Media topics
Post by: DavidR on February 22, 2015, 06:11:50 PM
Test for the Superfish Komodia problem on your machine!
Test is here: https://filippo.io/Badfish/

No badfish for me, probably not intercepting my connections!

I generally never bother with these tests as for the most part I have to actually let the test through NoScript and RequestPolicy. But a bigger consideration is that you have to trust the test site and you all know what a trusting sort I am NOT.
Title: Re: Tests and other Media topics
Post by: polonus on February 22, 2015, 10:26:24 PM
The test link appeared on several renowned security forums, so I very much doubt there is something fishy about it.
Else you have to dig deep down into the register to get to traces of this.
There are 5 native scripts on that test site, none of which blocked and only google analytics dot com.
Nothing out of the ordinairy here as well: http://www.dnsinspect.com/filippo.io/1424639646 - hosted by CloudFlare.
I tested this site before I passed it on: http://fetch.scritch.org/%2Bfetch/?url=https%3A%2F%2Ffilippo.io%2FBadfish%2F&useragent=Fetch+useragent&accept_encoding=

In the case of Yes, the connection is not private: htxps://san.filippo.io/yes.js?cachekill=
and htxps://selfsigned.filippo.io/yes.js?cachekill=  &  htxps://badfish.filippo.io/yes.js?cachekill=
Could not get domain's name servers from parent servers, because it is self-signed naturally  ;D
html5shiv.js was implemented by the researchers to get results from earlier IE versions.

Security Header Status for test site - https://www.uploady.com/download/l0pdXoxI5Pi/7jjn923f6vpne2jP
Warnings on: The secure flag on cookies instructs the browser to only submit the cookie as part of requests over secure (HTTPS) connections. This prevents the cookie from being observed as plain text in transit over the network.
The HttpOnly flag instructs the browser that this cookie can only be accessed when sending an HTTP request. This prevents scripts running as part of a page from retrieving the value and is a defense against XSS attacks.
Major Warning: Data returned in web responses can be cached by user's browsers as well as by intermediate proxies. This directive instructs them not to retain the page content in order to prevent others from accessing sensitive content from these caches. But we have to trust the researcher expert's good intentions.

Again the proverb goes""You can take a horse to the water, but tou cannot make it drink!".

Damian

Manual removal of that Superfish: https://filippo.io/Badfish/removing.html
Title: Re: Tests and other Media topics
Post by: !Donovan on February 23, 2015, 03:37:28 AM
Time to clean the crap and junk from your computer: http://www.pcworld.com/article/2141881/beat-it-bloatware-how-to-clean-the-crap-off-your-pc.html

polonus
Another reason why to choose Chrome OS over traditional OSes :D

Greets
~!Donovan
Title: Re: Tests and other Media topics
Post by: polonus on February 23, 2015, 01:41:31 PM
For one aspect DavidR is right, the SuperFish test site is vulnerable to POODLE: http://toolbar.netcraft.com/site_report/?url=https%3A%2F%2Ffilippo.io%2FBadfish
One big question as end-user - "What parties are left that we really can trust with our connections and data". From the days of the famous NSA revelations we know that we cannot put any trust anymore in Big Government and now it is shown that we cannot trust Big Commerce either. What more proof do we need - bad certificates, degraded and backdoored protocols, bad security implimentations and all of this more or less done on purpose to turn the Interwebs into one enormous big monitoring and surveillance machine that dragnets all your data for whoever benefits. Anyone who wants to color another picture there is wrong or keeping up the big lie especially to themselves - the Internet, my best friends, is pn*wned big time and has been so since the turn of this century.

Damian
Title: Re: Tests and other Media topics
Post by: polonus on February 23, 2015, 02:30:00 PM
Firefox now considers blacklisting: https://bugzilla.mozilla.org/show_bug.cgi?id=1134506

polonus
Title: Re: Tests and other Media topics
Post by: bob3160 on February 23, 2015, 03:29:12 PM
For one aspect DavidR is right, the SuperFish test site is vulnerable to POODLE: http://toolbar.netcraft.com/site_report/?url=https%3A%2F%2Ffilippo.io%2FBadfish (http://toolbar.netcraft.com/site_report/?url=https%3A%2F%2Ffilippo.io%2FBadfish)
One big question as end-user - "What parties are left that we really can trust with our connections and data". From the days of the famous NSA revelations we know that we cannot put any trust anymore in Big Government and now it is shown that we cannot trust Big Commerce either. What more proof do we need - bad certificates, degraded and backdoored protocols, bad security implimentations and all of this more or less done on purpose to turn the Interwebs into one enormous big monitoring and surveillance machine that dragnets all your data for whoever benefits. Anyone who wants to color another picture there is wrong or keeping up the big lie especially to themselves - the Internet, my best friends, is pn*wned big time and has been so since the turn of this century.

Damian
There are always smoke signals but they can also be intercepted.
2 cans connected by a string might be better.
There is an old saying that states:
"In God we trust, all others pay cash." It simply means there isn't any one in this world that can really be trusted.
Any time you share with anyone, you are taking a chance on having your information shared with an unexpected party.
I go back to the days when a handshake was your bond. Now, a handshake is simply another way of spreading germs.
This world has come a long way and there have been many technological improvements.
For somethings however we've also taken a giant stride backwards.





Title: Re: Tests and other Media topics
Post by: polonus on February 23, 2015, 03:54:18 PM
Hi bob3160,

I saw that all coming when I wrote this thread: https://forum.avast.com/index.php?topic=165018.0 re-read it and start to shiver, it brought us SuperFish and PrivDog and more corruption for that matter.
Just go here: http://cyh.herokuapp.com/cyh and check
Test here against POODLE: https://www.poodlescan.com/
Test here: http://toolbar.netcraft.com/site_report/
Now you will find that there is an enormous amount of https servers that are not following best policy configuration - have missing security headers - are forwarding excessive info to script kiddies and attackers or are just into shady ad-ware schemes and deals.
All that should really be trustworthy is backdoord, officially being downgraded, pn8wed grand time and no-one is stirring a finger - like the Wild West in 1871 where the sheriff was chased off by the criminals. Who is gonna speak up for the end-user?

And I have been addressing these insecurities time and time again with my website scanning in the virus and worms. If it only could convince one websmaster or hosting party to do a better job for the security of all.

Damian
Title: Re: Tests and other Media topics
Post by: polonus on February 26, 2015, 01:38:12 PM
A browser can check a certificate from a webserver whether it is actual and not revoked.
Is this a trusted CA? DANE helps you.
Test here: http://www.dnssec-failed.org/
and here: https://bad-sig.dane.verisignlabs.com/

Read: http://www.thesafemac.com/avasts-man-in-the-middle/
Anyone to comment to this story. Is it trustworthy info or a rant, as it pretty much required behavior for antivirus software when they want to scan https://
Likewise settings are found with ESET and Kaspersky;s but not in a standard way.

We trust in Avast, unless we test.

Also test here: https://www.had-pilot.com/dane/danelaw.html

polonus
Title: Re: Tests and other Media topics
Post by: polonus on February 26, 2015, 07:08:42 PM
In the light of the spreading Super Fish Scandal, test DNSSEC: http://dnssec-debugger.verisignlabs.com/

pol
Title: Re: Tests and other Media topics
Post by: polonus on February 26, 2015, 07:12:58 PM
Is avast vulnerable? http://dnssec-debugger.verisignlabs.com/forum.avast.com
-> https://www.uploady.com/download/5oAte0Qd2qw/0GQE66YVdXA2afhl

Superfish is very big to handle.....

Damian
Title: Re: Tests and other Media topics
Post by: polonus on March 04, 2015, 01:00:08 AM
Do this test to see whether your web client is vulnerable to the Freak Attack Threat:
https://www.freakattack.com/clienttest.html
My results Good News! Your browser appears to be safe from the FREAK Attack!
If you're curious, your client currently offers the following cipher suites:

But read: https://community.qualys.com/thread/12169
Checked OK here: https://www.ssllabs.com/ssltest/viewMyClient.html

polonus
Title: Re: Tests and other Media topics
Post by: polonus on March 05, 2015, 05:40:28 PM
As Open DNS now brought Nlp checking for domains - so checking the domain name comes with the same ASN and resembling domains  like -g00gle.com will get 2 minus points.
But we can also test websites here for Nlp: http://nlp-system.com.statstool.com/
and combine with this scan: http://www.dnsinspect.com/
Enjoy, my friends, enjoy.

polonus
Title: Re: Tests and other Media topics
Post by: bob3160 on March 05, 2015, 08:39:51 PM
As Open DNS now brought Nlp checking for domains - so checking the domain name comes with the same ASN and resembling domains  like -g00gle.com will get 2 minus points.
But we can also test websites here for Nlp: http://nlp-system.com.statstool.com/ (http://nlp-system.com.statstool.com/)
and combine with this scan: http://www.dnsinspect.com/ (http://www.dnsinspect.com/)
Enjoy, my friends, enjoy.

polonus
We can also use Avast's Online Security module and make sure the Site Correct function is checked:
(http://www.screencast-o-matic.com/screenshots/u/Lh/1425584318772-10029.png)
This will prevent you form getting to that bad site in the first place. :)
Title: Re: Tests and other Media topics
Post by: polonus on March 05, 2015, 08:50:59 PM
Hi bob3160,

I always have an eye out on the green circle there.
See my settings now: https://www.uploady.com/download/MYNvUuPtuYV/iL9cBzhb2kcEbfJy

polonus
Title: Re: Tests and other Media topics
Post by: polonus on March 06, 2015, 05:50:35 PM
WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices.
What web to check can be found here: http://whatweb.net/
To find out what websites are Built With, check here: http://builtwith.com/

polonus
Title: Re: Tests and other Media topics
Post by: polonus on March 10, 2015, 06:08:33 PM
Adsense banned checker: http://www.bannedbyadsense.com/
and another: http://www.isbanned.com/

polonus
Title: Re: Tests and other Media topics
Post by: polonus on March 14, 2015, 05:13:04 PM
A GZip Discrimination test: http://nontroppo.org/tools/gziptest/?url=
Opera users can use this button to drag to a toolbar of choice: opera:/button/Go to page, %22http://nontroppo.org/tools/gziptest/?url=%25u%22

pol
Title: Re: Tests and other Media topics
Post by: polonus on March 18, 2015, 10:07:12 PM
Test for Superfish in Google Chrome: https://lastpass.com/superfish/
For firefox there is this extension: https://addons.mozilla.org/en-us/firefox/addon/superfish-checker/?src=cb-dl-recentlyadded

polonus
Title: Re: Tests and other Media topics
Post by: bob3160 on March 18, 2015, 11:00:00 PM
Test for Superfish in Google Chrome: https://lastpass.com/superfish/ (https://lastpass.com/superfish/)
For firefox there is this extension: https://addons.mozilla.org/en-us/firefox/addon/superfish-checker/?src=cb-dl-recentlyadded (https://addons.mozilla.org/en-us/firefox/addon/superfish-checker/?src=cb-dl-recentlyadded)

polonus

You can also run the LastPass test in Firefox if your using FF 37.0 :)
(http://www.screencast-o-matic.com/screenshots/u/Lh/1426715840242-32424.png)
Title: Re: Tests and other Media topics
Post by: polonus on March 18, 2015, 11:04:26 PM
Does http://screenshots.screencast-o-matic.com/screenshot/u/Lh/1426715840242-32424.png
works for all as in bob3160's reply? Hi bob, you and I are secure  ;D

See attached...
Title: Re: Tests and other Media topics
Post by: polonus on March 25, 2015, 03:50:14 PM
Is your DNS hijacked?
Test here: https://www.ismydnshijacked.com/
So your router DNS-settings were not altered by cybercriminals,
then all is well.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on April 04, 2015, 08:01:25 PM
To those that know how to protect themselves,   Message on ScriptSafe and uMatrix extensions for Google Chrome.

These two extensions are the best in-browser-security related extensions that came to be installed into the Google Chrome browser and the combination can be compared to the No-Script and Request Policy add-on combination for firefox.
For working both extensions you do not need rocket science, but if you want to surf dumbed down on full automatic clicking after anythings that shows up on the browser screen to completely work your PC or laptop into a doorstopper only state, please do not read on. When you trust others to take care of your browser security and you do not want to have anything to do with it, this posting is not meant for you.
For the others, this is not too hard. First know where you are going, whenever you are visiting a link from a search page that is not alerted as suspicious (Avast Online Security warning,  Bitdefender Traffic Light alert, DrWeb URL checker warning, Google Safebrowsing or Yandex blacklisting alert or privacy alert) or when you visited a website before work ScriptSafe green and allow the main site and block third parties or allow third parties also when that is needed for the full functionality of that page (else leave these blocked), for uMatrix you follow a likewise procedure, only click there if you need additional blocking or when you need more functionality on a certain secure webpage.
Rule 1 when you get an alert from Avast Online Security or the Avast Shields or Bitdefender TrafficLight extension or DrWeb's or Google Safebrowsing or Yandex alert, do not go to that destination and do not visit that website. When you are a responsible guy or gal report the link with hxtp or wXw so the unaware cannot get infected by clicking a live link. We have section for that here on the forums; the virus and worms or report to virus@avast.com.
Really folks, these two extension can be learned to be toggled and the additional bonus is advanced security (you can block any frame, any script you like inside the extension), more insight in what threatening things can arrive at your browser from the Interwebs and additional privacy by blocking scripts that try to track you with analytics, ads, widgets etc.
Install ScriptSafe and uMatrix from the Google Webstore https://chrome.google.com/webstore/detail/scriptsafe/oiigbmnaadbkfbmpbfijlflahbdbdgdf
and
https://chrome.google.com/webstore/detail/%C2%B5matrix/ogfcmafjalglgifnmanfmnieipoejdcf
learn to point and click and enjoy the advanced browser security you have gained through a couple of right toggling clicks.

An important observation - always toggle uMatrix first and then adjust ScriptSafe, just in that order!

Users that want to experience a uMatrix-like extension in firefox should try Policeman:
https://addons.mozilla.org/nl/firefox/addon/policeman/
Also support rules based on content type: images, styles, scripts, frames etc.
The purpsoe of the extension is similar to NoScript and RequestPolicy.

When uMatrix comes to firefox, we will be have a hard time to choose between chrome and firefox,
tired a bit of the increasing bloatness of these "googlalities",
but the searching versatility keeps me aboard.

Just look at a youtube website through the eyes of uMatrix with some 248 items that can be toggled.
Google is the Big Tracking machine par excellence.
For that reason I added Stop Tracking -> chrome://extensions/?id=cjadnibdialbplafleaocjllgggfflko
and you won't be tracked any longer.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on April 05, 2015, 05:32:21 PM
Who is using this block list in the hosts file?.
Re http://pgl.yoyo.org/adservers/serverlist.php?showintro=0;hostformat=hosts

One of the blocked items: https://www.mywot.com/en/scorecard/cash4webmaster.de?utm_source=addon&utm_content=popup
Spam. Scam and Ponzi Schemes...

polonus
Title: Re: Tests and other Media topics
Post by: polonus on April 07, 2015, 11:11:28 AM
I did not notice this before, VT now give Snort and Suricata IDS alerts

An example here:
exploit detection
https://www.virustotal.com/en/file/961751ef6378515dc09a94135fa0c23d133aa41ae6dc2267340067773f51efde/analysis/

This is an important enhancement of virustotal scan capabilities, I can therefore compare these detections now with urlquery dot net scan results and the IDS alerts there and the Fortinet findings.
And check on the alerts, like "ET POLICY HTTP Request on Unusual Port Possibly Hostile (Potential Corporate Privacy Violation) -" leads us to these resources:  http://www.aldeid.com/wiki/Suricata-vs-snort/Test-cases/Malwares-viruses. These test-cases may be revealing, so one may learn what kind of malware comes 'covered by these rules" . So combining snort rule detection patterns can narrow down detection. Also one could compare the Fortinet findings from urlquery dot net and go after (search) either the malware name or IP preceded by the term Clean MX. So the search query "clean mx Packed.Generic.187" delivers: realtime:
http://support.clean-mx.de/clean-mx/md5.php?Sophos=Mal/Behav-351, this is a simple identification, see: https://malwr.com/analysis/MDMzOWM3MDM4Y2JhNDllMmI0YTFmN2MxOTdmMTAxNjA/  and then we return to the detailed snort analysis;
Quote
Packed.Generic.187
Test: 84dc4e81531c373e431d818790dd26d1
Payload: pcap
Suricata trace:
ET USER_AGENTS Suspicious Mozilla User-Agent - Likely Fake
BACKDOOR rogue software ms antispyware 2009 runtime detection
Suricata score: 1
Snort trace:
A Network Trojan was detected
I think users should always have VT as a pre-checker in the browser now just one click away, for example via VTchromizer.
Read here from Madras Geek: http://www.madrasgeek.com/2010/12/scan-for-virus-malware-removal-with-virustotal-chromizer.html  download VTChromizer here-> https://chrome.google.com/extensions/detail/efbjojhplkelaegfbieplglfidafgoka

For the real g33ks and aware, a nice pcap collection here: https://www.mediafire.com/?a49l965nlayad#a49l965nlayad (info credits Mila Parkour) Be aware do not open payloads.

polonus

Title: Re: Tests and other Media topics
Post by: polonus on April 11, 2015, 05:40:52 PM
Website Test behind the Great Firewall of China for various locations:
http://www.websitepulse.com/help/testtools.china-test.html
and http://www.greatfirewallofchina.org/
and here: https://en.greatfire.org/
DNS tests: http://viewdns.info/chinesefirewall/
See attached our forum website seems blocked:
Contradictory results here: https://en.greatfire.org/https/forum.avast.com/index.php

pol
Title: Re: Tests and other Media topics
Post by: polonus on April 12, 2015, 11:58:18 PM
What uMatrix is blocking as malware domains/just domains - updated 3rd-party assets
Those users here on the forums working ScriptSafe next to uMatrix like to have this info.
updated 3rd-party assets: https://github.com/gorhill/uMatrix/commit/d2ed6778c59d2592ecb3f854a4853b522e38ec30
Also look here: https://github.com/gorhill/uMatrix/blob/master/assets/umatrix/blacklist.txt
# Blacklist maintained by HTTP Switchboard (the pre-decessor of the uMatrix extension).
# For those domain names which are not found in other blacklists
enjoy....

polonus
Title: Re: Tests and other Media topics
Post by: polonus on April 15, 2015, 10:49:07 PM
Cookie cheker test: http://www.123simples.com/website-cookie-test.asp
see: http://websitecookiechecker.com/

polonus
Title: Re: Tests and other Media topics
Post by: polonus on April 17, 2015, 11:21:38 AM
To-day I was surveying at a design coding exam at a Higher Educational Insitute for IT staff outbuilding and polonus would not be polonus when he would not be going over the code.
When "public Void" was staring back at me and I combined that with the words "override" and "XSS exploitable".
Re: http://ricardozuasti.com/2012/stronger-anti-cross-site-scripting-xss-filter-for-java-web-apps/
See: https://github.com/tonyzampogna/XssSanitizer/blob/master/test/unit/org/tonyzampogna/xss/sanitizer/util/XssSanitizerUtilTest.java
This example shows how in the JVM memory system two objects are at a different address while the stored parameter is in the same memory location, and is overwritten by the second method. This is the basis of the "vulnerability".
actually it is a so-called C vulnerability, that you need not live with if you develop in Java.

info credits go to thomas-pornin

polonus
Title: Re: Tests and other Media topics
Post by: polonus on April 17, 2015, 11:43:43 AM
Test whether an iis server has been patched with MS15-034.
Go here: https://lab.xpaw.me/MS15-034/
Example: Cannot discern patch status of www.iisprotect.com. This most likely means it is not vulnerable.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on April 17, 2015, 01:26:52 PM
Check and secure Browser and Plug-in check: http://www.check-and-secure.com/browsercheck/_en/

polonus
Title: Re: Tests and other Media topics
Post by: polonus on April 17, 2015, 04:55:26 PM
A nice companion for Google Chrome's ScriptSafe and uMatrix and uBlock extensions is
Webpage behavior report tool known as Browser JSGuard -
Supported by DeitY & CERT-In, Govt. of India

An Addon for Detecting Malicious and Suspicious Webpages.
Features:
Content/Heuristic based web malware protection.
Alerts the user on malicious web pages.
Provides detailed analysis of a webpage(by clicking on the icon present in Addon bar).

It checks for Hidden iFrame(s) Redirections.
UnAuthorized Redirections
Encoded Javascript
External Domain Requests
Trackers

Download: https://chrome.google.com/webstore/detail/browserjsguard/ncpkigeklafkopcelcegambndlhkcbhb

I tested it and rather like this extension.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on April 17, 2015, 10:27:32 PM
Real tracking is more extensive than extensions show you.....
See real results via txt file attached
Bitdefender blocks Comscore Beacon and OneStat Tracker, ScriptSafe blocks <WEBBUG> (1)
Ghostery blocks TradeDesk, Avast Online Security does not block any.
Disconnect blocks Google Analytics. uMatrix blocks screencast-o-matic.com. *
http://screencast-o-matic.com links to the following External Domains:
==>twitter-badges.s3.amazonaws.com
==>platform.twitter.com
==>facebook.com  & facebook tracker found.

So there is much more tracking going on under the browser hood than we learn from Bitdefender, DrWeb's, Avast,
Ghostery, Disconnect and the others. The following sites know that you have visited this page:
The following sites know that you visited this page. Click on a site to find out what more it knows about you.
-adsrvr.org
-bing.com
-bkrtx.com
-idg.nl
-leadboxer.com
-plista.com
-stepstone.nl

polonus

P.S. -sync.search.spotxchange.com and others blocked by μMatrix
Title: Re: Tests and other Media topics
Post by: polonus on April 22, 2015, 11:04:39 PM
Syntax validator online: http://esprima.org/demo/validate.html

enjoy
Title: Re: Tests and other Media topics
Post by: polonus on April 23, 2015, 07:16:08 PM
Check your internet connection in three steps: http://www.check-and-secure.com/ipcheck/_en/solution/clean.php

pol
Title: Re: Tests and other Media topics
Post by: bob3160 on April 23, 2015, 09:52:11 PM
Real tracking is more extensive than extensions show you.....
See real results via txt file attached
Bitdefender blocks Comscore Beacon and OneStat Tracker, ScriptSafe blocks <WEBBUG> (1)
Ghostery blocks TradeDesk, Avast Online Security does not block any.
Disconnect blocks Google Analytics. uMatrix blocks screencast-o-matic.com. *
http://screencast-o-matic.com (http://screencast-o-matic.com) links to the following External Domains:
==>twitter-badges.s3.amazonaws.com
==>platform.twitter.com
==>facebook.com  & facebook tracker found.

So there is much more tracking going on under the browser hood than we learn from Bitdefender, DrWeb's, Avast,
Ghostery, Disconnect and the others. The following sites know that you have visited this page:
The following sites know that you visited this page. Click on a site to find out what more it knows about you.
-adsrvr.org
-bing.com
-bkrtx.com
-idg.nl
-leadboxer.com
-plista.com
-stepstone.nl

polonus

P.S. -sync.search.spotxchange.com and others blocked by μMatrix
I've used and recommended Screencast-O-Matic for a few years.
It's my main program for creating instructional and other Video's.
I also use it to create screenshots which you'll find on many of the posts in this forum.
There is blocking and then there's getting a little out of hand.
Why not simply stop using any of the modern browsers and stop going to any of the websites ???
Title: Re: Tests and other Media topics
Post by: polonus on April 23, 2015, 11:08:13 PM
Hi bob3160,

Well me demonstrating this is just for educational purposes and just to show how one-sided the whole story has become.
It seems the user is just being tolerated for what known reasons, but does not play any role. The users are just generating clicks in a pay per click model.

And it is gonna get much worse when TTP arrives - companies and investors would be empowered to challenge regulations, rules, government actions and court rulings — federal, state or local — before tribunals and the role of governments and end-users will be further minimalized, as lawyers like to have their piece of the cake with these big international corporations.

That is where we are heading in the near future on both sides of the Atlantic and there is not much we can do about it,
so I will happily browse on while I can and use Google as my global instrument with Avast inside.  ;D

Damian
Title: Re: Tests and other Media topics
Post by: polonus on April 24, 2015, 06:39:54 PM
Example generated Javascript Alert Code
Copy and paste the code between the <head> </head> tags of your webpage. The alert will pop up on page load
Code: [Select]
<SCRIPT LANGUAGE="JavaScript">
<!-- Hide from older browsers
alert('You are getting this alert at this very moment');
// end hiding -->
</SCRIPT>

Handy code generators here: http://www.htmlbasix.com/

And to bring in some randomness go here: http://www.randomcodegenerator.com/

pol
Title: Re: Tests and other Media topics
Post by: polonus on April 25, 2015, 02:03:10 PM
Is this a secure service?: https://www.dashlane.com/scan/11#/login

polonus
Title: Re: Tests and other Media topics
Post by: bob3160 on April 25, 2015, 04:08:32 PM
Is this a secure service?: https://www.dashlane.com/scan/11#/login (https://www.dashlane.com/scan/11#/login)

polonus
A service of Dashlane (https://www.dashlane.com/) the Password Manager program.
(if you trust them with your passwords, then this should be safe. :)

Title: Re: Tests and other Media topics
Post by: polonus on April 26, 2015, 03:04:51 PM
Mixed content still the easiest way to break SSL: http://blog.ivanristic.com/2014/03/https-mixed-content-still-the-easiest-way-to-break-ssl.html  (web article author = Ivan Ristić).
Check the insecure content on a website here: https://www.jitbit.com/sslcheck/
or here: https://www.whynopadlock.com/

Re: https://www.bram.us/2014/12/10/mixed-content-scan-scan-your-https-enabled-website-for-mixed-content/
Fix
The best strategy to avoid mixed content blocking is to serve all the content as HTTPS instead of HTTP.

For your own domain, serve all content as HTTPS and fix your links.  Often, the HTTPS version of the content already exists and this just requires adding an "s" to links - http:// to https://.

For other domains, use the site's HTTPS version if available. If HTTPS is not available, you can try contacting the domain and asking them if they can make the content available via HTTPS.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on April 26, 2015, 05:41:53 PM
I often see a lot of site with insecure login flagged by saferChrome, like here:
SaferChrome: Insecure login: Password will be transmited in clear to http://www.dagelijksestandaard.nl/wp-login.php?redirect_to=%2F2015%2F04%2Fvijf-lekkere-snacks-die-je-koningsdag-nog-beter-maken%2F5%2F detected

Read: http://www.stealmylogin.com/ written by Alex Sirota
Exposing the dangers of insecure login forms *

The bookmarklet (from here *) used to test:
Code: [Select]
GET //data.stealmylogin.com/stealmylogin.js';document.getElementsByTagName('head')[0].appendChild(s);alert('StealMyLogin%20injected');})(); HTTP/1.1
Host: javascript:(function() {var s=document.createElement('script');s.src='http:

polonus

Title: Re: Tests and other Media topics
Post by: polonus on April 27, 2015, 12:27:32 AM
Testing for SHA-1 online.
Unsecure, checked at: https://shaaaaaaaaaaaaa.com/check/www.tivo.com
results: Dang.
www.tivo.com is using SHA-1.
Which is too bad, because SHA-1 is becoming dangerously weak. It's time to upgrade to SHA-2.
Compare here:
http://toolbar.netcraft.com/site_report?url=https%3A%2F%2Fwww.tivo.com%2Ftivo-mma%2Flogin%2Fshow.do

Read on backgrounds: https://konklone.com/post/why-google-is-hurrying-the-web-to-kill-sha-1http://toolbar.netcraft.com/site_report?url=https%3A%2F%2Fwww.tivo.com%2Ftivo-mma%2Flogin%2Fshow.do

On that page as a bonus a converter: http://konklone.io/json/

polonus
Title: Re: Tests and other Media topics
Post by: polonus on May 01, 2015, 02:34:00 PM
Test your PHP code online here:
http://www.icosaedro.it/phplint/phplint-on-line.html
Results for some code I gave in:
Code: [Select]
PHPLint report
PHPLint 2.1_20150305
Copyright 2015 by icosaedro.it di Umberto Salsi
This is free software; see the license for copying conditions.
More info: http://www.icosaedro.it/phplint

BEGIN parsing of /tmp/test-61ynKJ
1:      <?php
2
:      function rbl_lookup($ipv4) {

        function 
rbl_lookup($ipv4) {
                                  \
_ HERE
==== 2ERRORundefined type for argument $ipv4Hintyou may indicate an explicit type (example: `/*.int.*/ $ipv4') or assign a default value (example: `$ipv4=123') or add a DocBlock line tag (example: `@param int $ipv4').
3:          $ip explode("."$ipv4);
4:          $rbl_url ".rbl.blockedservers.com";
5:          $rbl_hostname $ip[3].".".$ip[2].".

            
$rbl_hostname = $ip[3].".".$ip[2].".
                                                \
_ HERE
==== 5Warningfound control character (carriage return, CR13in literal stringThis msg is reported only once for each string
6
:                        ".$ip[1].".".$ip[0]."". $rbl_url;
7:      
8:          
$rbl_lookup = gethostbyname($rbl_hostname);
9:      
10:         if(
$rbl_lookup == $rbl_hostname) {

            if(
$rbl_lookup == $rbl_hostname) {
                                           \_ HERE
==== 10: ERROR: comparing (string) == (string) - Hint: use strict comparison operator `===' instead.
11:             return 1;
12:         }
13:         else {
14:             return 0;
15:         }
16:     }
17:     ?>

END parsing of /tmp/test-61ynKJ
==== ?:?: notice: unused module mysql.php
==== ?:?: notice: unused module pcre.php
==== ?:?: notice: unused package stdlib/dummy.php
==== ?:?: notice: required module standard.php
Overall test results: 2 errors, 1 warnings.
Title: Re: Tests and other Media topics
Post by: polonus on May 05, 2015, 03:40:21 PM
Test - Check the Revocation Lists (CRL) and the OCSP status of an (SSL) Certificate
online here: http://certificate.revocationcheck.com/
Test Created by Paul van Brouwershaven

In the days of HTTPS Everywhere we need such checks more than ever.
Nice to combine with a Netcraft Tool Results report.

We even have some risk here: http://toolbar.netcraft.com/site_report?url=http://certificate.revocationcheck.com
Bad zone = alex.ns.cloudflare.com -> http://www.dnsinspect.com/cloudflare.com/1430833139
Read: https://blog.cloudflare.com/whats-the-story-behind-the-names-of-cloudflares-name-servers/

polonus
Title: Re: Tests and other Media topics
Post by: polonus on May 05, 2015, 05:56:33 PM
I give an example of a problem site: solarlist.com Identity verified but with warnings
Encryption (HTTPS) (1)
Communication is encrypted
Site tries to load scripts from sources that weren't verified - so-called mixed content.
Possible Frontend SPOF from:

maps.google.com - Whitelist
(75%) - <script type='text/javascript' src='http://maps.google.com/maps/api/js?sensor=false&ver=1.0'>
html5shiv.googlecode.com - Whitelist
(71%) - <script src="http://html5shiv.googlecode.com/svn/trunk/html5.js">
fonts.googleapis.com - Whitelist
(69%) - <link href='http://fonts.googleapis.com/css?family=Open+Sans:300,400,700' rel='stylesheet' type='text/css'>
(69%) - <link href='http://fonts.googleapis.com/css?family=Open+Sans:300,400,700' rel='stylesheet' type='text/css'>
s3.amazonaws.com - Whitelist
(11%) - <script src="//s3.amazonaws.com/scripts.hellobar.com/c42e00ca9c042c9f6457cf24ee9836a494d021b3.js" type="text/javascript">

See check: http://certificate.revocationcheck.com/solarlist.com

See: https://www.eff.org/https-everywhere/atlas/domains/solarlist.com.html

The following sites know that you visited this page. Click on a site to find out what more it knows about you.
-amazonaws.com
-google.com
-vimeo.com

Netcraft Website Risk Ranking 1 red out of 10: http://toolbar.netcraft.com/site_report?url=https://solarlist.com

Scanning target:  162.159.246.65 on port 443 ...

Found 1 servers with port 443 open
Checking for SSLv3 POODLE vulnerability...

IP address   Hostname   Status   Vulnerable ciphers
162.159.246.65      NOT Vulnerable   
Where I sacnned this? Here: https://pentest-tools.com/vulnerability-scanning/ssl-poodle-scanner

polonus
Title: Re: Tests and other Media topics
Post by: polonus on May 08, 2015, 11:50:03 PM
Test for  X-XSS-Protection: 1; mode=block: http://www.enhanceie.com/test/xss/BlockMode.asp

What is this? X-XSS-Protection is a HTTP header understood by Internet Explorer 8 (and newer versions). This header lets domains toggle on and off the "XSS Filter" of IE8, which prevents some categories of XSS attacks. IE8 has the filter activated by default, but servers can switch if off by setting.
As  it seems to me (proof is hard to find) that it only protects against Reflected XSS (infosecisland.com/blogview/…), also because it does not have any mean to detect Stored XSS (also called Persistent XSS) info credits go to Luca Invernizzi at stackoverflow!

polonus

Netcraft extension and malware script detector will be flagging this and block it as well:
Quote
This page has been blocked by the Netcraft Extension for the following reason:

Suspected XSS Attack

Blocked URL: http://webdbg.com/test/xss/HelloBlockMode.asp?lotsoX=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx etc.

D

Title: Re: Tests and other Media topics
Post by: polonus on May 10, 2015, 01:23:24 AM
With voices heard to legalize mass surveillance at least until 2020, here is an insteresting website with projects to opt out (where and while still possible) -> https://prism-break.org/en/
Quote
Disclaimer: Using the recommended projects on this site will not guarantee that 100% of your communications will be shielded against surveillance states. Please do your own research before trusting these projects with sensitive information.
Disclaimer quote taken from above website. Link source - Peng Zhong 2015.

polonus

P.S. A weird test result: https://en.wikipedia.org/wiki/Intelligence_Quotient_%28IQ%29_and_Browser_Usage

D
Title: Re: Tests and other Media topics
Post by: polonus on May 12, 2015, 07:07:01 PM
Open port check tool: http://www.yougetsignal.com/tools/open-ports/
The open port checker is a tool you can use to check your external IP address and detect open ports on your connection. This tool is useful for finding out if your port forwarding is setup correctly or if your server applications are being blocked by a firewall. This tool may also be used as a port scanner to scan your network for ports that are commonly forwarded. It is important to note that some ports, such as port 25, are often blocked at the ISP level in an attempt to prevent malicious activity.
Combine with a Dazzlepod IP check: https://dazzlepod.com/ip/

Mind that the results can only be for IPs you own and you cannot publish third party scan results.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on May 14, 2015, 11:51:12 PM
A short survey of IP blocklists:

https://atlas.arbor.net/
http://support.clean-mx.de/clean-mx/viruses
http://www.cymru.com/Documents/bogon-dd.html
http://www.dshield.org/ipsascii.html
http://www.emergingthreats.net/index.php/rules-mainmenu-38.html
http://code.google.com/apis/safebrowsing/
http://hosts-file.net/
http://malc0de.com/database/
http://www.malwaredomains.com/wordpress/?page_id=66
http://www.malware-control.com/
http://malwared.ru/database.php?page=1
http://www.malwaredomainlist.com/hostslist/hosts.txt
http://www.malware.com.br/lists.shtml
http://www.malwareurl.com/
http://www.norse-corp.com/darklist.html
http://openphish.com/
http://mdl.paretologic.com/
http://www.phishtank.com/phish_archive.php
http://www.projecthoneypot.org/list_of_ips.php
http://www.scumware.org/
http://www.shadowserver.org/wiki/pmwiki.php?n=Services/Reports
http://labs.snort.org/iplists/
http://mtc.sri.com/
http://sucuri.net/?page=tools&title=blacklist
http://www.threatstop.com/
http://urlblacklist.com/
https://zeustracker.abuse.ch/blocklist.php
https://zeustracker.abuse.ch/monitor.php?browse=binaries
http://www.blade-defender.org/eval-lab/
https://malwr.com/
http://www.nictasoft.com/viruslib/   

(link source credits go to CWZ)

polonus
Title: Re: Tests and other Media topics
Post by: polonus on May 15, 2015, 12:01:08 AM
Another good initiative with https being phased in: https://sslbl.abuse.ch/

Also some interesting SSL checking links given.
Like to add:
https://ssl.trustwave.com/support/support-certificate-analyzer.php?address=
https://www.whynopadlock.com/
https://certlogik.com/ssl-checker/www.reddit.com/
https://www.poodlescan.com/
https://shaaaaaaaaaaaaa.com/
https://www.trustworthyinternet.org/ssl-pulse/
https://pentest-tools.com/vulnerability-scanning/openssl-heartbleed-scanner

polonus

Title: Re: Tests and other Media topics
Post by: polonus on May 15, 2015, 10:35:30 PM
Real World Protection Test Results, download here: http://www.av-comparatives.org/wp-content/uploads/2015/05/avc_factsheet2015_04.pdf

polonus
Title: Re: Tests and other Media topics
Post by: polonus on May 18, 2015, 12:11:35 AM
Next to this DNS scanner: http://www.dnsinspect.com/stabletransit.com/1431899954
I stumbled upon this one: http://www.nabber.org/projects/dnscheck/?domain=stabletransit.com *
Both can be nicely combined when you dive into some DNS issue.
So tried to get scan results with stealth nameservers *.
Read: https://support.dnsmadeeasy.com/index.php?/Knowledgebase/Article/View/108/16/why-am-i-getting-these-stealth-name-server-errors-and-warnings link article author Jennifer Oles
Stealth name servers should never listed as authorative!
* This scan was started because of this report: http://toolbar.netcraft.com/site_report?url=http://sbdforms.com
and the Nameserver given there.

My good friends, enjoy,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on May 19, 2015, 06:23:44 PM
Generate hashes online with this generator: http://www.sha1-online.com/
Example: $ echo -n \`\^\-\,\;\:\!\?\.\'\"\(\)\[\]\{\}\§\@\*\/\\\&\#\%\±\<\=\>\|\~\$\€ | openssl
Output  f44e3004f07d617b06f61b57803a7abe30d414fd  (shellshock bash bug)

fork bomb () { :; }; :(){ :|: & };: -> 57785764f85505a15dd38ea7ffab35bc43512136
Result for md5:  8cf37ff23da0423b9c167dc05b6217ea

Enjoy,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on May 21, 2015, 07:04:35 AM
Tested the avast forum site against Logjam PFS Deployment: Test A ServerGo
Warning! This site uses a commonly-shared 1024-bit Diffie-Hellman Group, and might be in range of being broken by a nation-state. It might be a good idea to generate a unique, 2048-bit group for the site.

Big Blue now safe, Firefox and Google Chrome still unpatched.
Due to the weakened export downgraded encryption (USA export encryption restrictions during the 90's and beyond caused this threat) Logjam is now a problem to be mitigated all over the world.
Server test can be found here: https://weakdh.org/sysadmin.html

polonus
Title: Re: Tests and other Media topics
Post by: bob3160 on May 21, 2015, 02:01:28 PM
Tested the avast forum site against Logjam PFS Deployment: Test A ServerGo
Warning! This site uses a commonly-shared 1024-bit Diffie-Hellman Group, and might be in range of being broken by a nation-state. It might be a good idea to generate a unique, 2048-bit group for the site.

Big Blue now safe, Firefox and Google Chrome still unpatched.
Due to the weakened export downgraded encryption (USA export encryption restrictions during the 90's and beyond caused this threat) Logjam is now a problem to be mitigated all over the world.
Server test can be found here: https://weakdh.org/sysadmin.html (https://weakdh.org/sysadmin.html)

polonus
It's actually the cyber crook that caused this problem. It's their exploitation of this 'weakness' that's the problem. :) (I'm being sarcastic.)
Title: Re: Tests and other Media topics
Post by: polonus on May 21, 2015, 03:46:43 PM
Hi bob3160,

And did not government promise recently they would no longer sit on these hacks, but to reveal them to us?  ;D

All your weakened encrypted traffic could be easily siphoned and decrypted by design, alas large parts of that traffic.
Read: http://www.dailydot.com/politics/logjam-vpn-top-sites-vulnerability/

UC Browser, very popular in China was deliberately being infested by NSA etc.: https://citizenlab.org/2015/05/a-chatty-squirrel-privacy-and-security-issues-with-uc-browser/

Intelligence services "helped" general internet security big time during recent years with their paranoia (ironic and sarcastic remark)  :()

polonus
Title: Re: Tests and other Media topics
Post by: DavidR on May 21, 2015, 04:12:16 PM
Tested the avast forum site against Logjam PFS Deployment: Test A ServerGo
Warning! This site uses a commonly-shared 1024-bit Diffie-Hellman Group, and might be in range of being broken by a nation-state. It might be a good idea to generate a unique, 2048-bit group for the site.

<snip>
polonus

I think the key (excuse the pun) here is might and being broken by a nation-state. When it comes to nation states, they might have the resources to break it, but you would have to wonder, would they want to I'm sure this type of stuff would have to be attractive enough to make it worthwhile.
Title: Re: Tests and other Media topics
Post by: polonus on May 21, 2015, 04:35:54 PM
Hi DavidR,

That is not the point here, whether government had the might to decrypt weakened encryption for global surveillance purposes. I understand we normally don't do that in our homes. The point is that it was done deliberately by having stronger encryption restrictions for everyone abroad and downgrading the initial encryption strenght to be able to decrypt.
Particular governments and big corporation entities worked hand in foot to achieve such a situation.

Who was asking for normal secure encryption strength to be deliberately and secretely lowered to an extent so that eavesdropping mode could be reached. Those with strong encryption were not endangered in the first place (cybercriminals etc.), the security of the normal law-abiding citizen was endangered big time and these citizens  weren't aware.

Now webmail and webserver admins all over the world have to clear up the mess after some parties could realize their global surveillance wet dreams. and parts of the internet will stay inherently insecure and dangerous in the aftermath.
Big Brother has arrived and he will never go away again.

polonus
Title: Re: Tests and other Media topics
Post by: bob3160 on May 21, 2015, 09:17:01 PM
Quote
Big Brother has arrived and he will never go away again.
Big Brother has been there since 2007 so this certainly isn't new.
Almost all the surveys I've read also confirm that most people don't care.
It's only some of the Geeks that seem to get their feathers ruffled any time one of theses articles comes out. :)
Title: Re: Tests and other Media topics
Post by: polonus on May 21, 2015, 11:05:20 PM
Hi bob3160,

Geeks or no geeks, it seems general security awareness is at an ever low ebb to-day. As you said it right, bob3160, the common user isn't interested that much. However some parties could do a much better job.. Education is where to start - we let toddlers have a smartphone or tablet very early in life. They can work it before they have even learnt to ride a little bike.

But we have also to eduate others. Users to better protect themselves and  website owners and hosters and server- and CMS-admins to better implement with security at heart. Our modern society as a whole and our very cybersecurity depends on it.

We should not want to tolerate insecure scripting anymore, not tolerate excessive header version info spreading to the world and hackers and attackers alike. No longer tolerate parties not to run latest updates and patches, configure the available header security in a way that is called best practices, not offer encryption from the weak end up, so cybercriminals and government entities can do their self-assigned deals.

Isn't there a better or more noble task for avast support, then to educate with security at heart for a safer and more secure internet. I like to be part of such a benevolent mission and has been in the past years thanks to Avast creating an opportunity to do so and add to user security. Yes and I am a proud Avast user and I have the best deals for Avast and Avast's friends at heart. Let us stand together and on the good side always.

polonus (volunteer website security analyst and website error hunter).
Title: Re: Tests and other Media topics
Post by: bob3160 on May 21, 2015, 11:58:15 PM
Quote
Education is where to start
I'm now in my 5th year of doing exactly that through the Avast sponsored security presentations (https://forum.avast.com/index.php?topic=78426.msg647360#msg647360). :)
Another way Avast is helping keep computer users secure and a bit more educated. :) The service is also totally free.
Title: Re: Tests and other Media topics
Post by: polonus on May 22, 2015, 12:51:49 AM
We all thank you for that, bob3160!
Users should have such pitch days!
These forums brought us a lot.
I am grateful.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on May 22, 2015, 02:21:37 PM
Logjam workaround for firefox:
Until patched you can:

Disable the insecure ciphers here:

(1) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.

(2) In the search box above the list, type or paste ssl3 and pause while the list is filtered

(3) Double-click the security.ssl3.dhe_rsa_aes_128_sha preference to switch it from true to false (this usually would be the first item on the list)

(4) Double-click the security.ssl3.dhe_rsa_aes_256_sha preference to switch it from true to false (this usually would be the second item on the list)

That's it, you can test using: https://www.ssllabs.com/ssltest/viewMyClient.html

Credits go to MozillaZine's jscher2000

polonus
Title: Re: Tests and other Media topics
Post by: polonus on May 22, 2015, 04:40:42 PM
Always surf encrypted via: https://encrypted.google.com/
See: http://toolbar.netcraft.com/site_report?url=https://encrypted.google.com
Issues: https://foundeo.com/products/iis-weak-ssl-ciphers/test.cfm?test_domain=encrypted.google.com
Good News! This site is safe from the Logjam attack. It supports ECDHE, and does not use DHE.
IP   Connected   TLS   Insecure DHE_EXPORT   DHE   Chrome
216.58.216.238         No   
Not Supported

ECDHE
2607:f8b0:4009:809::200e      

But vulnerable to Poodle:       Scan results
GOOGLE.COM:443 (216.58.219.206) - VULNERABLE   

Startpage SSL xpi can no longer be installed under Firefox (ESR) 38 : broken .

pol
Title: Re: Tests and other Media topics
Post by: polonus on May 22, 2015, 07:20:23 PM
HSTS Preloading: https://scotthelme.co.uk/hsts-preloading/
link article author -= Scott Helme.
https://blog.nvisium.com/2014/04/is-your-site-hsts-enabled.html
It being a double-edged sword: https://www.leviathansecurity.com/blog/the-double-edged-sword-of-hsts-persistence-and-privacy/
Also read here: http://stackoverflow.com/questions/10629397/how-to-disable-http-strict-transport-security
Already included: http://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.json
Included there is no guarantee for security: -braintreegateway.com -> Warning! This site uses a commonly-shared 1024-bit Diffie-Hellman group, and might be in range of being broken by a nation-state. It might be a good idea to generate a unique, 2048-bit group for the site.
IP   Connected   TLS   Insecure DHE_EXPORT   DHE   Chrome
204.109.13.100         No   Common 1024-bit Prime   ECDHE
The security header configuration for this site also has a lot of issues, see attached.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on May 23, 2015, 12:29:19 AM
Another test site and another test to take:
Safe.

We have examined your OS and browser version information and determined that an active vulnerability test was appropriate. Fortunately, your browser correctly aborted loading our test image upon seeing an invalid ServerKeyExchange message.

https://gotofail.com/#
And here: https://www.howsmyssl.com/
Verdict probably OK - (not tested here: Logjam Vulnerability (Experimental)
Your user agent is vulnerable. Upgrade as soon as possible.
But we do not have an update yet, hurry up Google developers,
because criminals on coffee-shop Wi-Fi networks are also abusing Logjam and not only state actors!

polonus
Title: Re: Tests and other Media topics
Post by: polonus on May 23, 2015, 03:25:50 PM
Logjam mitigating efforts and tests: https://news.ycombinator.com/item?id=9574408
Is avast VPN patched? Update your VPN Server: VPN servers that support IKEv1 protocol for encryption should be updated to disable any keysize less than 1024 bits – or better yet, use elliptical curve keys. Organizations should also consider using SSL VPN technology, which is better supported as its underlying OpenSSL is updated regularly against various encryption protocol vulnerabilities.
Read about affected Cloud Services: https://www.skyhighnetworks.com/cloud-security-blog/logjam-exposed-575-cloud-services-potentially-vulnerable-to-man-in-the-middle-attacks/

polonus
Title: Re: Tests and other Media topics
Post by: polonus on May 23, 2015, 07:46:26 PM
In the light of all the recent data breaches it is a good thing to test here:
https://haveibeenpwned.com/
Sometimes one can/could get a "Oh.no catastrophic failure!".

polonus
Title: Re: Tests and other Media topics
Post by: polonus on May 25, 2015, 12:55:11 AM
Still around Freak vulnerability
However, even if your browser is safe, certain third-party software, including some anti-virus products and adware programs, can expose you to the attack by intercepting TLS connections from the browser. If you are using a safe browser but our client test says you’re vulnerable, this is a likely cause.
Test here: https://freakattack.com/clienttest.html
Read: https://freakattack.com/
You can also test here (freak test included) - all not on IE are vulnerable to logjam: https://www.ssllabs.com/ssltest/viewMyClient.html

pol
Title: Re: Tests and other Media topics
Post by: polonus on May 26, 2015, 12:47:18 PM
Check your client against FREAK: https://freakattack.com/clienttest.html
Mozilla config recommendations: https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
Server test: https://www.ssllabs.com/ssltest/

polonus
Title: Re: Tests and other Media topics
Post by: bob3160 on May 26, 2015, 01:41:02 PM
Check your client against FREAK: https://freakattack.com/clienttest.html (https://freakattack.com/clienttest.html)
Mozilla config recommendations: https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations (https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations)
Server test: https://www.ssllabs.com/ssltest/ (https://www.ssllabs.com/ssltest/)

polonus
Must have learned something over the years. :)
(http://www.screencast-o-matic.com/screenshots/u/Lh/1432640423513-4078.png)
Title: Re: Tests and other Media topics
Post by: Lisandro on May 26, 2015, 10:07:00 PM
Mine passed too. I must have learned from Bob  :D
Title: Re: Tests and other Media topics
Post by: DavidR on May 26, 2015, 10:18:57 PM
Check your client against FREAK: https://freakattack.com/clienttest.html
Mozilla config recommendations: https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
Server test: https://www.ssllabs.com/ssltest/

polonus

I haven't changed a thing and mine doesn't fail nor does it pass as the site can't even run the test unless I allow NoScript for the site and allow RequestPolicy (continued) for the three other sites.

Only when I give implicit permission does the test run and complete and record "Good News! Your browser appears to be safe from the FREAK attack. "

This is why I rarely bother with these types of tests because of my locked down setup with NoScript and RequestPolicy it isn't going anywhere to test. The same should be correct for a live incident.
Title: Re: Tests and other Media topics
Post by: polonus on May 26, 2015, 10:46:25 PM
Hi DavidR,

Only minus here is that for logjam and freak NoScript and RequestPolicy do not protect.
You cannot be protected by neither NoScript nor RequestPolicy against RSA vulnerabilities.
You should be glad that you have checked the test that was provided here, seen in the line of SSL-weakening that is brought about by many a AV https-scan, read from someone who is concerned and where AV https scanning made users vulnerable to FREAK attack as we test: https://blog.hboeck.de/archives/869-How-Kaspersky-makes-you-vulnerable-to-the-FREAK-attack-and-other-ways-Antivirus-software-lowers-your-HTTPS-security.html  link article author = Hanno Bock
Why AV https scanning does not perform certifcate-pinning - why? Read here: https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning

polonus (trust what you test yourself)

To read Avast's official reaction from Deborah Salmi: https://blog.avast.com/2015/05/25/explaining-avasts-https-scanning-feature/

D
Title: Re: Tests and other Media topics
Post by: polonus on May 26, 2015, 11:18:36 PM
Certificate pinning is done in firefox by Certificate Patrol add-on: http://patrol.psyced.org/
Read here for background info: https://security.stackexchange.com/questions/16293/how-can-end-users-detect-malicious-attempts-at-ssl-spoofing-when-the-network-alr
Test: https://www.networking4all.com/en/support/tools/csr+check/
Quote
In Google Chrome: Accessing Certificates Via Address Bar
You can also view an SSL certificate directly from the address bar. Click on the padlock icon to the right of the website's address and then click the "View Certificate" link. The Certificate dialog box will open. Information about the SSL certificate appears immediately. Click the "Details" tab to view specific details, including encryption method, serial number and if the certificate is valid and then click "OK" to close the Certificate dialog box.
Quoted Info credits go to Nick Davies.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on May 27, 2015, 01:01:23 AM
Passed the Qualys Browser check for my pre-release version of Google Chrome browser:  ;D

Installed Version: 43.0.2357.81
Stable Version: 42.0.2311.152
Quote
Congratulations! You passed Qualys BrowserCheck.
We recommend you scan your browser regularly to stay up to date with the latest versions and plugins.

polonus

P.S. The logjam vulnerability will be patched with version 45.
Title: Re: Tests and other Media topics
Post by: polonus on May 29, 2015, 01:01:05 PM
Cybersecurity Tool Domain Tracker by Xen0ph0n. : http://www.dtrackr.com/

polonus
Title: Re: Tests and other Media topics
Post by: polonus on May 31, 2015, 11:52:37 AM
Check whether your router is secure: https://campaigns.f-secure.com/router-checker/

No issues were found

All is well. Have a nice day!

polonus
Title: Re: Tests and other Media topics
Post by: bob3160 on May 31, 2015, 02:40:00 PM
Check whether your router is secure: https://campaigns.f-secure.com/router-checker/ (https://campaigns.f-secure.com/router-checker/)

No issues were found

All is well. Have a nice day!

polonus
Using the "Scan for Network Threats" function in Avast also tells you that and a lot more. :)
(http://www.screencast-o-matic.com/screenshots/u/Lh/1433075733700-37611.png)


(http://www.screencast-o-matic.com/screenshots/u/Lh/1433075984216-72670.png)
Title: Re: Tests and other Media topics
Post by: polonus on May 31, 2015, 02:47:32 PM
The home computer with Avast on it is at home, gonna compare it when back home. ;D

pol
Title: Re: Tests and other Media topics
Post by: bob3160 on May 31, 2015, 06:25:07 PM
The home computer with Avast on it is at home, gonna compare it when back home. ;D

pol
I take my Avast with me wherever I go. :)
Title: Re: Tests and other Media topics
Post by: polonus on May 31, 2015, 06:29:18 PM
Hi bob3160,

Have to convince the neighbours here to install avast then,
but I have avast  always on my smartphone.

pol
Title: Re: Tests and other Media topics
Post by: bob3160 on May 31, 2015, 06:33:30 PM
Hi bob3160,

Have to convince the neighbours here to install avast then,
but I have avast  always on my smartphone.

pol
Since I have no problem convincing total stranger to do that on a regular basis, persuading a neighbor shouldn't be a problem for you. :)
Title: Re: Tests and other Media topics
Post by: polonus on June 12, 2015, 05:33:56 PM
L.S.

What browser extensions are violating your privacy by selling de-anonymized and geo-location rich user info to third parties.
Aggregated info with anonymized non-reconstructable user info and without reconstructable geo-location info is not considered a violation as such as you agreed to it by installing a free extension. Test with Extension Defender or through the Avast Privacy Module.
Reads also https://blog.torproject.org/blog/tor-browser-45-released  as Disconnect Search add-on was accused of such alleged abuse?

polonus
Title: Re: Tests and other Media topics
Post by: polonus on June 13, 2015, 07:48:54 PM
Code to permanently block Admob ads
Code: [Select]
(eg, inside a "if" block)

(LinearLayout) adscontainer = (LinearLayout) findViewById(R.id.adsContainer);

View admobAds = (View) findViewById(R.id.admobAds);

adscontainer.removeView(admobAds);
private void hideAd() {
    final AdView adLayout = (AdView) findViewById(R.id.adView1);
    runOnUiThread(new Runnable() {
        @Override
        public void run() {
            adLayout.setEnabled(false);
            adLayout.setVisibility(View.GONE);
        }
    });
}
credits go to Quartertone & Chris Dryden

polonus

Title: Re: Tests and other Media topics
Post by: polonus on June 15, 2015, 12:26:46 PM
Will https be securing access to wikimedia? Re: https://blog.wikimedia.org/2015/06/12/securing-wikimedia-sites-with-https/
Read: https://en.wikipedia.org/wiki/Censorship_of_Wikipedia
Quote
To perform the 'Website Test behind the Great Firewall of China', the monitoring agent resolves the domain name from selected location in China, connects to the test website and downloads the complete HTML content. The test results display DNS lookup time, time to connect, time to download the first byte and time to download the complete HTML of the tested web site. The total response time shows how long it takes for your website to download.
-> http://www.websitepulse.com/help/testtools.china-test.html
Tested From:   Shanghai, China
Tested At:   2015-06-15
10:24:51 (GMT +00:00)
URL Tested:   https://blog.wikimedia.org/2015/06/12/securing-wikimedia-sites-with-https/
Resolved As:   192.0.79.33
Status:   OK
Response Time:   22.845 sec
DNS:   14.009 sec
Connect:   1.085 sec
Redirect:   0.000 sec
First Byte:   2.629 sec
Last Byte:   5.122 sec
Size:   52685 bytes

polonus
Title: Re: Tests and other Media topics
Post by: polonus on June 16, 2015, 12:00:26 PM
Avast's latest real world test results: http://chart.av-comparatives.org/chart1.php

polonus
Title: Re: Tests and other Media topics
Post by: polonus on June 17, 2015, 06:31:37 PM
Patch logjam vulnerability in Google Chrome with SSL Locker: https://ssllocker.com/download.html

First download the latest version Chrome or update to at least Chrome ver 41
When using the latest Chrome and ChromeLocker Poodle, FREAK, Bar Mitzvah, Logjam
and other MiTM vulnerabilities are mitigated.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on June 21, 2015, 06:13:23 PM
Re: http://d3xt3r.com/dashboard?check_ip=117.169.1.165
Blacklisted and spammer: https://www.stopforumspam.com/ipcheck/117.169.1.165
and http://www.ip-finder.me/117.169.1.165/
and http://www.projecthoneypot.org/ip_117.169.1.165
and here: http://www.blocklist.de/en/view.html?ip=117.169.1.165
and http://www.liveipmap.com/117.169.1.165
and here: https://cleantalk.org/blacklists/117.169.1.165
and http://ozzed.net/spamburp/Index.asp?page=1&sort=8
and (not safe): htxps://fspamlist.com/index.php?c=latest

polonus

And a check and test site as bonus:
http://www.check-and-secure.com/portcheck/_en/
http://www.check-and-secure.com/ipcheck/_en/solution/clean.php

D
Title: Re: Tests and other Media topics
Post by: polonus on June 22, 2015, 04:25:14 PM
A proxy could mean a threat, because of (alleged) traffic-manipulation.
The use of it is therefore not advisable. Anyway, some do...
Check proxies here: https://proxycheck.haschek.at/
And: http://urlchecker.org/proxy
See: http://proxyipchecker.com/
Read: https://blog.haschek.at/post/fd9bc

pol
Title: Re: Tests and other Media topics
Post by: polonus on June 23, 2015, 04:36:12 PM
User Agent track site: http://www.botsvsbrowsers.com/SimulateUserAgent.asp
Toggle -> https://www.dephormation.org.uk/?page=81
Test your browser for trackability: https://panopticlick.eff.org/
User Agent Switcher for Chrome: https://chrome.google.com/webstore/detail/user-agent-switcher-for-c/djflhoibgkdhkhhcedjiklpkjnoahfmg

pol
Title: Re: Tests and other Media topics
Post by: polonus on June 25, 2015, 10:49:12 AM
Question? How can I check whether Google Translate Chinese is working correctly?
There is a big difference in Chinese between brother (either "big brother" or "little brother") with sister there is a similar difference with additional strokes. How can I check it works correctly?
I was a proctor at an exam in Mandarin Chinese and now just curious...

Anyone.

polonus
Title: Re: Tests and other Media topics
Post by: Asyn on June 25, 2015, 01:16:35 PM
Question? How can I check whether Google Translate Chinese is working correctly?
Only native speakers can answer that, you could ask in the Chinese section of the forum.

Groetjes,
Asyn
Title: Re: Tests and other Media topics
Post by: bob3160 on June 25, 2015, 01:17:17 PM
Question? How can I check whether Google Translate Chinese is working correctly?
There is a big difference in Chinese between brother (either "big brother" or "little brother") with sister there is a similar difference with additional strokes. How can I check it works correctly?
I was a proctor at an exam in Mandarin Chinese and now just curious...

Anyone.

polonus
See if this does the trick for you:
http://www.word2word.com/free.html (http://www.word2word.com/free.html)
Title: Re: Tests and other Media topics
Post by: polonus on July 04, 2015, 04:56:55 PM
Test your IP version 6 readiness here: http://ip6.nl/

Another test do the vulnerability test on the JQuery version of a webpage: http://domstorm.skepticfx.com/modules?id=529bbe6e125fac0000000003 - http://domstorm.skepticfx.com/modules/run?id=529bbe6e125fac0000000003

A JQuery bookmarklet - http://www.learningjquery.com/2009/04/better-stronger-safer-jquerify-bookmarklet/
It's a nice little tool that allows you to play around with jQuery on a page that doesn't already have jQuery loaded and see the results immediately - either "This page is now jQuerified" or "This page was already jQuerified."

polonus
Title: Re: Tests and other Media topics
Post by: bob3160 on July 04, 2015, 05:38:13 PM
Test your IP version 6 readiness here: http://ip6.nl/ (http://ip6.nl/)

Another test do the vulnerability test on the JQuery version of a webpage: http://domstorm.skepticfx.com/modules?id=529bbe6e125fac0000000003 (http://domstorm.skepticfx.com/modules?id=529bbe6e125fac0000000003) - http://domstorm.skepticfx.com/modules/run?id=529bbe6e125fac0000000003 (http://domstorm.skepticfx.com/modules/run?id=529bbe6e125fac0000000003)

A JQuery bookmarklet - http://www.learningjquery.com/2009/04/better-stronger-safer-jquerify-bookmarklet/ (http://www.learningjquery.com/2009/04/better-stronger-safer-jquerify-bookmarklet/)
It's a nice little tool that allows you to play around with jQuery on a page that doesn't already have jQuery loaded and see the results immediately - either "This page is now jQuerified" or "This page was already jQuerified."

polonus
(http://www.screencast-o-matic.com/screenshots/u/Lh/1436024235780-73631.png)
Title: Re: Tests and other Media topics
Post by: Para-Noid on July 04, 2015, 07:55:50 PM
Introducing Free Global Website Performance Tool

https://blog.sucuri.net/2015/05/introducing-free-global-website-performance-tool.html?utm_campaign=Performance%20Tool&utm_content=17556994&utm_medium=social&utm_source=googleplus

How fast is your site? You can test here the performance of any of your sites from across the globe.

https://performance.sucuri.net/?utm_campaign=Performance%20Tool&utm_medium=social&utm_source=googleplus
Title: Re: Tests and other Media topics
Post by: polonus on July 05, 2015, 01:57:45 PM
Problems with your Internet connection,
There is something you could do for starters, that is test it:
[Windows-key]r key combination -> cmd.exe (in admin mode only, else you are not allowed to flushdns)
nslookup www.quantum.com    (your providers address - just a random example)
ipconfig /flushdns
nslookup www.quantum.com 8.8.8.8

Report to a qualified remover here for instance what results you got for 2 nslookup commands.
Of course you could test another dns-entry, do by all means, preferably one that gives DNS-issues/problems for you  (in  Internet Explorer). Info credits go to Tijs, Tera Honourable Senior Member

polonus
Title: Re: Tests and other Media topics
Post by: polonus on July 05, 2015, 04:51:38 PM
Run your code through the sniffer here: http://squizlabs.github.io/HTML_CodeSniffer/

enjoy,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on July 06, 2015, 09:30:04 PM
A test site for Moble Friendliness of Webpages, also rather interesting for folks like Polonus, volunteer website analyst regarding insecurities on sites. Enjoy this test site, folks, enjoy: http://mobilefriendlytest.website/index.php

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on July 07, 2015, 05:51:17 PM
To save offline and analyze - WinHTTrack Website Copier 3.48-21
(Ons fouten en problemen mede te delen)

Ontwikkeling:
Interface (Windows): Xavier Roche
Spider: Xavier Roche
JavaParserClasses: Yann Philippot

(C)1998-2003 Xavier Roche and other contributors
MANY THANKS for Dutch translations to:
Rudi Ferrari (Wyando@netcologne.de)

Bezoek onze webpagina :
http://www.httrack.com

Combined with analyzer SensePost Wikto 2.1. http://sensepost-wikto.software.informer.com/download/
Wikto is Nikto for Windows - but with a couple of fancy extra features including fuzzy logic error code checking, a back-end miner, Google-assisted directory mining and real time HTTP request/response monitoring.

Wikto is not a web application scanner. It is totally unaware of the application (if any) that’s running on the web site. Wikto will not look for SQL injection problems, authorization problems etc. on a web site. It is also not a network level scanner – so it won’t try to find open ports, or see if the web site is properly firewalled. Wikto rather operates between these two levels – it tries to, for instance, find interesting directories and files on the web site, it looks for sample scripts that can be abused or finds known vulnerabilities in the web server implementation itself.

Enjoy, enjoy, but be aware of all the legal implications for your country using the software
only for websites where you have explicit written permission to scan (e.g. websites you own),
in all other circumstances do not scan any website directly - use so-called third party cold reconnaissance scanning.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on July 12, 2015, 10:22:39 PM
Hi my good friends,

Who is using this.
Adopted as a userscript in Tampermonkey -> http://downyours.org/?filters_484a7c06c4b8474f8853a42eb790a0dee87fc3f8b64c485cb9ce6832b35dc67b

polonus
Title: Re: Tests and other Media topics
Post by: polonus on July 14, 2015, 10:49:05 PM
Make your own bookmarklets and drag the links created onto your bookmark toolbar in the browser.
Create the bookmarklet yourself  here http://mrcoles.com/bookmarklet/ with this code to remove bloat from a page
Code: [Select]
javascript:(function()%7Balert(%22test!%22)%20javascript%3A(function()%7Bfunction%20R(w)%7Btry%7Bvar%20d%3Dw.document%2Cj%2Ci%2Ct%2CT%2CN%2Cb%2Cr%3D1%2CC%3Bfor(j%3D0%3Bt%3D%5B%22object%22%2C%22embed%22%2C%22applet%22%2C%22iframe%22%5D%5Bj%5D%3B%2B%2Bj)%7BT%3Dd.getElementsByTagName(t)%3Bfor(i%3DT.length-1%3B(i%2B1)%26%26(N%3DT%5Bi%5D)%3B--i)if(j!%3D3%7C%7C!R((C%3DN.contentWindow)%3FC%3AN.contentDocument.defaultView))%7Bb%3Dd.createElement(%22div%22)%3Bb.style.width%3DN.width%3B%20b.style.height%3DN.height%3Bb.innerHTML%3D%22%3Cdel%3E%22%2B(j%3D%3D3%3F%22third-party%20%22%2Bt%3At)%2B%22%3C%2Fdel%3E%22%3BN.parentNode.replaceChild(b%2CN)%3B%7D%7D%7Dcatch(E)%7Br%3D0%7Dreturn%20r%7DR(self)%3Bvar%20i%2Cx%3Bfor(i%3D0%3Bx%3Dframes%5Bi%5D%3B%2B%2Bi)R(x)%7D)()%7D)()
  and this code to rewrite redirects
Code: [Select]
javascript:(function(){var k,x,t,i,j,p; for(k=0;x=document.links[k];k++){t=x.href.replace(/[%]3A/ig,':').replace(/[%]2f/ig,'/');i=t.lastIndexOf('http');if(i>0){ t=t.substring(i); j=t.indexOf('&'); if(j>0)t=t.substring(0,j); p=/https?\:\/\/[^\s]*[^.,;'">\s\)\]]/.exec(unescape(t)); if(p) x.href=p[0]; } else if (x.onmouseover&&x.onmouseout){x.onmouseover(); if (window.status && window.status.indexOf('://')!=-1)x.href=window.status; x.onmouseout(); } x.onmouseover=null; x.onmouseout=null; }})();
Enjoy,

polonus
Title: Re: Tests and other Media topics
Post by: Para-Noid on July 14, 2015, 11:14:52 PM
https://sitecheck.sucuri.net/?utm_campaign=SiteCheck&utm_medium=social&utm_source=googleplus
https://www.youtube.com/watch?v=su6fAaBAULg&feature=autoshare
Title: Re: Tests and other Media topics
Post by: polonus on July 16, 2015, 02:31:53 PM
Validate your SSL connection strength: https://calomel.org/firefox_ssl_validation.html
You could combine this with the Netcraft extension report.
And of course a Qualys SSL scan: https://www.ssllabs.com/ssltest
or the other tests as given in this thread earlier.

polonus
Title: Re: Tests and other Media topics
Post by: Para-Noid on July 21, 2015, 05:40:56 PM
How fast is your site? You can test here the performance of any of your sites from across the globe.

https://performance.sucuri.net/?utm_campaign=Performance%20Tool&utm_medium=social&utm_source=googleplus
Title: Re: Tests and other Media topics
Post by: bob3160 on July 21, 2015, 05:51:05 PM
How fast is your site? You can test here the performance of any of your sites from across the globe.

https://performance.sucuri.net/?utm_campaign=Performance%20Tool&utm_medium=social&utm_source=googleplus (https://performance.sucuri.net/?utm_campaign=Performance%20Tool&utm_medium=social&utm_source=googleplus)
Thanks :)
(http://www.screencast-o-matic.com/screenshots/u/Lh/1437493822213-53383.png)
Title: Re: Tests and other Media topics
Post by: polonus on July 28, 2015, 06:15:50 PM
Here on the avast official support forums various users use all sort of website scan sites.
The results of such scans  may set us at ease or
they may encourage us to just look again or avoid to visit a particular website, url, uri....

As our friend Para-Noid has learned us: "You can only trust what you have tested yourself".

And as his forum friend I'd wholeheartedly agree with this Para_Noid's credo.
It is a home-ringing truth, my dear avast friends,

Now we may ask in all earnesty: "Who can we really still trust online these days?".

We have bookmarklets to detect whether a site has JQuery and what (vulnerable) version.
On this fine page we also find fine vulnerability scanners for WP and Joomla CMS results
on websites and more scans and tools: https://hackertarget.com

Another  interesting website to find out about what technologies are being used to be used
on a particular website can be found here:
http://pagexray.com/site/  x      for  x give in the domain of site you wanna check.

enjoy, my good friends, enjoy,,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on July 28, 2015, 07:00:29 PM
Various handy utilities to be found here: http://www.nothink.org/utilities.php

Links presented as is. Only to be used when given pertinent written permission to test
or to test on your own website and scripts.

Never go to websites directly, always know your legal position when using scans, if not certain refrain from using,
like with Dazzlepod scan results or Qualys server scan results. The info gained there is not be used against thos scanned.
Qualys Scan Results are not to be given.

You are never to use info gained by cold reconnaissance third party scanning against a particular website/domain. which you do not own. Sometimes you can give a certain scan link (broken), but are not to give the scan result data.

An intersting example of all you can find at this address: http://www.danstools.com/javascript-obfuscate/
Know that in malware loads of so-called pseudo-script and script-obfuscation is used to mislead detection.
so whenever we experiebce obfuscated script it should be a reason to be alert.
As Para-Noid states: "You can only fully trust, what you have tested yourself".

enjoy, my good friends, enjoy,

Damian
Title: Re: Tests and other Media topics
Post by: polonus on July 29, 2015, 06:18:02 PM
A nice chrome extension to prevent type-behavioral profiling, Keyboard privacy, one you should have:
https://chrome.google.com/webstore/detail/keyboard-privacy/aoeboeflhhnobfjkafamelopfeojdohk

pol

P.S. Where you need secure connection and it does not matter, your bank website for instance, disable the extension.
So toggle to `on´ when privacy goes over security, `off´ when security goes over privacy.

Keyboord Privacy seems the extension to save Tor users to be de-anonimyzed by their type profile.
The cat and mouse game between protection and monitoring forces goes on and on...


Damian
Title: Re: Tests and other Media topics
Post by: polonus on July 29, 2015, 06:27:24 PM
Create your own bookmarklets using JQuery: http://benalman.com/code/test/jquery-run-code-bookmarklet
and http://benalman.com/projects/run-jquery-code-bookmarklet/

A fine javascript bookmarklet generator is to be found here: http://mrcoles.com/bookmarklet/

To check a webpage for JQuery, look for it here and drag onto the bookmark bar: http://www.learningjquery.com/2009/04/better-stronger-safer-jquerify-bookmarklet

polonus
Title: Re: Tests and other Media topics
Post by: Para-Noid on July 29, 2015, 08:04:37 PM
Analyzing a Facebook Clickbait Worm

https://blog.sucuri.net/2015/06/analyzing-a-facebook-clickbait-worm.html?utm_campaign=Learn%20how%20to%20avoid%20becoming%20a%20victim%20of%20Facebook%20ClickBait%20Blogpost&utm_medium=social&utm_source=googleplus
Title: Re: Tests and other Media topics
Post by: polonus on July 30, 2015, 12:58:53 PM
For VPN users of Chrome, prevent leaking non-public IP addresses with this extension: https://chrome.google.com/webstore/detail/webrtc-network-limiter/npeicpdbkakmehahjeeohfdhnlpdklia
Another protection against this read-out via javascript methods is the use of NoScript, uMatrix, and Tor-Guard.
To diable it in the Google Chrome browser settings, give in in the address bar: "chrome://flags/" and set "Disable WebRTC device enumeration" to on. In firefox in the address bar give in "about:config" and then set "media.peerconnection.enabled" to "false". Or as said use the versatile overall protection of the NoScript extension in firefox, and uMatrix in Google Chrome.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on July 30, 2015, 02:14:32 PM
Interesting about what your browser knows about you:
https://isc.sans.edu/forums/diary/Psst+Your+Browser+Knows+All+Your+Secrets/16415/

link article author = sally Vandeven

Curious ->  just open a command prompt and run:

set SSLKEYLOGFILE=c:\sslKeyLogFile.txt

Know that Bitdender products may  ruin "SSL" through installing an all purpose root certificate, so one can no longer see the validation path and it also is not checking for revocation.
This can be disabled by locally deleting the root CA and disabling the SSL scan option, so Bitdefender can no longer interfere,
but for users that want to enforce SSL (like with https: everywhere) this is no option.
Forum users that use Bitdefender, and I know some here that are, should be aware of such facts.

Avast has a far better SSL-scanning feature  ;D as we know from avast team members here.

We know Mozilla NSS has mentioned feature, MS might have it also,
but then  if it was/is the feature never was known to the public.
Info-credits go to Secu_jay.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on July 30, 2015, 03:14:15 PM
Is Microsoft's Edge browser as safe as the Google CXhrome browser?
Trend Micro says yes, both Edge and Chrome are more secure than firefox is.
Re: http://blog.trendmicro.com/trendlabs-security-intelligence/windows-10s-new-browser-microsoft-edge-improved-but-also-new-risks
Title: Re: Tests and other Media topics
Post by: polonus on July 30, 2015, 06:07:50 PM
Whenever you have privacy concerns try this free solution, Tails, https://tails.boum.org/
Why you should do this: https://tails.boum.org/
Why: http://arstechnica.com/gadgets/2013/10/googles-iron-grip-on-android-controlling-open-source-by-any-means-necessary/

polonus

P.S. Tails is better protected from type profiling yp de-anonimyze tor users with the keyboard privacy plug-in.

D
Title: Re: Tests and other Media topics
Post by: polonus on July 30, 2015, 07:00:09 PM
Yes, and when you live in the EU install CookiesOK when you stumble upon a cookie-wall: https://chrome.google.com/webstore/detail/cookiesok/afmkbjoakcacgljcdccofbffloabfbni
or https://addons.mozilla.org/firefox/addon/cookiesok/
or https://addons.opera.com/en/extensions/details/cookiesok

pol
Title: Re: Tests and other Media topics
Post by: polonus on August 04, 2015, 02:37:36 PM
Coalition annoucing new DNT standards: : https://www.eff.org/press/releases/coalition-announces-new-do-not-track-standard-web-browsing - The new DNT standard is not an ad- or tracker-blocker, but it works in tandem with these technologies.
As it is a voluntary measure your privacy is depending on what certain parties honor and what not. I even suspect ABP to be more commercially inclined (showing "unobtrusive" ads they were paid to let through) then purely being a tracking blocker.

Nowhere I read about new tracking procedures like canvas printing tracking for which I use a special extension.
In my option the new DNT standards do nothing against malvertising and SEO Spam (Google cannot even stop it with a big hidden team of experts trying to stem i in,, it is an endless excercise that does not seem to work somehow).
I rather use uBlock Origin then ABP and I use Anti-Adblock Killer 8.2.

With DuckDuckGo I do not see Avast Online Security info, I do not see Bitdefender TrafficLight info, DrWeb URL cheker info (I can scan that url seperately, but that is not what I want), I only see WOT results. n with DuckDuckGo Extended running from Tampermonkey I haven't the same functionality as on the Google Searchpage or Ixquick or startpage. With these alternatives I miss the so-called "road signs" what destinations to avoid. Allthough I participate on WOT as "luntrus" having only these results shown on a search page is a bit meagre to my liking.

I think the whole thing is purely cosmetic camouflage, why they have no deal on blocking ads from Windows gadgets for instance or using adblockers on Google's Android OS. There personalized ad-targeting has won and we see EEF's full compliance, at least I haven't heard a word of protest as there we cannot even stop tracking nor protect/block when such ads get malvertised. Malvertising campaigns is the main and only reason polonus want to be able to block all ads.
It would be better if they could have made a model where users pay to surf absolutely ad-free.

The best solution so far is using script blockers like NoScript and RequestPolicy in firefox to toggle what you wanna block per se. In Google Chrome I have uMatrix where I canb selectively block cookie, css, picture, plug-in, script, XHR, frame, others- here on this page for avast.com and for the present domain with avast.com, google-analytics com  and www.google-analytics com. I can block 9 cookies, 6 images, 2 scripts from running. In Chrome I also have the StopTracking extension running.

polonus


P.S. What is funny that on a link where the new DNS policy was discussed. e.g. http://webwereld.nl/markttrends/87656-adblock-en-duckduckgo-brengen-echte-do-not-track# I had to block a link to -http://track.adform.net/
and encountered this: http://toolbar.netcraft.com/site_report?url=http://script.leadboxer.com

How could they come to DNT when all of the Internet is just about this one activity, is beyond me. First you totally surrender and then you start to scream no-one respects your privacy anymore.  :(

Damian
Title: Re: Tests and other Media topics
Post by: mchain on August 04, 2015, 07:40:08 PM
Coalition annoucing new DNT standards: : https://www.eff.org/press/releases/coalition-announces-new-do-not-track-standard-web-browsing - The new DNT standard is not an ad- or tracker-blocker, but it works in tandem with these technologies.
As it is a voluntary measure your privacy is depending on what certain parties honor and what not. I even suspect ABP to be more commercially inclined (showing "unobtrusive" ads they were paid to let through) then purely being a tracking blocker.

Nowhere I read about new tracking procedures like canvas printing tracking for which I use a special extension.
In my option the new DNT standards do nothing against malvertising and SEO Spam (Google cannot even stop it with a big hidden team of experts trying to stem i in,, it is an endless excercise that does not seem to work somehow).
I rather use uBlock Origin then ABP and I use Anti-Adblock Killer 8.2.

With DuckDuckGo I do not see Avast Online Security info, I do not see Bitdefender TrafficLight info, DrWeb URL cheker info (I can scan that url seperately, but that is not what I want), I only see WOT results. n with DuckDuckGo Extended running from Tampermonkey I haven't the same functionality as on the Google Searchpage or Ixquick or startpage. With these alternatives I miss the so-called "road signs" what destinations to avoid. Allthough I participate on WOT as "luntrus" having only these results shown on a search page is a bit meagre to my liking.

I think the whole thing is purely cosmetic camouflage, why they have no deal on blocking ads from Windows gadgets for instance or using adblockers on Google's Android OS. There personalized ad-targeting has won and we see EEF's full compliance, at least I haven't heard a word of protest as there we cannot even stop tracking nor protect/block when such ads get malvertised. Malvertising campaigns is the main and only reason polonus want to be able to block all ads.
It would be better if they could have made a model where users pay to surf absolutely ad-free.

The best solution so far is using script blockers like NoScript and RequestPolicy in firefox to toggle what you wanna block per se. In Google Chrome I have uMatrix where I canb selectively block cookie, css, picture, plug-in, script, XHR, frame, others- here on this page for avast.com and for the present domain with avast.com, google-analytics com  and www.google-analytics com. I can block 9 cookies, 6 images, 2 scripts from running. In Chrome I also have the StopTracking extension running.

polonus


P.S. What is funny that on a link where the new DNS policy was discussed. e.g. http://webwereld.nl/markttrends/87656-adblock-en-duckduckgo-brengen-echte-do-not-track# I had to block a link to -http://track.adform.net/
and encountered this: http://toolbar.netcraft.com/site_report?url=http://script.leadboxer.com

How could they come to DNT when all of the Internet is just about this one activity, is beyond me. First you totally surrender and then you start to scream no-one respects your privacy anymore.  :(

Damian
Agree with you there.  Of note is duckduck go webpage, no one seems to support anything there other than WOT for ratings purposes, on all sites displayed there, not even avast online security.  Could be that this website is doing what it says it is doing, not allowing invasive privacy tracking to occur from within it, as it is general knowledge every privacy extension you put on your browser can report to the creator of that extension applet without your explicit user interaction or consent.

But, just moving off that page is no guarantee of continued privacy when going to another site off of it.  DuckDuckgo also actively moderates what their users can see on it as well. 

Notwithstanding that, for my purposes, it works well and is safer to use than Google, imo.  DNT is not what it says it is.
Title: Re: Tests and other Media topics
Post by: Para-Noid on August 04, 2015, 08:12:42 PM
Common Website Security Terminology Defined

https://blog.sucuri.net/2015/07/common-website-security-terminology-defined.html?utm_campaign=Common%20Website%20Security%20Terminology%20Defined%20Blogpost&utm_medium=social&utm_source=googleplus

WP-CLI Guide: Secure WordPress Backup and Update

https://blog.sucuri.net/2015/07/wp-cli-guide-secure-wordpress-backup-update.html?utm_campaign=WP-CLI%20Guide%3A%20Secure%20WordPress%20Backup%20and%20Update&utm_medium=social&utm_source=googleplus
Title: Re: Tests and other Media topics
Post by: polonus on August 05, 2015, 12:11:16 PM
A question to the forum users,
Who uses the wonderful protection of uMatrix extension inside Google Chrome or inside Firefox?

It keeps you in full control of where your browser is allowed to connect for all domains, the present domain, and for all third party domains (some domains are blocked as by default like google.analytics etc. etc.) You can toggle for blocking/unblocking per cookie, css, image, plug-in, script, XHR, frame, others. Red is blocked and green is allowed to connect. You can turn the filtering off per website. You can save all temp. changes for a website or delete such temp. settings. Renew the page from inside uMatrix. Visit the logger.
You can set spoofing for agent (on/off), referer spoofing (on/off)and strict HTTPS (on/off). You can delete all temp. changes to the default settings under + or g to the dashboard. You can change settings for visibility, use block lists, use your own permanent and temp. filters. I think it is so versatile anyone can learn to use it and even as per default it gives loads of protection.

Like to hear your reactions,

polonus
Title: Re: Tests and other Media topics
Post by: Lisandro on August 05, 2015, 01:10:00 PM
A question to the forum users,
Who uses the wonderful protection of uMatrix extension inside Google Chrome or inside Firefox?
I use.
Title: Re: Tests and other Media topics
Post by: Para-Noid on August 05, 2015, 11:29:34 PM
The Business of Security: The Nitty Gritty of Running a Multi-Million Dollar Business

http://www.slideshare.net/SucuriSecurity/the-business-of-security-the-nitty-gritty-of-running-a-multimillion-dollar-business?utm_campaign=The%20Business%20of%20Security%3A%20The%20Nitty%20Gritty%20of%20Running%20a%20Multi-Million%20Dollar%20Business%20Slideshare&utm_medium=social&utm_source=googleplus
Title: Re: Tests and other Media topics
Post by: polonus on August 08, 2015, 01:39:32 AM
HTML5 Canvas Fingerprinting test: https://www.browserleaks.com/canvas
On the project: https://github.com/Valve/fingerprintjs
See how it is supported in the browser: http://caniuse.com/#search=canvas
Test: http://www.html5accessibility.com/tests/canvas.html
Protection: http://fingerprint.pet-portal.eu/?menu=6  and now also via Privacy Badger extension.

Quite annother form of Figerprinting: https://www.grc.com/fingerprints.htmDomain Name   Certificate Name   EV   Security Certificate's Authentic Fingerprint   Click to view complete certificate chain
forum.avast.com   *.avast.com   —   DF:57:EC:1C:3A:4D:EE:B2:55:46:5F:26:08:0B:8E:92:74:4A:D8:00

Test the uniqueness of your browser and what it revealse: https://panopticlick.eff.org/index.php?action=log&js=yes
See Content Filtering and Proxy Detection in my browser attached.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on August 08, 2015, 01:38:04 PM
Hi folks,
Quote taken from browserleaks
Quote
Disable WebRTC in Chrome
WebRTC in Google Chorme is supported and enabled by default since Chorme version 23 (and based on it, ex. Opera, Vivaldi).

Bad news:

You CAN'T turn off WebRTC on desktop version of Google Chrome, Disable WebRTC flag is available only on Android.

Good news:

There is a Chrome Extension: WebRTC Block.

Extension hides your public IP when you're behind VPN. It will leak only VPN's public IP, but not your real provider IP address! Extension also hides your Local/NAT IP addresses.

Unfortunately, if you're behind proxy but not VPN, WebRTC Block will not help you.

I can't do anything, and no one can. This piece of the periodic table is ****ed by design. So PLEASE stop insulting me on mail and webstore that it's "NOT WORKING !!!" :)

Just use FF. There is no drama.
This is further proof for me that the Google Chrome browser  is one giant tracking machine by default -
Looking at the extension the developer of it states:
Quote
Disable WebRTC in Your Web Browser!
At the moment, there is no way to completely  Block WebRTC in Google Chrome.

I should say sorry, but I cant just rename the extension.


Google Chrome is putting some individuals at risk here, read: https://productforums.google.com/forum/#!topic/chrome/QN7jleWJawY

But this works, alas not on Android, go to address bar and type chrome://flags/#disable-webrtc

polonus
Title: Re: Tests and other Media topics
Post by: bob3160 on August 08, 2015, 04:04:04 PM
Hi folks,

(Snip)

polonus
More information and a discussion on this topic at:
https://code.google.com/p/chromium/issues/detail?id=333752 (https://code.google.com/p/chromium/issues/detail?id=333752)
Title: Re: Tests and other Media topics
Post by: polonus on August 08, 2015, 04:11:34 PM
Are you safe via a VPN, test here : https://www.privacytools.io/webrtc.html
I was secure here: https://frankfurt-s02-i01.cg-dialup.net/go/browse.php?u=https://www.privacytools.io/webrtc.html&b=7&f=norefer
Read here why users should use firefox rather than chrome: https://www.privacytools.io/#webrtc

polonus
Title: Re: Tests and other Media topics
Post by: polonus on August 09, 2015, 11:42:58 PM
When you detect website malware every day all of the day, like I do, I'd also like to test a domainn for SSL Protocol Support.
We can test here: https://foundeo.com/products/iis-weak-ssl-ciphers/test.cfm?test_domain=m-pathy.com
Nice candidates for weaknesses are to be found here: https://www.eff.org/https-everywhere/atlas/domains/m-pathy.com.html
That is why I haven't set hhtps as per default.
Browser JSGuard is an extension that will alert you when your log-in data go in plain txt over the wire.
For instance what is wrong here: https://www.m-pathy.com/
Well let us start here and that is not encouraging:
HTTP Server: Apache HTTP Server 2.4.10
PHP Version: 5.3.26 (Outdated)

The protocol settings:
Protocol   Status   Recommendation
SSLv2   SSLv2 is Disabled   SSLv2 is weak and should be disabled. More information.
SSLv3   SSLv3 is Disabled   Consider disabling SSLv3 to mitigate the POODLE attack. Should be disabled for PCI DSS 3.1 Compliance
TLSv1   TLSv1 is Enabled   TLSv1 may be enabled for existing implementations, however PCI DSS 3.1 § 2.2.3 states that: SSL and early TLS are not considered strong cryptography and cannot be used as a security control after June 30, 2016. Prior to this date, existing implementations that use SSL and/or early TLS must have a formal Risk Mitigation and Migration Plan in place. Effective immediately, new implementations must not use SSL or early TLS
TLSv1.1   TLSv1.1 is Enabled   TLSv1.1 may be enabled for existing implementations, however PCI DSS 3.1 § 2.2.3 states that: SSL and early TLS are not considered strong cryptography and cannot be used as a security control after June 30, 2016. Prior to this date, existing implementations that use SSL and/or early TLS must have a formal Risk Mitigation and Migration Plan in place. Effective immediately, new implementations must not use SSL or early TLS. Some assert that the term early TLS includes both TLS 1.0 and 1.1, check with your PCI QSA.
TLSv1.2   TLSv1.2 is Enabled   TLS 1
Certicate problem for one IP: https://www.ssllabs.com/ssltest/analyze.html?d=m-pathy.com
E-commerce Safety Information
Transaction Protection
Certified SSL is used to encrypt transactions
SSL Issuer: AlphaSSL CA - SHA256 - G2
SSL Expires: 2018-02-19 01:26:54 UTC
See also: http://toolbar.netcraft.com/site_report?url=https://www.m-pathy.com

polonus
Title: Re: Tests and other Media topics
Post by: bob3160 on August 09, 2015, 11:46:53 PM
Most people, unless like you they are looking for malware, hardly ever "run into it" provided the are reasonably protected.
I haven't received a warning about running into a malicious website or an infection in a very, very long time. :)


Title: Re: Tests and other Media topics
Post by: polonus on August 10, 2015, 12:17:26 AM
Hi bob3160,

When you are surfing with Google Chrome you often run into SSL sites that do not have the full green padlock.
You´d never click the yellow triangle showing there is also insecure content on a site that does not go via ssl.  :o
I often still see a lot of sites like this for instance : IEEE Xplore Abstract - Browser JS Guard: Detect... padlock icon
ieeexplore.ieee.org
Alerts (1)
Insecure login (1)
Password will be transmited in clear to http://ieeexplore.ieee.org/servlet/LoginModalController

When the green padlock is missing and I see such red alerts and I investigate and other users should also hesitate and check what they are going to do there and whether their info is safe going to that site or log-in.

polonus
Title: Re: Tests and other Media topics
Post by: bob3160 on August 10, 2015, 12:21:23 AM
(http://www.screencast-o-matic.com/screenshots/u/Lh/1439158816683-7563.png)
It isn't green but I still visit the site. As you know, I don't put my system through all the hoops you do.

Title: Re: Tests and other Media topics
Post by: polonus on August 10, 2015, 12:49:48 AM
Hi bob3160,

It is not about going through hoops, I do all this as a volunteer forum member to detect insecurities and report them to Avast so the Avast team may protect all of their users better and I found quite something up over the last few years.

I am far from expecting the average user to do similar things. This thread is meant for people that are in website scanning, website owners, security analysts, hosters, and a couple of other enthusiasts here on the forums.

I do not say you have to go to sites like I do and with the suspicion and the experience I have stashed at the back of your mind, no-way, that is just for website analysts and other forum users here that like the subject.

But I should like it a lot for the average user to become just a little tad more aware and concerned. Do not just trust all you were being told, because all you are being told is not always the truth where website security is concerned. Our forum member, Para-Noid, would say: `It is secure only what you have tested to be secure!´.

Damian
Title: Re: Tests and other Media topics
Post by: polonus on August 10, 2015, 11:02:25 PM
"There is another obscure way of tracking users without using cookies or even Javascript."
Read about this and test here:
"http://lucb1e.com/rp/cookielesscookies/"
This is stopping "this 'phorming": https://www.dephormation.org.uk/index.php?page=81

polonus

P.S. The main reason for this test was to promote self-desrructing cookies like with Crunch etc.

D
Title: Re: Tests and other Media topics
Post by: Para-Noid on August 12, 2015, 07:47:45 PM
Persistent XSS Vulnerability in WordPress Explained

https://blog.sucuri.net/2015/08/persistent-xss-vulnerability-in-wordpress-explained.html?utm_campaign=Persistent%20XSS%20Vulnerability%20in%20WordPress%20Explained%20Blogpost&utm_medium=social&utm_source=googleplus
Title: Re: Tests and other Media topics
Post by: Para-Noid on August 19, 2015, 04:02:26 PM
Ask Sucuri: How does SiteCheck work?

https://blog.sucuri.net/2012/10/ask-sucuri-how-does-sitecheck-work.html?utm_campaign=Ask%20Sucuri%3A%20How%20does%20SiteCheck%20work%3F%20Blogpost&utm_medium=social&utm_source=googleplus
Title: Re: Tests and other Media topics
Post by: Para-Noid on August 19, 2015, 04:03:19 PM
10 Tips to Improve Your Website Security

https://blog.sucuri.net/2015/06/10-tips-to-improve-your-website-security.html?utm_campaign=10%20Tips%20to%20Improve%20Your%20Website%20Security%20Blogpost&utm_medium=social&utm_source=googleplus
Title: Re: Tests and other Media topics
Post by: polonus on August 19, 2015, 04:09:03 PM
Two fine new test links: http://oscarotero.com/embed/demo/index.php?url=
and
http://iframely.com/debug  also avail;able as extension.
and Low Level Site Explorer: http://1col.ru/www.investigue-me.tumblr.com

enjoy, my good friends, enjoy.
Title: Re: Tests and other Media topics
Post by: polonus on September 18, 2015, 10:01:11 PM
Test for the WbRTC IP Leak VPN/Tor IP Test: http://www.japanweb.info/browse.php/GBWhw2bzXIaDEN9sFiADKd5_2FtKHD9Lg_2F4G2TUJ3BpxHczbg_3D/b29/fnorefer/
Nothing showed up.
http://www.japanweb.info/browse.php/UQChm3nl/X8GAD89z/ByIeOcN1/q6HD_2Fr/h9uA_3D_/3D/b29/
Only the IP of the proxy is shown: 108.59.11.116
But we see this proxy could also be abused: https://www.stopforumspam.com/ipcheck/108.59.11.116
abuse on hosted-by.leaseweb.com in Delaware
commonName=server.bind2.com -  OpenSSH 5.3 (protocol 2.0)
0/tcp  open  http     Apache httpd 2.4.12 ((Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4)
| http-methods: Potentially risky methods: TRACE
ssl/http Apache httpd 2.4.12 ((Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4
with a defect in delegation handling
Found mail servers with inconsistent reverse DNS entries -> mailfilter2.ocom.com.   2001:1af8:4100:a064::20
Primary nameserver: dns01001.ams1.lswcdn.com.
Concluding the proxy scan result.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on September 19, 2015, 01:03:06 PM
I tested this code here:
Code: [Select]
<HTML>
<HEAD>
<TITLE>My First Script</TITLE>
</HEAD>

<BODY>
<H1>Let's Script...</H1>
<HR>
<SCRIPT LANGUAGR="JavaScript">
<!--hide from old browsers
document.write("This browser is version "+chrome.appVersion)
document.write("of <B> + chrome.appName +</B>.")
//end script hiding -->
</SCRIPT>
</BODY>
</HTML>

here: http://caja.appspot.com/  Rendered result Eval Result Time 361 ms = Let's Script...

(source adopted from Javascript Bible)  ;)


polonus
Title: Re: Tests and other Media topics
Post by: polonus on September 19, 2015, 07:28:38 PM
DNS router checker: https://campaigns.f-secure.com/router-checker/
NO ISSUES WERE FOUND
All is well. Have a nice day!

polonus
Title: Re: Tests and other Media topics
Post by: bob3160 on September 19, 2015, 10:02:33 PM
DNS router checker: https://campaigns.f-secure.com/router-checker/ (https://campaigns.f-secure.com/router-checker/)
NO ISSUES WERE FOUND
All is well. Have a nice day!

polonus
No issues found here either but I already knew that from my Avast Network Scan. :)
(http://www.screencast-o-matic.com/screenshots/u/Lh/1442692934591-56816.png)
Title: Re: Tests and other Media topics
Post by: polonus on September 22, 2015, 01:58:39 AM
Test for Canvas Fingerprinting here: http://www.browserleaks.com/canvas
Detect it on sites? Re:  https://chrome.google.com/webstore/detail/canvasfingerprintblock/ipmjngkmngdcdpmgmiebdmfbkcecdndc
Who is into this:  CanvasFingerprintBlock
Blocked 2 potential HTML canvas fingerprinting attempts on this page
Prevented a script on https://hackertarget.com from capturing the point (16, 16) on the following 300px × 150px canvas:
Prevented a script on https://hackertarget.com from capturing the following 300px × 150px canvas:
300px × 150px

polonus
Title: Re: Tests and other Media topics
Post by: Simion on September 22, 2015, 04:34:04 AM
Test for Canvas Fingerprinting here: http://www.browserleaks.com/canvas
Detect it on sites? Re:  https://chrome.google.com/webstore/detail/canvasfingerprintblock/ipmjngkmngdcdpmgmiebdmfbkcecdndc
Who is into this:  CanvasFingerprintBlock
Blocked 2 potential HTML canvas fingerprinting attempts on this page
Prevented a script on https://hackertarget.com from capturing the point (16, 16) on the following 300px × 150px canvas:
Prevented a script on https://hackertarget.com from capturing the following 300px × 150px canvas:
300px × 150px

polonus

Greetings Damien:

I have tested this on a linux platform with chromium browser. I have installed the add-on which seems to work properly. But despite reading "How Does It Work" and "Further Reading", I don't understand why being unique and not in their database is a bad thing (red X). Any thoughts?
Title: Re: Tests and other Media topics
Post by: polonus on October 01, 2015, 12:27:57 AM
Examples of SQL and a checker:
http://www.itl.nist.gov/div897/ctg/dm/sql_examples.htm
Mysqli Prepare Statement Checker

This tool is to help debug SQL statements used in mysqli prepare statements. Enter your SQL, flags and variable that you would use in constructing your prepare statement below to see the SQL generated as well as any issues.

SQL:
INSERT INTO STATION VALUES (13, \'Phoenix\', \'AZ\', 33, 112); INSERT INTO STATION VALUES (44, \'Denver\', \'CO\', 40, 105); INSERT INTO STATION VALUES (66, \'Caribou\', \'ME\', 47, 68);
Issues:
More flags than variables. Less placeholders (?) than flags
SQL Query:
INSERT INTO STATION VALUES (13, \'Phoenix\', \'AZ\', 33, 112);
INSERT INTO STATION VALUES (44, \'Denver\', \'CO\', 40, 105);
INSERT INTO STATION VALUES (66, \'Caribou\', \'ME\', 47, 68);

Flags:
isd
 Only use i, s, d or b.   Check tool: http://www.mustbebuilt.co.uk/apps/mysql-prepare-checker/

enjoy, my good friends, enjoy,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on October 14, 2015, 07:48:13 PM
Test to see if they’re tracking you, visit request.urih.com. Go to: http://request.urih.com/
40% of the trackers on this site could be protecting you from NSA snooping. Tell urih.com to fix it.

Identifiers | All Trackers
 Insecure Identifiers
Unique IDs about your web browsing habits have been insecurely sent to third parties.
Tracked e.g. by levelity.com (non-secure ID tracking).

To get likewise reports, install Tracker SSL extension in Google Chrome: chrome://extensions/?id=hgoabgkpjcbliklekfgepfdlmcnkjnao 

polonus
Title: Re: Tests and other Media topics
Post by: polonus on October 15, 2015, 03:46:18 PM
Coming to a place near you soon copyright on JPEG images?
Next step copyright on sharing txt's? Read: http://www.engadget.com/2015/10/14/jpeg-copy-protection/?ncid=txtlnkusaolp00000589
Whenever you wanna do this, have it visibly inside the picture, add watermark and eventually a CopyRight sign,
so folks know it has DRM protection, else we are in muddy waters sharing copyrighted material we don't even know was
copyrighted in the first place. Nice project for bounty hunters to gain some extra money....  :o
And what about free jpeg that wanna be shared?

Good developent DRM on anything to protect new sacks with old wine and vested interests?

polonus
Title: Re: Tests and other Media topics
Post by: polonus on October 20, 2015, 02:18:25 PM
Dear Avast Community Friends,

Did you test here: https://en.internet.nl/
My test results could not be excellent because my provider here has not yet migrated to supporting IPv6 next to IPv4.
I have an IPv6 address starting with "fe" (same fc-fd) unable to work with the public IPv6 Internet.
The situation of many globally now. Good thing is they do not expect any issues for me after the launch!
DNSSEC is OK. Also test here: http://test-ipv6.com/ (translate with Google Translate).

polonus
Title: Re: Tests and other Media topics
Post by: Secondmineboy on October 20, 2015, 02:33:33 PM
Got a full 0/10, our routers do not support IPv6 and i bet they still run with the original firmware.

I dont want to know how old they are anyway......
Title: Re: Tests and other Media topics
Post by: -midnight on October 20, 2015, 03:22:28 PM
Test shows
Title: Re: Tests and other Media topics
Post by: polonus on October 20, 2015, 03:57:34 PM
Hi -midnight,

The good news has a good side and a darker more sinister side to it. UsingIPv6 has a new quality as it is unique and stays the same and has a new feature that it can be used for location tracking. So more secure from one point of view, but easier for those that want to monitor your whereabouts all the time all of the time. Read about this novel use of IPv6 here: http://ip6.nl/location/

So the situation is getting ever better for the global players to do their thing, but harder for the individual to protect against certain aspects of what they do. ;) Have a nice day.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on October 29, 2015, 07:26:20 PM
Here you can check your site for missing Google Analytics Tracking Code: http://www.gachecker.com/
The results for Avast Forum site shows that only Google Universal Analytics is being flagged, all others produce an x.
See attached image,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on October 30, 2015, 01:27:16 PM
Easy Wifi Boost
Follow the next steps to boost your wifi signal considerably:

Drink a can of beer or soda.
Cut off the bottom of the can.
Cut off the top likewise. Note! Do not cut all the way round. Leave three to four centimeters at the top.
Cut the can lengthwise.
Place the can over the modem antenna or router modem. Your wifi signal will either double or be even three times stronger.

Enjoy,

polonus
Title: Re: Tests and other Media topics
Post by: bob3160 on October 30, 2015, 02:01:31 PM
Easy Wifi Boost
Follow the next steps to boost your wifi signal considerably:

Drink a can of beer or soda.
Cut off the bottom of the can.
Cut off the top likewise. Note! Do not cut all the way round. Leave three to four centimeters at the top.
Cut the can lengthwise.
Place the can over the modem antenna or router modem. Your wifi signal will either double or be even three times stronger.

Enjoy,

polonus
If you need more help, you'll find it here:
http://www.wikihow.com/Make-a-Wi-Fi-Booster-Using-Only-a-Can (http://www.wikihow.com/Make-a-Wi-Fi-Booster-Using-Only-a-Can)
(http://www.screencast-o-matic.com/screenshots/u/Lh/1446213726445-30955.png)
Title: Re: Tests and other Media topics
Post by: polonus on October 30, 2015, 02:09:34 PM
Knew you liked this one, bob3160, just knew  ;D

Damian
Title: Re: Tests and other Media topics
Post by: DavidR on October 30, 2015, 03:26:15 PM
Easy Wifi Boost
Follow the next steps to boost your wifi signal considerably:

Drink a can of beer or soda.
Cut off the bottom of the can.
Cut off the top likewise. Note! Do not cut all the way round. Leave three to four centimeters at the top.
Cut the can lengthwise.
Place the can over the modem antenna or router modem. Your wifi signal will either double or be even three times stronger.

Enjoy,

polonus

Use cans of extra XXX strength beer or cider to enhance the effect ;D
Title: Re: Tests and other Media topics
Post by: bob3160 on October 30, 2015, 04:28:38 PM
Easy Wifi Boost
Follow the next steps to boost your wifi signal considerably:

Drink a can of beer or soda.
Cut off the bottom of the can.
Cut off the top likewise. Note! Do not cut all the way round. Leave three to four centimeters at the top.
Cut the can lengthwise.
Place the can over the modem antenna or router modem. Your wifi signal will either double or be even three times stronger.

Enjoy,

polonus

Use cans of extra XXX strength beer or cider to enhance the effect ;D
XXX strength would result in WiFly not WiFi
Title: Re: Tests and other Media topics
Post by: DavidR on October 30, 2015, 05:34:28 PM
Easy Wifi Boost
Follow the next steps to boost your wifi signal considerably:

Drink a can of beer or soda.
Cut off the bottom of the can.
Cut off the top likewise. Note! Do not cut all the way round. Leave three to four centimeters at the top.
Cut the can lengthwise.
Place the can over the modem antenna or router modem. Your wifi signal will either double or be even three times stronger.

Enjoy,

polonus

Use cans of extra XXX strength beer or cider to enhance the effect ;D
XXX strength would result in WiFly not WiFi

Just been reading an article in UK MicroMart magazine about LiFi being the next major development the Li part is about the Light Spectrum being infinitely greater than radio band. Even works underwater better than radio waves. Unfortunately it is still years away.
Title: Re: Tests and other Media topics
Post by: polonus on October 30, 2015, 10:12:30 PM
To make your own Tor Ban List combine IP info from the Tor Node List https://www.dan.me.uk/tornodes (refreshed every 30 minutes) and then seach on ExoneraTor what is out there and whether to block.
So we have found 100.36.126.180   0FAA2997928261797309​05EB8A33905AB52B48B1   anothermiddlefinger   No
For current threat events look here: https://cymon.io/100.36.126.180
Reporting sources: pbl.spamhaus.org, zen.spamhaus.org, dnsbl.ahbl.org, tor.ahbl.org
-pool-100-36-126-180.washdc.fios.verizon.net seems involved -> http://toolbar.netcraft.com/site_report?url=http://pool-100-36-126-180.washdc.fios.verizon.net
Another one here: http://toolbar.netcraft.com/site_report?url=107.141.170.82  = 
107.141.170.82|csra|443|0|RSVX|3407827|Tor 0.2.6.8|rjwin@acpressuretest.com  etc.

pol

Title: Re: Tests and other Media topics
Post by: polonus on November 01, 2015, 01:25:55 PM
israeli Neural Network AV Deep Instinct will catch 20% more malware: http://www.technologyreview.com/news/542971/antivirus-that-mimics-the-brain-could-catch-more-malware/

polonus
Title: Re: Tests and other Media topics
Post by: polonus on November 19, 2015, 05:44:18 PM
Test your Magento shop for Shoplift backdoor patch here: https://www.magereport.com/
The backdoor enables criminals to get to credit card info....

polonus
Title: Re: Tests and other Media topics
Post by: polonus on November 28, 2015, 11:49:21 PM
With me it won't work, but here are 5 ways to come and "block" an adblocker.

1. Blocking in a blunt way as Yahoo tested on a minor scale: https://www.washingtonpost.com/news/the-switch/wp/2015/11/23/yahoo-escalates-the-war-on-ad-blockers-by-keeping-people-out-of-their-own-e-mail/
2. Buy off ads with a service like Adieu: http://www.adieu.io/
3. Buy from Blockers like with Acceptable Ads by ABP.
4. Abuse root certificates like Lenovo did with a BHO from Superfish. This one backfired grand time, Superfish went broke.
5. A polite request to whitelist the site for the Adblocker used. Some reward the whitelisting user with a nice picture.
Like your teacher did at school when you had learned your psalm verses by heart  ;)
Yes some treat ads like a religion...  ;D

I still would not lower the adblock visors on all 5 mentioned counts as no-one has given a 100% guarantee that unblocked ads could come  completely malware free. So in order to go without mal-ads I block all.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on November 30, 2015, 03:18:47 PM
Jus bookmarked this link: http://www.419eater.com/
and another one on scams: http://www.scamvoid.com/check/

polonus
Title: Re: Tests and other Media topics
Post by: Simion on November 30, 2015, 04:34:06 PM
Jus bookmarked this link: http://www.419eater.com/
and another one on scams: http://www.scamvoid.com/check/

polonus

Hi polonus:

I'm "enjoying" your first link quite a bit, but your second link goes to a 404 Not Found error. Should be: http://www.scamvoid.com/
Title: Re: Tests and other Media topics
Post by: polonus on December 06, 2015, 01:47:30 AM
Nice bookmarklet to add: http://www.phpied.com/quirks-bookmarklet/  Code Source: Stoyan Stefano
will tell you whether or not the browser renders your page in Standards Complaiance Mode or Quirks Mode. The bookmarklet will figure this out for the page as well as for all the frames (and their frames) recursively. Enjoy!

polonus

P.S. For your information the apge you are looking at here is in CSS1Compat, but this message is BackCompat and cannot be seen!  ;)
Title: Re: Tests and other Media topics
Post by: polonus on December 08, 2015, 12:24:06 AM
Interesting search site: -https://crt.sh/? Enter an Identity (Domain Name, Organization Name, etc),
a Certificate Fingerprint (SHA-1 or SHA-256) or a crt.sh ID:
(% = wildcard)
Check for phishers that use free let's encrypt certificates here: -https://crt.sh/? Identity Search
See the Google Safebrowsing alert here: -https://www.electronicfrontierfoundation.org/
Before "let's encrypt" came in, was such a thing possible? Consider this safe entry: https://www.eff.org/

polonus (volunteer website security analyst and website error-hunter)

P.S. Another good search site for such abuse: -https://exchange.xforce.ibmcloud.com/url/cpe-198-72-160-0.socal.res.rr.com
(to go there use the address without the preceding -)

D
Title: Re: Tests and other Media topics
Post by: bob3160 on December 08, 2015, 12:34:02 AM

I even got a warning from Google in the email notification to this post:
(http://www.screencast-o-matic.com/screenshots/u/Lh/1449531084073-42777.png)
Title: Re: Tests and other Media topics
Post by: polonus on December 08, 2015, 01:04:18 AM
Hi bob3160,

Break your links in the quote, please, like I did and that Google warnings goes,

damian

Title: Re: Tests and other Media topics
Post by: Gopher John on December 08, 2015, 07:54:08 PM
https://isc.sans.edu/forums/diary/Patch+Tuesday+Warmup+Internet+Explorer+Sunset+and+Windows+XP+Embedded+End+of+Support/20459/ (https://isc.sans.edu/forums/diary/Patch+Tuesday+Warmup+Internet+Explorer+Sunset+and+Windows+XP+Embedded+End+of+Support/20459/)

Patch Tuesday Warmup: Internet Explorer Sunset and Windows XP Embedded End of Support

As we are waiting for the Microsoft Santa to slide down our Data Center air conditioning duct later today to deliver a delicious package of patches (did you leave some floppy disks and a can of red bull out for him?), we got a couple other announcements from Microsoft that should not be overlooked:

- January will be the last month Microsoft will provide updates for any Internet Explorer version other than Internet Explorer 11! Even Internet Explorer 10 will no longer be supported after January patch Tuesday (January 12th, 2016).

- Support will also end for Windows XP Embedded. This will also make it more difficult for other Windows XP left-overs that tricked their version to use the Embedded updates. But nobody should be running XP anyway (right?).

- Still running Windows 7 or 8.1 (sure way to stay on MSFT Santa's "naughty" list)? Rumor has it that with today's patch Tuesday, Microsoft may re-enable the auto-upgrade to Windows 10. You may flip the switch back to not update, but it will set itself to "on" once a day.

[1] https://www.microsoft.com/en-us/WindowsForBusiness/End-of-IE-support
[2] https://support.microsoft.com/en-us/lifecycle/search/default.aspx?=&alpha=Windows%20XP
​[3] http://www.computerworld.com/article/3012278/microsoft-windows/microsoft-sets-stage-for-massive-windows-10-upgrade-strategy.html#tk.rss_all
Title: Re: Tests and other Media topics
Post by: polonus on December 14, 2015, 02:05:07 PM
Untraceable communication launched: http://news.mit.edu/2015/untraceable-anonymized-communication-guaranteed-1207
Code can be found here: https://github.com/davidlazar/vuvuzela  &  https://github.com/jlmart88/vuvuzela-web-client
With a network manager this cannot be safe. Just like the real Vuvuzela will produce, a lot of noise from hot air.....
The future is to go server-less: https://github.com/ricochet-im/ricochet
and another alternative for just the addressee: https://bitmessage.org/wiki/Main_Page

polonus
Title: Re: Tests and other Media topics
Post by: polonus on December 15, 2015, 01:46:48 AM
Detecting what Ghostery does and abusing it for ad-tracking....http://blog.securitee.org/?p=277
Some of the code mentioned in the reports seems also to disable Adgueard protection,
I reported a beta test form to them..https://news.ycombinator.com/item?id=4907609

polonus
Title: Re: Tests and other Media topics
Post by: polonus on December 15, 2015, 02:16:59 PM
Some things to ponder on: http://www.nedhardy.com/wp-content/uploads/images/2011/may/huxley_vs_orwell_2.jpg

polonus
Title: Re: Tests and other Media topics
Post by: polonus on December 17, 2015, 04:45:40 PM
F-Secure launches free sandbox to test malware: https://labsblog.f-secure.com/2015/12/17/see-sandboxed-execution-environment/  &  https://github.com/F-Secure/see

polonus
Title: Re: Tests and other Media topics
Post by: polonus on January 30, 2016, 01:28:54 AM
Back to actuality and worth to test your server against TLS Logjam: https://tools.keycdn.com/logjam
OK and upgrade and patch whenever one could implement.
Another test there HTTP/2 Test - a simple test to verify your server: https://tools.keycdn.com/http2-test
Results:
HTTP/2 Test Result forum.avast.com

Negative! forum.avast.com does not support HTTP/2.0. Supported protocols: http/1.1
ALPN is not supported. (Confirmed here: http://www.webconfs.com/http-header-check.php )

For a SPDY check go here: https://spdycheck.org/
For the forums here: SPDY Protocol Not Enabled!
Seriously? This SSL/TLS server is using the NPN Entension to tell browsers it supports alternative protocols, but SPDY is not a protocol it supports. The server is not making SPDY an option. Since all the pieces are in place, hopefully it will be easy to enable SPDY support with this server.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on January 31, 2016, 12:31:12 AM
No more dead links thanks to open source Amber plug-in for custom CMS: http://amberlink.org/

see: http://www.youtube.com/embed/25Kz7PqapG4

By the way always keep your CMS up to date, disable user enumeration and directory listing for WordPress etc.,
retire old and left code (zip-file for later reference) for jQuery libraries; harden your server software and
let your server software not "talk that loud", for instance via excessive server header info proliferation.
Cookies not flagged as "HttpOnly" may be read by client side script. Websites are at risk of a clickjacking attack when they allow content to be embedded within a frame.....

So stay safe and secure, and that is the wish of,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on January 31, 2016, 11:34:41 PM
Play these old dosgames in the browser from archives, like for instance: https://archive.org/details/msdos_Prince_of_Persia_1990
or Wolfenstein: https://archive.org/details/msdos_Wolfenstein_3D_1992
Sim City first code released: http://weblogs.asp.net/bsimser/simcity-source-code-released-to-the-wild-let-the-ports-begin
Stunts: https://archive.org/details/msdos_Stunts_1990   for the old style gamer.
etc. etc. Source article with more examples: Donovan Kerssenberg

pol
Title: Re: Tests and other Media topics
Post by: polonus on February 10, 2016, 12:28:20 AM
SRI Hash Website Scanner to to scan any website for Subresource Integrity (SRI) cryptographic hashes.
For what it is worth, read the commenting article here: http://www.theregister.co.uk/2016/01/15/china_github_attack_defence_test/
link article author = John Leiden
We are safe here:
Site
https://forum.avast.com/index.php?action=post;topic=129271.330;last_msg...
Scan Date
Today at 12:26 AM
Status Code
HTTP 302 Found (Redirect)
Scripts
Found 0 unsafe scripts out of 0 script tags
Stylesheets
Found 0 unsafe stylesheets out of 0 stylesheet tags
Also read: https://frederik-braun.com/using-subresource-integrity.html

Enjoy, my good friends, enjoy, example scan: https://sritest.io/#report/04fc4b00-34a8-4b60-9c79-4031cd0c65e5

A Word-Press plug-in to automatically insert Subresource Integrity attributes: https://wordpress.org/plugins/wp-sri/

polonus (volunteer website security scanner and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on February 11, 2016, 04:09:01 PM
Website owners should seek to prevent their websites from getting attacked and compromised/abused/defaced etc.
Check here with Uptime Robot, it is for free: http://uptimerobot.com/#newUser

A few tips to prevent website hacks and defacements.

1. Always keep your server operation software and any other software that is running on your website up to date.
Know that attackers are know to abuse out of date or left software.

2. Hosting company managment solution should keep you secure. Go for dedicated hosting. Whenever on shared hosting,
get to know your neighbors, else ask to be moved out on a different server.
Cheap or free bulk hosting will give you two rewards you do not want - security issues or performance issues.
The choice of a good hosting provider is the most important choice you may come to make.

3. With CMS and forum software apply security updates. WordPress should notify you whenever you log in.
Disable user enumeration and directory listing. Update (free) plug-ins and retire left code.

4. Always use parameteriosed queries to avoid risks of Standard Transact SQL.

5. XSS. Always ensure you check om data that are being submitted and encode or strip out HTML.
Use SRI hashed attributes, the solution came out of beta now. There is a free WordPress plug-in for it.

6. Keep your server and CMS software silent, do not let it speak out loud, keep your error messages vague.

7. Use an appropriate complex password routine, store them encrypted and salted.

8. Prevent direct access to uploaded files alltogether, store them outside root or on a blob.

9. Have your database on a different server and your webserver as well, so it cannot be directly accessed.

10. SSL. It is a good idea to use it for personal data that could become corrupted.

11. Block automated script attacks. Use code scanning as an early warning system. We started this posting on that one.

12. Scan for typical exploit code.

13. Use DNS Blacklists.

14. Avoid PHP running as a module when allowing global write permission.
 
15.Critical websites should undergo penetration testing.

16. Protect sensitive data by putting them in separate files for config and data base.
Avoid client side checking with Javascript, it is insecure.

17. Implement automated backups for actual website and supporting databases.

18. Disable anonymous FTP on your server. Only allow access from outside via ports 80 and 443.

19. Avoid public PCs and Wifi Points to get access to your admin panel. Use a VPN.
Do not update your blog from the barber shop. It looks cool, however it is insecure practice.

20. Check your logs. Limit access to your resources. Use stronger passwords, and do not use default ones.

Info credits go out to authors from Decision Group and mafudge


polonus
Title: Re: Tests and other Media topics
Post by: polonus on March 01, 2016, 05:11:29 PM
A new serious vulnerability has been found for the SSL protocol, named DROWN - Decrypting RSA using Obsolete and Weakened eNcryption - Read on it here: https://www.drownattack.com/
And test for it here online: https://test.drownattack.com/
So what attacks will await us next, we had POODLE, Heartbeat, HEARTBLEED, and now we have DROWN.
One-third of all HTTPS websites open to DROWN attack!

polonus
Title: Re: Tests and other Media topics
Post by: Secondmineboy on March 01, 2016, 05:13:29 PM
A new serious vulnerability has been found for the SSL protocol, named DROWN - Decrypting RSA using Obsolete and Weakened eNcryption - Read on it here: https://www.drownattack.com/
And test for it here online: https://test.drownattack.com/
So what attacks will await us next, we had POODLE, Heartbeat, HEARTBLEED, and now we have DROWN.
One-third of all HTTPS websites open to DROWN attack!

polonus

Bad news for us: https://test.drownattack.com/?site=forum.avast.com
Title: Re: Tests and other Media topics
Post by: bob3160 on March 01, 2016, 05:20:34 PM
A new serious vulnerability has been found for the SSL protocol, named DROWN - Decrypting RSA using Obsolete and Weakened eNcryption - Read on it here: https://www.drownattack.com/ (https://www.drownattack.com/)
And test for it here online: https://test.drownattack.com/ (https://test.drownattack.com/)
So what attacks will await us next, we had POODLE, Heartbeat, HEARTBLEED, and now we have DROWN.
One-third of all HTTPS websites open to DROWN attack!

polonus

Bad news for us: https://test.drownattack.com/?site=forum.avast.com (https://test.drownattack.com/?site=forum.avast.com)
(http://screencast-o-matic.com/screenshots/u/Lh/1456849248194-21647.png)
Title: Re: Tests and other Media topics
Post by: polonus on March 01, 2016, 05:46:21 PM
I go for bob's results, as they come confirmed here:
https://test.drownattack.com/?site=https%3A%2F%2Fwww.avast.com%2Findex
Quote
Results for com/index
We have not identified any vulnerable servers matching this name. It’s possible that our scans missed something, or that there are vulnerable devices behind your firewall. For such devices, we recommend using our client-side scanning software.

polonus
Title: Re: Tests and other Media topics
Post by: Secondmineboy on March 01, 2016, 05:52:16 PM
I go for bob's results, as they come confirmed here:
https://test.drownattack.com/?site=https%3A%2F%2Fwww.avast.com%2Findex
Quote
Results for com/index
We have not identified any vulnerable servers matching this name. It’s possible that our scans missed something, or that there are vulnerable devices behind your firewall. For such devices, we recommend using our client-side scanning software.

polonus

Theres a patch already released for SUSE and SUSE based systems :)

There are 3 patches released: https://download.suse.com/Download?buildid=urp9l5AblyY~

Just as an example.
Title: Re: Tests and other Media topics
Post by: polonus on March 01, 2016, 06:29:21 PM
Hope server admins will implement these, as I still see a lot of vulnerable server around.
Also strange why a netcraft tool does not flag for DROWn attack.
Mind that the online test may just be an indication, there is false positives on detected servers
and clean servers that may be found vulnerable in the end.
Together with the cookies MONSTER your security, even with encryption - http://www.theregister.co.uk/2015/09/25/cookies_monster_your_security/
we have quite some insecurity of the protocol.

polonus
Title: Re: Tests and other Media topics
Post by: Secondmineboy on March 01, 2016, 06:33:31 PM
Hope server admins will implement these, as I still see a lot of vulnerable server around.
Also strange why a netcraft tool does not flag for DROWn attack.
Mind that the online test may just be an indication, there is false positives on detected servers
and clean servers that may be found vulnerable in the end.
Together with the cookies MONSTER your security, even with encryption - http://www.theregister.co.uk/2015/09/25/cookies_monster_your_security/
we have quite some insecurity of the protocol.

polonus

https://blog.cloudflare.com/the-drown-attack/
Title: Re: Tests and other Media topics
Post by: polonus on March 08, 2016, 06:19:21 PM
Test a website for SRI hashes as here with a random example: https://sritest.io/#report/5c1788c0-9ac2-4832-9874-9fba8e76c4ca
And then in case of a SRI hash missing generate that SRI Hash: https://www.srihash.org/
Example:  [script] <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js" integrity="sha384-EaUkI/FiMJtEXWAl0dCczvbFvjfzsIF1UNKGJvu9p5JIG71Kih7/kQJvYbBL7HOn" crossorigin="anonymous"></script> [-script]

Enjoy, my good friends, enjoy,

Damian

P.S. on crossorigin re: http://docs.trackjs.com/tracker/tips.html
Title: Re: Tests and other Media topics
Post by: polonus on March 21, 2016, 01:32:13 PM
Test your non-existent privacy on apps like WhatsApp just to be aware of it all the time you are online:
https://maikel.pro/blog/en-whatsapp-privacy-options-are-illusions/
AdDetector and AdNetworkDetector apps also give you a less intrusive insight of what you share with their servers and
with facebook that owns WhatsApp with a Saudi Prince as it´s largest stakeholder.
Privacy options do work, but probably not as user intented, so as you are the product. ;)
It is a over a billion dollar business model.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on March 23, 2016, 06:54:02 PM
Worldwide OONI explorer shows internet censhorship  and network anomalies:
https://explorer.ooni.torproject.org/explore/
and https://explorer.ooni.torproject.org/world/
Example: https://explorer.ooni.torproject.org/measurement/qt5XiB0z4rf6gBQOJUXFQdSVv1Uzf0f8xwKmKAjLevbBK61c3dvXxgK3xwCdkU2c

enjoy, my friends, enjoy,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on March 25, 2016, 07:22:24 PM
List of Certificate Authorities that Google does not trust: https://www.certificate-transparency.org/known-logs
One easy method is to visit your site in Chrome and then click on the green padlock, "Connection" tab and then look for text indicating whether the site is "publicly auditable".  If you see text showing that the site is, that means that your server is returning SCT responses to Chrome.  On some platforms Chrome will additionally display a link to view "Transparency Information".

pol
Title: Re: Tests and other Media topics
Post by: polonus on March 25, 2016, 08:33:47 PM
Chrome is predicting where you could go. Go herein the Chrome browser and see for yourself: chrome://predictors/
You see your whole prefetch history. This omnibox functionality could be somewhat of a privacy concern,
read here: http://jordan-wright.com/blog/2014/12/18/chrome-tracks-every-key-typed-into-omnibox/

polonus
Title: Re: Tests and other Media topics
Post by: bob3160 on March 26, 2016, 02:15:51 AM
Chrome is predicting where you could go. Go herein the Chrome browser and see for yourself: chrome://predictors/
You see your whole prefetch history. This omnibox functionality could be somewhat of a privacy concern,
read here: http://jordan-wright.com/blog/2014/12/18/chrome-tracks-every-key-typed-into-omnibox/ (http://jordan-wright.com/blog/2014/12/18/chrome-tracks-every-key-typed-into-omnibox/)

polonus
Strange that the article said that this setting was enabled by default ???
Here's my setting and I certainly haven't change a setting I don't even know exists.
(http://screencast-o-matic.com/screenshots/u/Lh/1458954806198-47246.png)
Title: Re: Tests and other Media topics
Post by: polonus on March 29, 2016, 12:39:51 AM
Hi bob3160,

Thanks for checking for us  ;)

Another test: http://mobify.site/results/http%3A%2F%2Fsandbox.onlinephpfunctions.com%2F
An example from a scan to test whether a website is fit for Mobile or should be adopted.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on April 25, 2016, 05:29:11 PM
Check whether your email address or username have been compromised: https://haveibeenpwned.com/
Should you change your password? Read here: http://www.forbes.com/sites/adamtanner/2014/04/14/these-sites-tell-which-of-your-accounts-have-been-hacked/#25385bbd4e8e
But this checking site itself does not seem secure (PHISHING): htxps://shouldichangemypassword.com/   known cloudfront abuse!
It just comes with a meagre T-Status...
while this seems the proper check site for that: https://breachalarm.com/

And again polonus wants to remark: "What is security on the Interwebs, according to us here that educate towards a better and more secure website security standards, like Pondus, Steven Winderlich, Eddy and several others - we can only say security is relative. Look here: https://securityheaders.io/?q=breachalarm.com  scores a very meagre R-Status and following the redirect to the https page there we will get a D-Status: https://securityheaders.io/?q=https%3A%2F%2Fbreachalarm.com%2F  This all for what that is worth.
And here we do not reach any further than an F-Status: https://sritest.io/#report/b71813c2-9458-4bde-8c40-b564a60de8cf

So whatever you do on the Interwebs be fully aware of the fact  that generally speaking it is a rather insecure place with software that  often has not been implemented/updated and patched right and has been weakened and holed on purpose to suit those parties best that wanna earn from your clicks or store your metadata for general surveillance purposes, not speaking of all the cybercriminals with bad intentions.

To come to a slightly more secure Internet a lot of work still needs to be done and a lot of education towards such goals may be necessary. Good if this posting served this goal to make you all a little bit more aware of the actual (in)security status of where you surf. Be on top of it feeling secure and not in the role of a serf. Keep your visors up and go with Avast's protection.

polonus (volunteer website security analyst and website error-hunter)

Title: Re: Tests and other Media topics
Post by: Secondmineboy on April 25, 2016, 05:41:10 PM
Check whether your email address or username have been compromised: https://haveibeenpwned.com/
Should you change your password? Read here: http://www.forbes.com/sites/adamtanner/2014/04/14/these-sites-tell-which-of-your-accounts-have-been-hacked/#25385bbd4e8e

polonus

Have my GMail account breached by the Avast Forum hack and Malwarebytes hack Forum, even tho on the latter one i didnt even know i have an account there at all.
Title: Re: Tests and other Media topics
Post by: polonus on April 25, 2016, 06:27:21 PM
This is sort of proof  that what we claim here about insecure or potentially insecure websites is true: http://www.theregister.co.uk/2016/04/19/google_80000_sites_breached/

Often it is that website software is not secured in a proper way or the cocktail of security measures and securing code is hampering overall security or rather will lead to less security if a cocktail of the wrong layered security measures has been implemented. There a lot of webmasters/webadmins that still are not aware how to properly condition website security - (user enumeration enabled, directory listing enabled, no security headers implemented, https security not properly implemented, outdated or even left  (inline) javascript code installed, iFrame insecurity, sql/xss insecurity, servers speaking out too loud, BEAST, POODLE, DROWN, SHA1 vulnerablity, PHP exploits etc. etc.

When are we going to properly train these people that should keep their visitors secure, and/or demand they have been properly trained and then we also have to go against those parties that profit from the general overall insecurity and therefore will not complain nor wanna change that existing situation soon.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on May 01, 2016, 02:40:23 PM
Interesting link on "bad ISPs": https://wiki.vuze.com/w/Bad_ISPs
So ISPs that seems to frustrate various P2P-ing users.

pol
Title: Re: Tests and other Media topics
Post by: polonus on May 01, 2016, 04:39:44 PM
MS gonna alert against weak SHA-1 weak cryptographic algorithms in IE and Edge: https://blogs.windows.com/msedgedev/2016/04/29/sha1-deprecation-roadmap/
Check on sha-1: https://shaaaaaaaaaaaaa.com/

polonus
Title: Re: Tests and other Media topics
Post by: polonus on June 04, 2016, 10:34:00 PM
Folks, two DNS tests, Wildcard domains DNSSEC resolver test, to test whether you can connect to all websites: http://0skar.cz/dns/en/
and a check whether your ISP resolves all the domain names you request, so they know all you do on the Interwebs: https://www.dnsleaktest.com/
click on extended test and wait for the results. Whenever you find your ISP DNS in that list it means you are in their dragnet.  ::)

polonus
Title: Re: Tests and other Media topics
Post by: mchain on June 06, 2016, 09:35:24 PM
Folks, two DNS tests, Wildcard domains DNSSEC resolver test, to test whether you can connect to all websites: http://0skar.cz/dns/en/
and a check whether your ISP resolves all the domain names you request, so they know all you do on the Interwebs: https://www.dnsleaktest.com/
click on extended test and wait for the results. Whenever you find your ISP DNS in that list it means you are in their dragnet.  ::)

polonus
I would think attached below would show such dragnet behavior:
Title: Re: Tests and other Media topics
Post by: polonus on July 08, 2016, 07:17:31 PM
Found some issues here: https://forum.avast.com/index.php?topic=188252.0
and then thought to myself how this could work out for the the client (e.g. in the browser)
and stumbled upon this test site: https://tlsfun.de/  source: Hanno Böck
like this one for example: https://sslelement.hboeck.de/
and various other test scans.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on August 23, 2016, 04:00:52 PM
All browser extensions that exist are not capable of masking the uniqueness of your identifiable browser, not even via a webproxy of sort.
Going under in the herd is your best option. Good Adobe Flash will be left, because it uniquely identiefies your browser and your native client, wdevine content desription module and Wdevine adapter, Time Zone, User Agent are known.
Your browser has a unique fingerprint and that could be linked to your browsing.
JS-accessible browser objects like navigation and screen makes your browser detectable in every detail.

Test here: https://panopticlick.eff.org  and then here for canvas fingerprint: https://www.browserleaks.com/canvas
When I have javascript disabled, e.g. via a webproxy I get:
JavaScript Disabled — Canvas element is part of HTML5 and is accessible via JavaScript API
Canvas Support in Your Browser
Canvas (basic support)   ?
Text API for Canvas   ?
Canvas toDataURL   ?
Database Summary
Unique User-Agents   109000
Unique Fingerprints   4875
Your Fingerprint
Signature   N/A
Found in DB   N/A

But then probly the webproxy logs have these details.

Now folks let us generate our own online UUID (universally unique identifier)  with this generator: https://www.uuidgenerator.net/
and https://www.guidgenerator.com/online-guid-generator.aspx

What is a Version 1 UUID?
A Version 1 UUID is a universally unique identifier that is generated using a timestamp and the MAC address of the computer on which it was generated.

Also use: https://www.uuidgenerator.net/version4

What is a version 4 UUID?
A Version 4 UUID is a universally unique identifier that is generated using random numbers. The Version 4 UUIDs produced by this site were generated using a secure random number generator.

0186afb4-e911-47de-89da-ea0c4e0a72ee
a48c5abb-b750-4591-a9d6-40dab0338aa4
34a94f63-5653-409a-bf22-0fb758f2c794

enjoy,

polonus

P.S. Do go down in the noise produced by this extension to mask your canvas fingerprinting,
 use Canvas Defender extension for firefox and chrome:
https://chrome.google.com/webstore/detail/canvas-defender/obdbgnebcljmgkoljcdddaopadkifnpm/related

D
Title: Re: Tests and other Media topics
Post by: polonus on August 23, 2016, 10:42:15 PM
Misconfiguration and mistakes in configuring and managing DNSSEC servers may help exploitation via DNS reflection attacks, responding to a feature DNS "ANY" query providing all sort of info on the domain.

Such poorly configured DNSSECservers could amplify attacker's traffic by 28.9 times.

"ANY" requests should be filtered out and put abuse-detection mechanism in place. Source:  Richard Chirgwin on The Register.

Hence we test: http://dnssec-debugger.verisignlabs.com/server78.bertina.us
and re-test: http://dnsviz.net/d/

Re example: http://dnsviz.net/d/server78.bertina.us/dnssec/
error: bertina.us zone: The server(s) were not responsive to queries over TCP. (185.88.153.173)

enjoy,

polonus (volunteer website security analyst and website error-hunter)

P.S. Nice system to check: https://bintray.com/rafaeljusto/deb/shelter
Online check semver: http://jubianchi.github.io/semver-check/
Given the version you entered:

The next major release will be 2.0.0
The next minor release will be 1.1.0
The next patch release will be 1.0.1

Damian
Title: Re: Tests and other Media topics
Post by: polonus on August 26, 2016, 12:07:19 PM
Observatory Mozilla Scan: https://observatory.mozilla.org/
Example: https://observatory.mozilla.org/analyze.html?host=www.aplusoassociates.com

The crpto checks: tls.imirhil.fr and  https://cryptoreport.websecurity.symantec.com/checker/
re: https://tls.imirhil.fr/smtp/www.aplusoassociates.com

For the forum: https://tls.imirhil.fr/https/forum.avast.com
No more than a meagre F-score  :o

pol
Title: Re: Tests and other Media topics
Post by: polonus on August 26, 2016, 01:49:18 PM
But to truely discern about insecure versus secure setting,
one has to know how to configure according best practices,
and what third party choices one should make.

For instance for __cfduid cookie from Cloudflare,

not with proper settings like here:

Cookie security options (2 cookies)

Quote
Secure cookies: Warning

Requested URL: https://www.security.nl/ | Response URL: https://www.security.nl/ | Page title: Security.NL | HTTP status code: 200 (OK) | Response size: 58,066 bytes (gzip'd) | Duration: 645 ms
Overview
Cookies served over HTTPS but not flagged as "secure" may be sent over an insecure connection by the browser. Often this may be a simple request for an asset such as a bitmap file but if it's on the same domain as the cookie is valid for then it will be sent in an insecure fashion. This poses a risk of interception via a man in the middle attack.

Result
It looks like a cookie is being served over HTTPS without the "secure" flag being set (name : value):

__cfduid : d35d12748d6////////////6e3c478281472209606

Unless the cookie needs to be sent over an insecure connection, the "secure" flag should always be set to ensure it can only be sent with an HTTPS request.

Then it seems it cannot be disabled as it is a tracking cookie for CloudFlare to decide who is trusted/non-trusted.

Read: http://webmasters.stackexchange.com/questions/59226/disable-cfduid-cookie-from-cloudflare

Verdict: Host-only attribute insecure.

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on August 27, 2016, 01:54:43 PM
For a lot of sites that should, like for instance banking sites, we often find that the content security policy (CSP) header is not being set. This makes the website vulnerable to scripting injections (often reflected XSS via swf objects).

CSSStyleSheet insert Rule()" not permitted. Why? -stylesheet originates from other (sub)domain and cannot run from script (as sandbox blocks). CSP does not permit 'unsafe.inline' for 'style-src' (and no nonce and/or hash set to be validated) so the whole style-tag is not permitted.

CSP prevents that non-trusted sources be trusted (developer-set).

CSP also blocks marketing-pixels and tag-manager will not function properly and directly for new pixel domains
(good actually in a sys-admin position/view against aggressive marketing overlords,
so they cannot overrule good-sensed security *).

* But not all cloudhosting parties support CSP headers. Bad example here is Cloudfront.

Just some musings of mine to point out the importance of decent best policy security header implementation.

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on August 27, 2016, 11:07:10 PM
HTTP Header check: https://hackertarget.com/http-header-check/
another way using their api: http://api.hackertarget.com/httpheaders/?q=http://www.google.com

See: https://adresults.nl/tools/header-checker/  &  https://headers.cloxy.net/
Re: http://www.internetmarketingninjas.com/header-checker/

Read: https://www.keycdn.com/blog/http-security-headers/  -> check: https://tools.keycdn.com/curl

polonus
Title: Re: Tests and other Media topics
Post by: polonus on August 27, 2016, 11:44:33 PM
Here for a random example, I check observatory results against Recx Security Analyzer extension results: https://observatory.mozilla.org/analyze.html?host=frontpage.fok.nl

HTTP Security Header returned cache-control no-cache with a warning, not according best policies.
Only access-control.allow.origin OK
allowallcookies, sessid and -cfduid Host-only attribute not returned, screen cookie HTTP only attribute not returned.

Quote
HTTP/1.1 200 OK
Date: Sat, 27 Aug 2016 20:53:27 GMT
Content-Type: text/html; charset=iso-8859-15
Connection: keep-alive
Set-Cookie: __cfduid=d5f6938f885ca343e19e68ad17de5c9fe1472331207; expires=Sun, 27-Aug-17 20:53:27 GMT; path=/; domain=.fok.nl; HttpOnly
Set-Cookie: token=83aec9f5940a64e2d1ad98c16e8a2234; path=/; domain=.fok.nl
Cache-Control: no-cache, must-revalidate
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Set-Cookie: vc=1; expires=Sat, 27-Aug-2016 20:56:27 GMT; path=/; domain=.fok.nl; httponly
Vary: Accept-Encoding
Server: cloudflare-nginx
CF-RAY: 2d9269c06bb621c8-EWR

polonus
Title: Re: Tests and other Media topics
Post by: polonus on September 04, 2016, 07:38:11 PM
An intelligent scan to perform for -www.modxcloud.com tested at
Quote
Domain Name: =www.modxcloud.com
URL Tested: -https://www.modxcloud.com
Number of items downloaded on page: 92

   Valid Certificate found.
   Certificate valid through: Sep 8 22:26:55 2017 GMT
Certificate Issuer: StartCom Ltd.
SSL Protocols Supported: TLSv1 TLSv1.1 TLSv1.2
   Total number of items: 92
Number of insecure items: 1
Insecure URL: -http://fonts.googleapis.com/css?family=Oxygen:700,400
Found in: -https://cdn3.modxcloud.com/assets/components/markdowneditor/css/cards.css

   Secure calls made to other websites:
-cdn5.modxcloud.com is valid and secure.

-cdn1.modxcloud.com is valid and secure.

-cdn2.modxcloud.com is valid and secure.

-cdn3.modxcloud.com is valid and secure.

-cdn4.modxcloud.com is valid and secure.

-use.typekit.net is valid and secure.

-ajax.googleapis.com is valid and secure.

Check at https://www.whynopadlock.com/check.php

Confirmed here: -https://www.modxcloud.com
Detected libraries:
jquery - 1.7.2 : (active1) -https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
(active) - the library was also found to be active by running code
1 vulnerable library detected

Blocked by scriptblocker = -https://assets.customer.io/

polonus
Title: Re: Tests and other Media topics
Post by: polonus on September 04, 2016, 08:50:28 PM
Also insecure tracking there:
100% of the trackers on this site could be protecting you from NSA snooping.
Tell modxcloud.com to fix it.

 All trackers
At least 10 third parties know you are on this webpage.

 -cdn1.modxcloud.com
 -use.typekit.net
 -Google
 -cdn5.modxcloud.com
 -cdn2.modxcloud.com
 -cdn3.modxcloud.com
 -cdn4.modxcloud.com
 -Segment.io
 -modxcloud.com
-cdn.embedly.com  -cdn.embedly.com
Legend
 Tracker could be tracking safely if this site was secure.
 Tracker does not support secure transmission.

pol
Title: Re: Tests and other Media topics
Post by: polonus on September 05, 2016, 09:42:07 PM
Just went over this session hijacking description info: http://resources.infosecinstitute.com/session-hijacking-cheat-sheet/

Then stumbled upon these bug patterns list: http://resources.infosecinstitute.com/session-hijacking-cheat-sheet/

Time for a web cookies scan: https://webcookies.org/

Testing and extensions: https://www.owasp.org/index.php/Testing_for_cookies_attributes_(OTG-SESS-002)

Bookmarklet: javascript:alert('Cookies stored by this host or domain:\n\n' + document.cookie.replace(/; /g,'\n'));

Oh, but you wanted the results for this forum site, OK? -> https://webcookies.org/cookies/forum.avast.com/2999337

Server vulnerable to OpenSSL CCS attack  :o
Dubious as
Quote
SSL-encrypted websites and servers are still secure. The vulnerabilities that were discovered are in the software itself and not in the Certificate Authorities or SSL/TLS protocols. Once the patches are applied, your systems are secured against the vulnerabilities revealed by the OpenSSL Development team today.
quote info digi cert.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on September 06, 2016, 12:22:02 PM
OCSP stapling decreases the load on a PKI infrastructure's OCSP server by attaching a signed OCSP response to the target in a TLS connection. In addition it creates a more secure/private session since the CA doesn't know that your browser is accessing a given site. Some people have compared this behavior to Kerberos. The Chrome team has decided that they plan to remove CRL and regular OCSP checks, but they haven't disabled OCSP stapling. Other than the client side check: check website here: https://observatory.mozilla.org/analyze.html?host=

Test OCSP stapling in your browser here: http://www.vpnhosting.cz/ocsp/

Most windows type browsers support in. I have it therefore enabled.
Info credits go to Jaromir Kuba.

Have a nice day,

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on September 07, 2016, 11:45:43 PM
A comma-test,

The circumvention of DNS and the host file by Microsoft by hard-coding some three dozen IPs in the OS, since XP SP2 and their out of industry standards, is a bad idea for quite a couple of reasons. It is ill or not documented.  So we definitely need the Avast Firewall to mitigate this peaking nose of the camel.

With their kerberos-like authentication validation this makes they can deny whatever user access to their platform and services whenever MS or an restrictive government choose to do so.

Ultimately this could lead to a development of a device platform that offers a user experience of a mix of something between a web TV and an XBox.

Alas Google does likewise. Do the comma test here: http://www.benedelman.org/hardcoding/commatool.html
and read about their hard-coded algorithms: http://www.benedelman.org/hardcoding/

polonus
Title: Re: Tests and other Media topics
Post by: polonus on September 08, 2016, 12:42:17 AM
Technical reasons why hard-coding IPs is a bad idea:
IP addresses should not be hardcoded
squid : S1313
Hardcoding an IP address into source code is a bad idea for several reasons:
a recompile is required if the address changes
it forces the same address to be used in every environment (dev, sys, qa, prod)
it places the responsibility of setting the value to use in production on the shoulders of the developer
Noncompliant Code Example
String ip = "127.0.0.1";
Socket socket = new Socket(ip, 6667);
Compliant Solution
String ip = System.getProperty("myapplication.ip");
Socket socket = new Socket(ip, 6667);  info credits SonarQube.

pol
Title: Re: Tests and other Media topics
Post by: polonus on September 09, 2016, 01:39:01 PM
In the light of all data-breaches recently and the once AOL privacy debacle we show that privacy may not actually exist:
http://www.aolstalker.com see search results and sponsored lisings.
An eye-opener to how little privacy u have,

polonus
Title: Re: Tests and other Media topics
Post by: bob3160 on September 09, 2016, 02:57:45 PM
In the light of all data-breaches recently and the once AOL privacy debacle we show that privacy may not actually exist:
http://www.aolstalker.com (http://www.aolstalker.com) see search results and sponsored lisings.
An eye-opener to how little privacy u have,

polonus
And how long have I been stressing that same point ???
May may think you're hiding but, someone will always find you.
Title: Re: Tests and other Media topics
Post by: polonus on September 09, 2016, 11:09:07 PM
Hi bob3160,

You are right, as the use of the browser or client, as some call it actually, is free only because it is one big tracking and ad-launching machine for big data-vendors (your very private data included). So they want insight into and sell all that you do online, all that you have posted online, you all gave it away when you agreed to that in order to use their free service(s). You have paid with your data.

Do not put/do something online that may one day come to bite you back. And keep at the back of your mind always what I sketched out in the previous alinea. The Internet never forgets and you will never know who may have access to what you have posted.

Forewarned is forearmed.

your avast forum friend,

polonus

Title: Re: Tests and other Media topics
Post by: polonus on September 21, 2016, 05:16:32 PM
To see it in perspective.
What google knows about you
:
What you think according to google- profile: http://www.google.com/settings/ads/
Where you have been according to google - location:  https://maps.google.com/locationhistory
What you searched for: https://www.google.com/history/
All the vids on Utube: https://www.youtube.com/feed/history/search_history
Apps and your google data: https://security.google.com/settings/security/permissions
All your googled meta-data: https://www.google.com/takeout

Hope you stay aware of what they do...

polonus
Title: Re: Tests and other Media topics
Post by: bob3160 on September 21, 2016, 09:49:42 PM
Very interesting and revealing.
Emphasizes the point: Hiding is futile
Title: Re: Tests and other Media topics
Post by: polonus on September 23, 2016, 11:52:15 AM
Has someone hacked in on my private Wifi Network?

Checking the devices shown on your wifi connection, use the small tool from the remarkable Israeli developer, Sofer, Nir:
Wireless Network Watcher, then check the found MAC-addresses here: http://www.coffer.com/mac_find/

Enjoy,

polonus

P.S. Read here why I posted here what I posted: https://forum.avast.com/index.php?topic=191140.msg1339902#msg1339902

Nice proggie to detect rogue DHCP servers on your network: http://www.symantec.com/connect/downloads/detect-rogue-dhcp-servers-network

Damian
Title: Re: Tests and other Media topics
Post by: polonus on September 29, 2016, 12:19:02 AM
CSP Evaluator
Google has come up with a great tool to check on CSP -
Google uses the CSP evaluator for assets including its Cloud Console, Photos, History, and Maps Timeline among others,
and will expand the list.

It resides here: https://csp-evaluator.withgoogle.com/

So I could not refrain from trying it out, as polonus is into volunteer website security on an almost daily basis.

Enjoy, my friends, enjoy!

Checking on this site: http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2Fwww.axiscorner.com%2F&useragent=Fetch+useragent&accept_encoding= e.g. -https://plus.google.com/u/1/b/108271385407869247047/+Axiscorner-Architecture-Rendering-Service/about” rel=”publisher

We get two high severity findings: clearcheck
Directive "check" is not a known CSP directive.
expand_more
errorscript-src [missing]
script-src directive is missing.
expand_more
errorobject-src [missing]
Missing object-src allows the injection of plugins which can execute JavaScript. Can you set it to 'none'?
expand_more

Legend

X errorHigh severity finding
errorMedium severity finding
help_outlinePossible high severity finding
removeDirective/value is ignored in this version of CSP
help_outlinePossible medium severity finding
clearSyntax error
info_outlineInformation
checkAll good

Blocked by Netcraft as an XSS attack: Blocked URL: -http://www.domxssscanner.com/scan?url=https%3A%2F%2Fplus.google.com%2Fu%2F1%2Fb%2F108271385407869247047%2F%2BAxiscorner-Architecture-Rendering-Service%2Fabout%22%3EAxis+Corner+Reviews%3C%2Fa%3E+Here%21%3Cscript+type%3D%22application%2Fld%2Bjson%22%3E+%7B++%22%40context%22%3A+%22http%3A%2F%2Fschema.org%2F%22%2C++%22%40type%22%3A+%22Br

Google also released the CSP Mitigator to help administrators apply custom CSP policy to applications and to better understand the impact of enabling CSP including highlighting parts that may break. -> https://chrome.google.com/webstore/detail/csp-mitigator/gijlobangojajlbodabkpjpheeeokhfa

I certainly hope security researchers will benefit from this addition to their toolchest,

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on September 29, 2016, 05:58:55 PM
And of course this cannot be established by just one scan.
Read: https://content-security-policy.com/
Also test whether your browser can handle it: https://content-security-policy.com/browser-test/

The observatory project scan may also help you: https://observatory.mozilla.org/

And then we see that even security scan sites may be not be quite secure in these respects, example here:
https://observatory.mozilla.org/analyze.html?host=www.scumware.org

Already presented this, also handy in this repect:  http://cyh.herokuapp.com/cyh

Also nice to have this extension to check a site: https://chrome.google.com/webstore/detail/recx-security-analyser/ljafjhbjenhgcgnikniijchkngljgjda

polonus
Title: Re: Tests and other Media topics
Post by: polonus on October 01, 2016, 01:31:30 PM
Generate your Content Security Policy header with this online generator.
Do it here: http://cspisawesome.com/

And another one for domain: https://report-uri.io/home/generate

polonus

P.S. If you would create some CSP like this
Quote
content="default-src * 'unsafe-inline' 'unsafe-eval'"
,
that would really make your website really very insecure. I trust you would not do a thing like that defining,
so an attacker would have an easy job injecting malcode into your site. (info credits go to StackOverflow's Schlaus)
and this would even be worse allowing everything everywhere:
Quote
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *;
(info credits go to StackOverflow's Amold Roa).

Damian (volunteer website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on October 03, 2016, 05:34:17 PM
Website are capable of tracking you onlne even after you have cleansed your browser.

Reasearch two unpatched flaws that can be exploited to track Millions of Internet users, allowing malicious website owners:
List Building: To compile a list of visited domains by users, even if they have cleared their browsing history
Tracking Cookies: To tag users with a tracking cookie that will persist even after they have deleted all cookies
These two Browser Fingerprinting techniques abuse HTTP Strict Transport Security (HSTS) and Content Security Policy – new security features already built into Mozilla Firefox and Google Chrome, and expected to make their ways to other mainstream browsers in near future.
(info credits the Hacker News)  Read example: https://github.com/MicrosoftEdge/static-code-scan/issues/100

Check for yourself: https://zyan.scripts.mit.edu/sniffly/

Polonus found out that the HTTPS Everywhere extension and uMatrix can intervene with Sniffly, but not fully protect against such threats.

Compare scanning here: https://panopticlick.eff.org/

pol
Title: Re: Tests and other Media topics
Post by: polonus on October 03, 2016, 11:40:00 PM
Above we presented CSP, but remember CSP is an security overlayer . We should depend always on other mechanisms like employing frameworks with strict contextual escaping for generating markup, we use the X-frame-options header to protect against clickjacking are asure that resources on secure pages are fetched over HTTPS.

As mentiond one of the three CSP vulnerabilities is clickjacking. Let us check for clickjacking vulnerability here: https://www.lookout.net/test/clickjack.html  and here: http://online.attacker-site.com/html5/ClickjackingTester/

Server request can become blocked by an extension.  Mind that many Chinese ASP websites have clickjacking warnings.
Check also with: https://asafaweb.com/

A warning gives:
Quote
Overview
Websites are at risk of a clickjacking attack when they allow content to be embedded within a frame. An attacker may use this risk to invisibly load the target website into their own site and trick users into clicking on links which they never intended to. An "X-Frame-Options" header should be sent by the server to either deny framing of content, only allow it from the same origin or allow it from a trusted URIs.

Result
It doesn't look like an X-Frame-Options header was returned from the server which means that this website could be at risk of a clickjacking attack. Add a header to explicitly describe the acceptable framing practices (if any) for this site.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on October 06, 2016, 12:19:36 AM
While testing some code inside DOM XSS Scanner evaluated it with jsunpack and got an error
Results from scanning URL: -https://static.xx.fbcdn.net/rsrc.php/v3/y7/r/FEr7rZpxSFw.js

due to undefined is not valid JSON, so the function is working properly. Info Credits: StackOverflow's  Djechlin
(This because JSON does not have a value = NULL).

Kicked up error:
Quote
script
     info: [script] 127.0.0.1/
     info: [decodingLevel=0] found JavaScript
     error: undefined variable JSON
     error: undefined function JSON.stringify
  When you bug-check code, you are bound to find bugs.

polonus
Title: Re: Tests and other Media topics
Post by: bob3160 on October 06, 2016, 12:50:46 AM
I suggest you get a can of Raid to help solve your bug problem. :)

(http://screencast-o-matic.com/screenshots/u/Lh/1475707830987-77743.png)
Title: Re: Tests and other Media topics
Post by: polonus on October 23, 2016, 12:36:38 PM
Did any part of your home network became part of a IoT bot network?
No of course not, you may say, because I have the Home Network Protection module  on my Avast AV Solution enabled!  ;) ;D
So you are more secure than others. OK. Good start. Then now for all the others.

A free scanner here to make out if you are known at Shodan's public iOT scanner:
http://iotscanner.bullguard.com/

You could also check for dorks (often used and abused by these hackers):
https://sourceforge.net/directory/os:windows/?q=google%20dork%20scanner

Do you make use of any of those 62 terribly insecure default passwords?
As always starting with the admin - admin combination or admin - password for that matter?

Read: https://www.malwaretech.com/2016/10/mapping-mirai-a-botnet-case-study.html

Do you have user enumeration settings enabled so they can scan for just such a combination like "polonus - admin" for instance.
I would not dream of using that, but just to give an example it is there....

Also have I seen the rise of this check "have i been pnewed"- https://haveibeenpwned.com/
Or you may decide not to use it as these your data haven't been shared anywhere before. That is up to you.
Know curiosity killed the poor proverbial animal..... :D

Enjoy, my good avast friends, enjoy.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on November 06, 2016, 02:19:40 PM
Dear avast friends,

I am working on my F-Bufferbloat Status mitigation, and probably it is my chain of routing config that builds this up
or rather problems with my ISP, who had connection problems lately, and sent me an e-mail.
Some have to update their router firmware to get b etter scores.

Wanna test your Bufferbloat Score here? Go to: https://www.dslreports.com/speedtest (check according to your situation).

How is avast av interfering to further increase bufferbloat.  Some experience high latency problems of several hundred ms.
Bufferbloat testing then comes disabled. Mine worked second time around.
Do you have different readings on different browsers or for different devices.

You can also test with this software from Google github, download and open in any browser:
https://google.github.io/latency-benchmark/

An online latency test: http://freeola.com/line-test/#start
Ideally the jitter should always read: 0

Enjoy,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on November 23, 2016, 04:23:07 PM
Do the privacy DSN test here: https://getdnsapi.net/query.html
My private IP query returned: Response code was: GOOD. Status was: Queries for the name yielded all negative responses

Check yours as well, while the surveillance grabbing may go on in your cloud data,
it is important to know what goes along behind our backs.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on November 25, 2016, 11:11:14 PM
Mirai scam scanners: https://scanme.iotdef.com/
and https://www.incapsula.com/mirai-scanner/

No scareware or are you just not vulnerable?

polonus
Title: Re: Tests and other Media topics
Post by: polonus on November 26, 2016, 01:30:29 AM
Nice decoding tools to use to protect better on the Big Bad Net: https://paulschou.com/tools/xlate/
so fooling the filters and make da XSS won't work...

Another online one for connoisseurs: http://encoders-decoders.online-domain-tools.com/

Example
Quote
/?%22%3e%3c%73%63%72%69%70%74%3e%64%6f%63%75%6d
%65%6e%74%2e%63%6f%6f%6b%69%65%3c%2f%73%63%72%69%70%74%3e
[example 2] [host]/?%27%3e%3c%73%63%72%69%70%74%3e%64%6f%63%75%6d%65%6e
%74%2e%63%6f%6f%6b%69%65%3c%2f%73%63%72%69%70%74%3e
which is being decoded here
as URL output
Quote
/?"><script>docum
ent.cookie</script>
[example 2] [host]/?'><script>documen
t.cookie</script>
Try it here: http://coderstoolbox.net/string/#!encoding=url&action=decode&charset=us_ascii

enjoy, my good friends, enjoy,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on December 01, 2016, 09:07:14 PM
Check your google account for Gooligan: https://gooligan.checkpoint.com/

polonus
Title: Re: Tests and other Media topics
Post by: bob3160 on December 01, 2016, 09:44:38 PM
Check your google account for Gooligan: https://gooligan.checkpoint.com/ (https://gooligan.checkpoint.com/)

polonus
Once done, will Zonealarm add you to their list of prospective customers ???
Title: Re: Tests and other Media topics
Post by: DavidR on December 01, 2016, 10:35:21 PM
Check your google account for Gooligan: https://gooligan.checkpoint.com/ (https://gooligan.checkpoint.com/)

polonus
Once done, will Zonealarm add you to their list of prospective customers ???

I don't like using these checkers as I'm really trusting NOT. But I gave this a go and if failed to get of the starting blocks. Clicking the Check button fails to do anything.
Title: Re: Tests and other Media topics
Post by: bob3160 on December 01, 2016, 10:40:11 PM
Check your google account for Gooligan: https://gooligan.checkpoint.com/ (https://gooligan.checkpoint.com/)

polonus
Once done, will Zonealarm add you to their list of prospective customers ???

I don't like using these checkers as I'm really trusting NOT. But I gave this a go and if failed to get of the starting blocks. Clicking the Check button fails to do anything.
That means you have something blocking it. I tried it on a throw away and it worked. :)
Title: Re: Tests and other Media topics
Post by: DavidR on December 02, 2016, 12:17:16 AM
Check your google account for Gooligan: https://gooligan.checkpoint.com/ (https://gooligan.checkpoint.com/)

polonus
Once done, will Zonealarm add you to their list of prospective customers ???

I don't like using these checkers as I'm really trusting NOT. But I gave this a go and if failed to get of the starting blocks. Clicking the Check button fails to do anything.
That means you have something blocking it. I tried it on a throw away and it worked. :)

I do have firefox tied down pretty well with NoScript, RequestPolicy and ABP add-ons, but I did try to allow areas/sites it accessed, without giving it blanket authority.
Title: Re: Tests and other Media topics
Post by: polonus on December 02, 2016, 02:45:50 PM
But the issues still remain: http://www.securityweek.com/gooligan-android-malware-compromises-more-1-million-google-accounts

What is there left we can realy, realy trust?

With a world so full of uneliable information and outright deceit, I sometimes even worry
whether  I can trust the info I spread myself.

I hope I can and always try to be a truthful person in every respect.

Sometimes we are purposefully being fed desinformation or lied to or misled even brainwashed
by those that wanna profit from us big time.

What about the ordinairy end-user without much technical insight.
You can tell them anything to believe, and they still would be going around in the dark.

You apparently cannot trust all the apps from GooglePlay,
and Google has a hard time throwing out  all those that try to abuse their services.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on December 02, 2016, 11:54:35 PM
Never go against the "same origin policy" or disable it inside the client (CORS disabled).
Only developers on very specific occasions may do so. As a general rule it is mighty unsafe.

See an example of secure frame cross domain communication here: http://sandbox.ternarylabs.com/porthole/
The code resides here: https://ternarylabs.github.io/porthole/

polonus
Title: Re: Tests and other Media topics
Post by: polonus on December 04, 2016, 06:47:10 PM
Some links here. One for request validation: http://web-sniffer.net/

Then in the struggle ahgainst spam mails,
it is important websites have a so-called spf aka Sender Policy Framework record.

The testing tools: http://www.kitterman.com/spf/validate.html

Scan whether they have one: http://www.kitterman.com/getspf2.py
or generate one at http://www.spfwizard.net/  or here: https://www.dynu.com/en-US/NetworkTools/SPFGenerator

Also helpful in the battle against spoofing is the CSR decoder: https://www.sslshopper.com/csr-decoder.html
and see the other tools at that page.

enjoy my good friends, enjoy,

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on December 05, 2016, 12:55:21 AM
Real method to come to a free second-op scan or too good to be true?

Read: http://www.infoworld.com/article/3014323/security/a-free-almost-foolproof-way-to-check-for-malware.html#tk.ifw-infsb

Anyone to react?

polonus

P.S. Can imagine a couple of situation where this won't work, as for instance with malware like visbot that lies dormant as to the moment you start to perform certain specific actions in the browser. In such and other plausible situations it is better to have real AV like avast, folks.

Damian
Title: Re: Tests and other Media topics
Post by: polonus on December 06, 2016, 01:43:09 PM
Nice read for those into javascript malware analysis.

Where a bit of coee, hidden as Latin terms, could produce a very dangerous javascript malware: http://www.schillmania.com/content/entries/2009/javascript-malware-obfuscation-analysis/
 (go down to where it reads "Holy Crap, This Thing Is Bad (Or, "Latin Lingo")".. and then read on:).  link article author = Schill.

A more general introduction: https://heimdalsecurity.com/blog/javascript-malware-explained/  (Andra Zaharia).

polonus
Title: Re: Tests and other Media topics
Post by: polonus on December 10, 2016, 01:30:15 PM
You find the following three privacy settings listed under the main settings tab in the uBlock Origin options (which you access with a right-click on the icon and the selection of options). Go to uBlock0 Dashboard.

Disable pre-fetching (to prevent any connection for blocked network requests).
Disable hyperlink auditing/beacon.
Prevent WebRTC from leaking local IP address  (standard setting is not set by deafult)
The new setting provides you with a toggle to enable or disable WebRTC from leaking your local IP address.

Test here: https://diafygi.github.io/webrtc-ips/   STUN Servers won't log you anymore.

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on December 10, 2016, 01:51:42 PM
A stun server list: https://gist.github.com/zziuni/3741933
see: https://sourceforge.net/projects/stun/

pol
Title: Re: Tests and other Media topics
Post by: bob3160 on December 12, 2016, 02:12:05 PM
(http://screencast-o-matic.com/screenshots/u/Lh/1481548183891-69930.png)
https://www.reverse.it/
Another tool that might come in handy. :)
Title: Re: Tests and other Media topics
Post by: polonus on December 12, 2016, 02:16:32 PM
Hi bob3160,

Thanks for the link.

polonus
Title: Re: Tests and other Media topics
Post by: bob3160 on December 12, 2016, 02:30:03 PM
Hi bob3160,

Thanks for the link.

polonus
You're welcome. Let me know if you get anything out of this one that you don't already get from your arsenal. :)
Title: Re: Tests and other Media topics
Post by: Pondus on December 12, 2016, 03:04:11 PM
Bob / Polonus it is the same as this > https://www.hybrid-analysis.com/

https://www.payload-security.com/

Title: Re: Tests and other Media topics
Post by: Para-Noid on December 12, 2016, 05:48:18 PM
Bob / Polonus it is the same as this > https://www.hybrid-analysis.com/

https://www.payload-security.com/

I'm neither Bob nor polonus, but as far as I can tell...yes.
Title: Re: Tests and other Media topics
Post by: Para-Noid on December 12, 2016, 05:57:36 PM
https://www.leakedsource.com/main/notify/

Found this recently and thought it worthy to share. If your web account (Google, Yahoo, MSN, etc) has been compromised you will get an email notification.
Title: Re: Tests and other Media topics
Post by: polonus on December 12, 2016, 06:00:13 PM
Thanks to Para-Noid for answering Pondus,

and now to something completely different, your browser leaking....

Testing for browser leaks to STUN Servers - WebRTC or via WebGL, here are best sites to test:
https://vpnreviewer.com/best-sites-check-ip-leaks-2016

enjoy,

polonus

P.S. @ Para-Noid,
        If you fill that address out there, is not at the same time these info being harvested for ?????????.
       Something deep inside says me, that they do not run these services just because they have blue eyes
        or they are benefactors.... ;D
Title: Re: Tests and other Media topics
Post by: Para-Noid on December 12, 2016, 06:43:23 PM

P.S. @ Para-Noid,
        If you fill that address out there, is not at the same time these info being harvested for ?????????.
       Something deep inside says me, that they do not run these services just because they have blue eyes
        or they are benefactors.... ;D

I seriously doubt it. LeakedSource is well known for investigating data breaches.
I found the link while reading http://www.zdnet.com/article/dailymotion-hack-exposes-millions-of-accounts/

https://www.leakedsource.com/api/   https://www.leakedsource.com/api/documentation/
https://www.leakedsource.com/main/databaselist/   https://www.leakedsource.com/blog/
Title: Re: Tests and other Media topics
Post by: digmor crusher on December 12, 2016, 08:38:12 PM
Thanks to Para-Noid for answering Pondus,

and now to something completely different, your browser leaking....

Testing for browser leaks to STUN Servers - WebRTC or via WebGL, here are best sites to test:
https://vpnreviewer.com/best-sites-check-ip-leaks-2016

enjoy,

polonus

P.S. @ Para-Noid,
        If you fill that address out there, is not at the same time these info being harvested for ?????????.
       Something deep inside says me, that they do not run these services just because they have blue eyes
        or they are benefactors.... ;D


After reading this I tried a Chrome extension called WebRTC Leak Prevent, it worked to stop any RTC leaks in Chrome according to the doileak.com website.
Title: Re: Tests and other Media topics
Post by: polonus on December 12, 2016, 10:03:23 PM
Why not have the pair WebRTC Leak Prevent and Disable WebGL.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on December 21, 2016, 11:04:43 PM
Google is developing software to test crypto:
https://github.com/google/wycheproof

For websites I always look at: https://cryptoreport.websecurity.symantec.com/checker/views/certCheck.jsp
For DROWn I look at one of these results: https://observatory.mozilla.org/
as this scan that once was here won't function: https://drownattack.com/ (taken off apparently).
so use this one: https://pentest-tools.com/network-vulnerability-scanning/drown-ssl-scanner

polonus
Title: Re: Tests and other Media topics
Post by: bob3160 on December 22, 2016, 04:55:33 PM
Google is developing software to test crypto:
https://github.com/google/wycheproof (https://github.com/google/wycheproof)

For websites I always look at: https://cryptoreport.websecurity.symantec.com/checker/views/certCheck.jsp (https://cryptoreport.websecurity.symantec.com/checker/views/certCheck.jsp)
For DROWn I look at one of these results: https://observatory.mozilla.org/ (https://observatory.mozilla.org/)
as this scan that once was here won't function: https://drownattack.com/ (https://drownattack.com/) (taken off apparently).
so use this one: https://pentest-tools.com/network-vulnerability-scanning/drown-ssl-scanner (https://pentest-tools.com/network-vulnerability-scanning/drown-ssl-scanner)

polonus
https://forum.avast.com/index.php?topic=19387.msg1355691#msg1355691
Title: Re: Tests and other Media topics
Post by: polonus on December 22, 2016, 05:45:55 PM
Thanks, bob3160, for reacting.

Have a Great Christmas ye all and stay cyber-secure!
-> https://www.youtube.com/watch?v=LNvejfhF958

Damian
Title: Re: Tests and other Media topics
Post by: polonus on December 29, 2016, 12:32:10 AM
When you run your own flaw of dhcp daemon on your windows home network, you certainly wanna know it is no sniff,
so test it here: http://files.thecybershadow.net/dhcptest/  (allowed for private and personal networks only).
Re: https://github.com/CyberShadow/dhcptest
I used Vladimir Pantileev's windows version: http://blog.thecybershadow.net/2013/01/10/dhcp-test-client/
v0.5 with a Win64 build: http://files.thecybershadow.net/dhcptest/dhcptest-0.5-win64.exe

enjoy,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on January 01, 2017, 01:55:47 AM
Firefox will get protection against font fingerprinting.

When you do not have java and silverlight plug-ins installed, you should not be too overtly afraid about uniquely being followed
via font fingerprinting.

Userts of Linux could use fluxfont: https://github.com/da2x/fluxfonts

Font fingerprinting seems obsolete, read: https://browserleaks.com/fonts
When testing I get all question marks for my browser

JS Fonts (unicode)
Fingerprint   ?
Report   ?
JS Fonts (classic)
Fingerprint   ?
Report   ?
Flash Fonts
Fingerprint   ?
Report   ?

Canvas fingerprinting I blocked via a specific extension for that.

But there are some other issues to worry about: https://amiunique.org/faq

Do not use a browser when you do not want to be traced. To-day the formula is as simple as that.

Privacy = no Internet....period.

Do you not believe us, test it out here: https://amiunique.org/fp

Another issue to get worried about in 2017 when you live inside the EU.
Read it as I am probably still allowed to use a link: https://juliareda.eu/2016/12/10-illegal-things/
Just ponder about the implecations of this not for big corporations but just for you and me,
the average user of the Interwebs.  (see attached image)

polonus
Title: Re: Tests and other Media topics
Post by: polonus on January 10, 2017, 03:55:54 PM
NoScript alerts for javascript in tor browser and  why third party tracking blocking makes browsing faster.

Here we have an alert cause by script from this tag link's javascript: -http://tags.bkrtx.com/js/bk-coretag.js
helped here: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fd1z2jf7jlzjs58.cloudfront.net%2Fp.js
for this vid link: -http://www.infoworld.com/article/2612716/hacking/video--how-to-hack-php-sites-with-sql-injection.html
opened with tor browser.

Consider: SRI rapport: https://sritest.io/#report/5f5cd7c1-40fb-4fe3-be12-735ab291c089
Insecure tracking from:
-www.googletagmanager.com
-p.typekit.net
- comScore
-jsonip.com
-shaaaaaaaaaaaaa.com
-www.infoworld.com
-fonts.staticworld.net
-a.postrelease.com
- t.zqtk.net
-i-dge.staticworld.net
-core0.staticworld.net
-tags.bkrtx.com BlueKai
- core3.staticworld.net
-trends.revcontent.com
- Parse.ly
- ak.sail-horizon.com
- pixel.staticworld.net

See: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fd1z2jf7jlzjs58.cloudfront.net%2Fp.js
and producing errors here: http://www.domxssscanner.com/scan?url=http%3A%2F%2Ftags.bkrtx.com%2Fjs%2Fbk-coretag.js  hosted via -a104-95-76-57.deploy.static.akamaitechnologies.com

This is due to BlueKai tracking, which produced an issue with ABP as it was very hard to block for ad-blockers.

These scripts come best blocked by  https://github.com/mozilla/blok
tor development should give this software a look....

The results of the tracking reprort:
url   scheme   host   path   type   query   aid   cid   date   patterns   objects   name   affilition
-http://tags.bkrtx.com/js/bk-coretag.js   -http   tags.bkrtx.com   /js/bk-coretag.js   tracker      116   31   2017-01-10 15:47:48   (stags|tags)\.bluekai\.com   -http://tags.bluekai.com   BlueKai   
-http://tags.bkrtx.com/js/bk-coretag.js   -http   tags.bkrtx.com   /js/bk-coretag.js   tracker      116   31   2017-01-10 15:47:48   bkrtx\.com\/js\/   -http://tags.bkrtx.com/js/bk-coretag.js   BlueKai   
-http://tags.bkrtx.com/js/bk-coretag.js   -http   tags.bkrtx.com   /js/bk-coretag.js   tracker      116   31   2017-01-10 15:47:48   bluekai\.com   -http://tags.bluekai.com   BlueKai   

The reach of trackers to over 21 million pages of 350,000 unique sites, so if you turn up security slider in tor-browser for this code that you'd block anyway, your browsing gets faster and you won't miss anything out.
Such tracking code could also lead to unwanted pop-ups and browser hijacker objects you'd rather like to be without.

For background reading: http://www2016.net/proceedings/proceedings/p121.pdf  (source: cliqz)

And where tracking protection created problems for firefox, especially with facebook tracking (yes facebook is a mass media tracking device) : https://bugzilla.mozilla.org/showdependencytree.cgi?id=1101005&hide_resolved=1

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on January 10, 2017, 06:54:02 PM
But be aware, my good friends, insecurity lures everywhere and could be around every corner: http://retire.insecurity.today/#!/scan/e5f3453ae57ebde51a9a0be770075324c12ec4c4820a87f55f8a1207da9c529d
and universal XSS threat for https://www.htbridge.com/websec/?id=c0eb5653d7c5b0277ef5a899beee70c79186df4e90c91de738ac9ca4e77e11e2
Not safe internal CRM website -https://gillii.torproject.org/  ( imagine with authstealer.js?).
Re: http://toolbar.netcraft.com/site_report?url=https://gillii.torproject.org

pol
Title: Re: Tests and other Media topics
Post by: polonus on January 23, 2017, 02:55:07 PM
Did you check your Content Security Policy? at https://csp-evaluator.withgoogle.com/
Even the most secure sites may have some weaknesses.
Let us look at the settings for https://observatory.mozilla.org/
Like here:
Quote
default-src 'none';
connect-src https://api.ssllabs.com https://hstspreload.org https://http-observatory.security.mozilla.org https://securityheaders.io https://tls.imirhil.fr https://tls-observatory.services.mozilla.com https://www.htbridge.com;
font-src 'self' https://fonts.gstatic.com;
frame-ancestors 'none';
img-src 'self';
script-src 'self';
style-src 'self' https://fonts.googleapis.com
Quote
content-security-policy

default-src 'none'; connect-src https://api.ssllabs.com https://hstspreload.org https://http-observatory.security.mozilla.org https://securityheaders.io https://tls.imirhil.fr https://tls-observatory.services.mozilla.com https://www.htbridge.com; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'none'; img-src 'self'; script-src 'self'; style-src 'self' https://fonts.googleapis.com, upgrade-insecure-requests; block-all-mixed-content

Possible medium security issue:
Quote
checkimg-src
expand_more
help_outlinescript-src
expand_more
help_outline'self'
'self' can be problematic if you host JSONP, Angular or user uploaded files.

checkstyle-src

Help Icon
Click the icons in the tables below for a more detailed explanation.

HTTP security headers

Name

Value

Setting secure

content-security-policy

Cache-control header not returend..
Page meta security headers not set securely.  Form autocomplete-settings: scantron-form HTML form not secure.

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on January 27, 2017, 03:36:04 PM
Some more sites to check (blocked) IP: https://www.threatminer.org/host.php?q=
And see SSL Server Security Tests at work in real time: https://www.htbridge.com/ssl/

polonus
Title: Re: Tests and other Media topics
Post by: polonus on February 02, 2017, 09:58:38 PM
It could be interesting to establish what kind of security layers have been implemented for a specific website.

This apart from how the confidentiality of a site has been guaranteed, HTTPS has been implemeted correctly.
Apart from this we always have to harden and protect servers from known server exploits, wrong security settings and
against targeted phishing and malware attacks (but we have avast there, haven't we  ;D).

We should be particularly aware of mail servers, that banners aren't speaking too loud about versions used, but pinging certain mailservers without version info will produce them anyway. So test non-invasively via banners and functional tests
for what ESMTP functions are being supported (when we find no transport encryption support this means that all will be transported in clear txt over the Internet). Some Firewalls and Outdated Security Policies will only support pure SMTP,
meaning less attack but lack of transport encryption of sorts.

Also read here: https://blog.qualys.com/ssllabs/2016/09/06/is-http-public-key-pinning-dead

What was being tested?

- Qualys SSL labs score?
- High Tech Bridge HTTPS score?
- High Tech Bridge web security score?
- HTTPS implemented?
- DNSSEC implemented?
- HTTP Strict Transport Security Policy implemented?
- Weak cyphers support?
- CSP implemented?
- Unknown jQuery security updates?
- HTTPOnly Security not being set for cookie?
- live-Twitter Javascript code?
- Google Analytics active?
- Live Google advertising?
- Live Google Javascript Code?
- Type HTTP redirect?
- Wildcard Certificate or many domain names in certificate?
- Extended Validation Certificate?
- Certificate Transparency Certificate?
- Perfect Forward Security supported?
- HSTS Preloading vulnerability?
- X-Frame Options implemented
- X-Powered by Header?
- Autocomplete set at password field (now obsolete)?
- Same Site Protection not set for cookie?
- Publication of Technical Info?
- Client-Initiated-Secure-Renegotiation supported?
- Subresource Integrety (SRI) implemented?
- TLS 1.0 supported?
- Vulnerable to BEAST attack?
- Vulnerable to DROWn attack?
- OCSP Alert Sample configured?
- Public-Key-pinning implemented? (see link, seems dead now)
- X-XSS-Protection implemented?
- X-Content-Type-Options implemented?

Scan proposal info - info credits go out to security researcher, Sijmen Ruwhof.

polonus (volunteer website security analyst and website error-hunter)


Title: Re: Tests and other Media topics
Post by: polonus on February 24, 2017, 04:46:10 PM
Were you vulnerable to Cloudbleed?

Check with this extension: https://chrome.google.com/webstore/detail/cloudbleed-bookmark-check/egoobjhmbpflgogbgbihhdeibdfnedii/related

Does a website have CloudFlare: http://www.doesitusecloudflare.com/
Then check that website's SRI hash security status here: https://sritest.io/

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on February 24, 2017, 06:59:07 PM
In my particular case checking for cloudbleed-bookmark I found:
Quote
The following bookmarked sites may have been affected by Cloudbleed:

sritest.io
securityheaders.io
codefromthe70s.org
hetrixtools.com
yehg.net
cyberwarzone.com
adguard.com
downuptime.net

polonus
Title: Re: Tests and other Media topics
Post by: polonus on February 25, 2017, 04:41:40 PM
With the above list results in mind, we can then check here: http://cloudflarelistcheck.abal.moe/
So for instance adguard.com was affected. Then also check here: https://cloudbleedcheck.com/?domain=
Constant updates of list: https://github.com/pirate/sites-using-cloudflare/blob/master/README.md

pol



Title: Re: Tests and other Media topics
Post by: polonus on March 16, 2017, 12:44:11 PM
Word Press security checks we (Eddy, others and little old me) often perform here:
https://hackertarget.com/wordpress-security-scan/

Check for retirable jQuery libraries can be performed here: retire.insecurity.today/#
Same origin sri-hash issues: https://sritest.io/#
Additionally perform a scan here: https://sitecheck.sucuri.net/
and here: http://www.domxssscanner.com/scan?url=
Also test here for DNS issues and whether (hosting) name server versions are being exposed:
http://www.dnsinspect.com/
Get the test status results here: https://observatory.mozilla.org/
and here for cert issues: cryptoreport.websecurity.symantec.com

When we have all these third party combined test results we can start to secure the website built with Word Press as a CMS. First we start to mitigate the threats detected and then harden the system.

Mind you most important are your data. This should be cared for like good ripening wine.  ;)
An application can be easily be rebuilt any time, so consider application restore to the  freshness of fish,
fish should always be red at the gills. ;)  Update and patch, folks, always and continuously!

Even WordPress security suggestion sites could be suspicious like: -https://yoast.com/wordpress-security/

In a following posting I will suggest some steps you can take to better secure your Word Press website
and to harden it against abuse.

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: bob3160 on March 16, 2017, 02:19:39 PM
(http://screencast-o-matic.com/screenshots/u/Lh/1489670337099-76511.png)
https://bob3160.wordpress.com/
Title: Re: Tests and other Media topics
Post by: polonus on March 16, 2017, 10:51:37 PM
German government officials warn against 20.000 vulnerable cloud environments

Check your cloud environment with that vulnerable software here:

https://scan.owncloud.com/ 

and here:

https://scan.nextcloud.com/

See this would be followed up and you could end such problems for the future:
https://en.wikipedia.org/wiki/General_Data_Protection_Regulation#Sanctions

Those that endanger the data of users, should be presented with a bill for the inconveniece
and not put up the social community with their costs and losses,
and keep all the profits to themselves.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on March 17, 2017, 01:17:08 PM
WordPress hardening - About username & password.

A nice tool for creating safer passwords for your WordPress CMS re: https://tools.arantius.com/password
and this one: https://strongpasswordgenerator.com/
and additionally this generator: https://www.random.org/strings/

A bad username/password combination is insecure. Do not use admin (make a new account named administrator) and passwords that can be revealed through brute forcing. Use a random name for your user base.
Never use the name of the website, use capitals, small characters, numbers and special characters.
Remember you could use spaces in between with password, so create a password sentence, like
"1 c@n M8K3  ^ l33t pa$$w0Rd".

Installatron is a good tool to create a random username and password. Change your password often, make it good, secure and random. Your users should do like wise, use Norton Password Generator or Strong Password Generator: https://identitysafe.norton.com/password-generator/

 User Enumeration is not available
It was not possible to easily enumerate usernames from the user ID's. This is a good thing, as it can add difficulty to brute force password attacks if the username is not able to be determined.

It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

Only the first two user ID's were tested with this scan, use the Nmap NSE enumeration scripts (use your own Nmap installation or try the adanced membership option ) to discover additional user ID's.

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on March 17, 2017, 06:54:06 PM
Test your ssl connection in your browser here: https://badssl.com/
Also test here: https://testsafebrowsing.appspot.com/
Tested for a phish and got it right: http://testsafebrowsing.appspot.com/s/phishing.html
or http://testsafebrowsing.appspot.com/s/notif_pageload.html
Connection insecure: https://subdomain.preloaded-hsts.badssl.com/
Example: -http://www.degoudsbloem.nl/
Finally tested here: https://www.htbridge.com/ssl/?id=f00c790aaf4381d4ad23234e3f70e9768f10fe8b003aee51b3980ed88043b72d

polonus
Title: Re: Tests and other Media topics
Post by: polonus on March 20, 2017, 10:44:35 PM
@ the browser users here...

Test your browser's SSL-configuration.

Here: https://www.ssllabs.com/ssltest/viewMyClient.html
and
https://badssl.com/dashboard/  part of https://badssl.com/
and'
https://www.howsmyssl.com/
and
https://geekflare.com/ssl-test-certificate/  (with ten various SSL testing tools).

enjoy, my good avast friends, enjoy,

polonus

P.S. How the code is being maintained and updated (upgraded): https://github.com/chromium/badssl.com
Title: Re: Tests and other Media topics
Post by: Ciri on March 25, 2017, 06:11:24 PM
Hi there!
I'm a developer and we are having some issues with avast and karspersky at www.langademy.com
We use webrtc to make video calls. Many users are having issues when they make webrtc calls because the AV blocks the webrtc resources on the navigator( at least in Chrome). Any idea of why is this happening?  :'(
Title: Re: Tests and other Media topics
Post by: Asyn on March 25, 2017, 06:31:19 PM
Hi there!
I'm a developer and we are having some issues with avast and karspersky at www.langademy.com
We use webrtc to make video calls. Many users are having issues when they make webrtc calls because the AV blocks the webrtc resources on the navigator( at least in Chrome). Any idea of why is this happening?  :'(
Start a new topic in V&W: https://forum.avast.com/index.php?action=post;board=4
Title: Re: Tests and other Media topics
Post by: mchain on March 25, 2017, 06:37:40 PM
https://www.quttera.com/detailed_report/www.langademy.com (https://www.quttera.com/detailed_report/www.langademy.com)
Title: Re: Tests and other Media topics
Post by: polonus on March 26, 2017, 07:37:49 PM
Advertised as Circumventing the Ghost Ban problem with this Uncensored Anonymous Search Page.
Takes you to a page that cannot be opened in https! Is not this any longer serviced by GoDaddy
and could it be this http searchsite keep track of those that search for alternative content and just adding to the Ghost Ban/Alternative News/FakeNews/Mainline News Controversy?????????

Re: -http://gibiru.com/

I would shun such a site nor bookmark it. Do we have similar problems here?: http://www.hongkiat.com/blog/private-search-engines/

polonus


Title: Re: Tests and other Media topics
Post by: polonus on April 12, 2017, 05:58:01 PM
In the light of the thousands of hacked WordPress websites, scan if your router is vulnerable here:

https://www.wordfence.com/blog/2017/04/check-your-router/#

Background read: https://www.wordfence.com/blog/2017/04/home-routers-attacking-wordpress/

polonus (volunteer website security analyst and website errror-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on April 12, 2017, 10:40:53 PM
Now when you tested and found it to be open, when your ISP provider does that, it is also their responsibility when you get hacked by Mirai botnet for example. Such IT spooks have all sorts of excuses.

Re: https://arstechnica.com/security/2016/11/notorious-iot-botnets-weaponize-new-flaw-found-in-millions-of-home-routers/ 

They know about this hole since 2014 and if they continue to leave it open it could be both sloppy IT managment and also gross negligence when the flaw is being abused.

The port is used for remote management by the provider. Test again here: https://www.grc.com/x/ne.dll?bh0bkyd2

Read: https://arstechnica.com/security/2016/11/notorious-iot-botnets-weaponize-new-flaw-found-in-millions-of-home-routers/

So when your provider leaves it open they want to remotely mess with your router settings. That is nasty. It is you that should do the router settings, at least that is what we think in Europe, it may be quite another story in the U.S. of A.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on April 15, 2017, 01:26:26 PM
Following Breaking News.

How to protect your firefox browser against  Unicode Phishing Attack?

With the firefox browser one could use the following work-around:
Quote
Open Firefox:

1. Enter the following txt into the address bar of firefox about:config
2. Read the alert and then proceed further.
3. Enter this txt  in into the address bar: punycode
4. You will now see this apear: network.IDN_show_punycode
5. Double click this item will make false change into true.
6. Close the tab page.   

Info credits go to:  Dongel

polonus
Title: Re: Tests and other Media topics
Post by: DavidR on April 15, 2017, 02:27:59 PM
Following Breaking News.

How to protect your firefox browser against  Unicode Phishing Attack?

With the firefox browser one could use the following work-around:
Quote
Open Firefox:

1. Enter the following txt into the address bar of firefox about:config
2. Read the alert and then proceed further.
3. Enter this txt  in into the address bar: punycode
4. You will now see this apear: network.IDN_show_punycode
5. Double click this item will make false change into true.
6. Close the tab page.   

Info credits go to:  Dongel

polonus

For me, having to edit the about:config for most people is a step to far as you would have to edit for individual issues.

Phishing in itself has to be covered through security based add-ons (or the browser itself), the likes of NoScript, RequestPolicy, etc. Not to mention Avast or other anti-virus.
Title: Re: Tests and other Media topics
Post by: polonus on April 16, 2017, 05:03:10 PM
Take the browser can identify you by the adblocker you use test.

Do it here: https://extensions.inrialpes.fr/

Detected extensions were trafficlight and adguard adblocker.

polonus
Title: Re: Tests and other Media topics
Post by: mchain on April 18, 2017, 03:42:35 AM
Take the browser can identify you by the adblocker you use test.

Do it here: https://extensions.inrialpes.fr/

Detected extensions were trafficlight and adguard adblocker.

polonus
Thanks Pol,

You got me testing a few setups and one in particular seemed to work well:  Opera in VPN Private mode.
Title: Re: Tests and other Media topics
Post by: polonus on April 25, 2017, 03:12:47 PM
Privacy-OS Tails 2.0 script with an excellent regular expression

Quote
: new RegExp('^(http|https):\/\/[a-z0-9\-_]+(\.[a-z0-9\-_]+)+([a-z0-9\-_\.,@\?^=%&;:/~\+#]*[a-z0-9\-\_#@\?^=%&;/~\+])?$', 'i');

Almost  perfect Rubular regular expression - emails are secure that way. Excellent, 99,9% secure.

Where in the code we detect this one: https://tails.boum.org/lib/js/mirror-dispatcher.js

Online tester here: https://regex101.com/

polonus
Title: Re: Tests and other Media topics
Post by: polonus on April 30, 2017, 12:51:28 AM
How to stop this spy inside your browser.

Read about how font tracking with fonts.googleapis.com for instance is spying on you from inside the browser: http://fontfeed.com/archives/google-webfonts-the-spy-inside/

A great extension for those with relevant knowledge as to know how to toggle it, e.g. what to block and what to allow or add is:
Negotiator: https://chrome.google.com/webstore/detail/negotiator/lfopjlendebbnfddpgpoaahmpbgmffii

Just clicking and you see what's tracking you from where to where and how to block it eventually.
Consider what third party tracking you wanna block (somewhat like with Ghostery or Disconnect) or what you wanna allow,
considering the amount of functionality needed to do on the webpage what you plan to do, and whether you trust that
connection. So this is for advanced user, that knows what goes on beneath the hood of their browser of choice.

It reminds me much of Request Policy add-on for/in firefox and it is a great companion alongside uBlock and uMatrix extensions.
I'am quite charmed about the outlay, rather versatile little extension, folks.

polonus (volunteer website security analyst and website error hunter)
Title: Re: Tests and other Media topics
Post by: DavidR on April 30, 2017, 01:45:27 AM
How to stop this spy inside your browser.

Read about how font tracking with fonts.googleapis.com for instance is spying on you from inside the browser: http://fontfeed.com/archives/google-webfonts-the-spy-inside/

A great extension for those with relevant knowledge as to know how to toggle it, e.g. what to block and what to allow or add is:
Negotiator: https://chrome.google.com/webstore/detail/negotiator/lfopjlendebbnfddpgpoaahmpbgmffii
<snip>
polonus (volunteer website security analyst and website error hunter)

That is somewhat devious, what most would consider innocuous 'fonts.googleapis.com' like it was just using a font repository for a better range of founts on the website, very sneaky.
Title: Re: Tests and other Media topics
Post by: Lisandro on April 30, 2017, 10:49:44 PM
A great extension for those with relevant knowledge as to know how to toggle it, e.g. what to block and what to allow or add is:
Negotiator: https://chrome.google.com/webstore/detail/negotiator/lfopjlendebbnfddpgpoaahmpbgmffii
You're right: "for those with relevant knowledge" but also "with time to invest"... uBlock is doing part of that, but automatically...
Title: Re: Tests and other Media topics
Post by: DavidR on April 30, 2017, 11:20:01 PM
A great extension for those with relevant knowledge as to know how to toggle it, e.g. what to block and what to allow or add is:
Negotiator: https://chrome.google.com/webstore/detail/negotiator/lfopjlendebbnfddpgpoaahmpbgmffii
You're right: "for those with relevant knowledge" but also "with time to invest"... uBlock is doing part of that, but automatically...

I think that the RequestPolicy firefox add-on would probably cover most of this (if trying to block fonts.googleapis.com) and would appear to be less complex for the user.
Title: Re: Tests and other Media topics
Post by: mchain on May 16, 2017, 08:52:19 AM
Was working on another topic and came across this: 
http://securitypreview.zscaler.com/?utm_source=web-sticky-cta (http://securitypreview.zscaler.com/?utm_source=web-sticky-cta)

Take the test and see how you do.
Title: Re: Tests and other Media topics
Post by: digmor crusher on May 16, 2017, 07:08:24 PM
Well I tried this, got an F, pretty much failed everything.

I am running through a router with a firewall, Windows firewall, Emsisoft Anti Malware, MBAM (real time), Voodoo Shield, Ublock Origin, and block 3rd party cookies in Chrome.

So I think this test is a crock. How would anyone even pass these tests?
Title: Re: Tests and other Media topics
Post by: bob3160 on May 16, 2017, 08:23:21 PM
Well I tried this, got an F, pretty much failed everything.

I am running through a router with a firewall, Windows firewall, Emsisoft Anti Malware, MBAM (real time), Voodoo Shield, Ublock Origin, and block 3rd party cookies in Chrome.

So I think this test is a crock. How would anyone even pass these tests?
Purchase and install their product. :)
Title: Re: Tests and other Media topics
Post by: DavidR on May 16, 2017, 08:32:21 PM
Well I tried this, got an F, pretty much failed everything.

I am running through a router with a firewall, Windows firewall, Emsisoft Anti Malware, MBAM (real time), Voodoo Shield, Ublock Origin, and block 3rd party cookies in Chrome.

So I think this test is a crock. How would anyone even pass these tests?

I rarely if ever take these tests as to be able to even take the test, I would effectively have to drop my defences to be able to take the test and for me that is madness.

With just one level of defence in my browser,  Firefox with NoScript, RequestPolicy, uBlock Origin, CookieMonster, firefox with 3rd party cookies blocked, etc. etc. Zscaler is left spinning its wheels with nothing able to load, so no test or result. For me that is 100%
Title: Re: Tests and other Media topics
Post by: -midnight on May 16, 2017, 09:54:06 PM
I took the test and got this popup with sound.
Title: Re: Tests and other Media topics
Post by: polonus on May 16, 2017, 10:08:47 PM
That is a good result, dear -midnight, it means the general testfile to see whether you av functions OK gives the right OK result.
Eicar is harmless, just to test whether your AV alerts where it should. Reason to be glad and satisfied.

polonus
Title: Re: Tests and other Media topics
Post by: mchain on May 18, 2017, 01:45:06 AM
Eicar Test is testing your WebShield blocking.  It works it would appear.

Point of the test is to point out how much further a consumer would have to go to button down their system to be similar to a corporate system; DavidR's system setup apparently will not even let the scripts involved run on his system, so he is good to go.  I'd say he was protected.
Title: Re: Tests and other Media topics
Post by: polonus on May 27, 2017, 05:02:21 PM
Antispam, feeding spammer with some anti spam to bite their teeth on: http://www.auditmypc.com/freescan/antispam.html

Another way to perform anti-spam: http://www.grall.name/posts/1/antiSpam-emailAddressObfuscation.html

URL decoder/encode: http://www.grall.name/posts/1/antiSpam-emailAddressObfuscation.html
& http://www.url-encode-decode.com/  &   https://2cyr.com/decode/

polonus
Title: Re: Tests and other Media topics
Post by: polonus on May 27, 2017, 05:41:49 PM
See what is going on via this Threat Map: https://threatmap.fortiguard.com/
Maybe you see this: http://fortiguard.com/encyclopedia/ips/44037

Another one: http://map.norsecorp.com/

polonus
Title: Re: Tests and other Media topics
Post by: bob3160 on May 27, 2017, 05:59:44 PM
Your fortiguard link isn't working.
Title: Re: Tests and other Media topics
Post by: DavidR on May 27, 2017, 06:23:28 PM
See what is going on via this Threat Map: https://threatmap.fortiguard.com/
Maybe you see this: http://fortiguard.com/encyclopedia/ips/44037


Your fortiguard link isn't working.

Which one/s ?
I have been able to connect to all three links.
Title: Re: Tests and other Media topics
Post by: bob3160 on May 27, 2017, 07:16:27 PM
link ending in 44037
Title: Re: Tests and other Media topics
Post by: mchain on May 27, 2017, 07:21:10 PM
link ending in 44037
It's reachable for me.  See <snip> below:
Title: Re: Tests and other Media topics
Post by: bob3160 on May 27, 2017, 07:27:34 PM
link ending in 44037
It's reachable for me.  See <snip> below:
(http://screencast-o-matic.com/screenshots/u/Lh/1495906032757-72627.png)
Title: Re: Tests and other Media topics
Post by: Gopher John on May 27, 2017, 09:22:22 PM
No problems here for that link.
Title: Re: Tests and other Media topics
Post by: polonus on May 30, 2017, 11:05:39 AM
Oh those poor amateur PHP programmers: https://cdn.sstatic.net/insights/Img/Survey/2017/SalaryAndExperienceByLanguage.svg

Get a boost from javascript and study ethical hacking (pen-testing).

Not for me as a volunteer, but I won't complain.

polonus
Title: Re: Tests and other Media topics
Post by: DavidR on May 30, 2017, 11:24:40 AM
Oh those poor amateur PHP programmers: https://cdn.sstatic.net/insights/Img/Survey/2017/SalaryAndExperienceByLanguage.svg
<snip>
polonus

Wow, that was a trip down memory lane, some languages that I would have thought would have died by now. Possibly an indication of the number of years experience of the respondents, old languages, old programmers ;D

SQL - Ahh, whilst my last 4.5 years in the services we were on a number of projects that were using Oracle Forms that used SQL within that. With some of those old languages, I was surprised not to see COBOL still listed. I had a hard time on my COBOL course (3 weeks) with tables.
Title: Re: Tests and other Media topics
Post by: polonus on June 16, 2017, 07:36:09 PM
Create a list for your AS with Filter List Generator: https://www.dan.me.uk/filtergen

enjoy, also the other tools on that website.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on June 17, 2017, 09:56:35 PM
Do a IPv6 Leak Test: http://ipv6leak.com/
Also enjoy the other tests here: http://routersecurity.org/testrouter.php

polonus
Title: Re: Tests and other Media topics
Post by: polonus on June 21, 2017, 12:08:59 AM
Last 10 internal IPs you used, do the ring familiarity, test here: http://www.auditmypc.com/internal-ip-address.asp

polonus

Title: Re: Tests and other Media topics
Post by: vamert on June 21, 2017, 10:21:00 AM
Hi DavidR,

Agree with you and bob3160 here, https only or http nowhere are inferior solutions as we compare this to the combination of the no script and request policy extension, where we still have the complete avast! Shields protection against http malcoded content ((obfuscated) malscripts, malicious iFrames and various malicious redirects, backlinks to drive-by-malware). Additionally users have google safebrowsing, pre-scanning guidance, so in order to get infested you have to ignore warnings and this could be qualified as "unwise" user intervention. Https only and http nowhere extensions never helped against the PEBKAC problem as the main cause of malcode getting onto computers and peripherals,

polonus

I see some website they are both using https but some https having an exclamatory beside it and other https havent and green in color. What the different them, I read lots from internet that https is secure but why those two https are different.
Title: Re: Tests and other Media topics
Post by: DavidR on June 21, 2017, 11:01:59 AM
Generally the exclamation point is indicating mixed content on what is an https connection, e.g. they import content from an http source. Green would be confirming the https connection is all secure content.
Title: Re: Tests and other Media topics
Post by: polonus on June 21, 2017, 02:13:55 PM
Hi Vamert,

Many people think that  http.. versus https... will say something about the actual security of a particular website.
That is an often found misconception. Http or https only say something about a more secure connection between client and (web)server.

So in that sense the https-everywhere mission led by Google and EFF are in a sense more of a cosmetic nature and a lot of folks therefore misinterprete what the green padlock stands for. It may just say your connection does not let your accountname and password go as plain txt over the wires. Often we need more like sri-hashes generated especially for external links for google analytics etc, so the same origin protocol is being upheld, protecting from code injection to make the actual website more secure, as with security headers, etc. etc.

There are still loads of websites with problems not directing to https-everywhere or the implementation of https-only.

polonus (volunteer website security analyst and website error-hunter)

Title: Re: Tests and other Media topics
Post by: polonus on July 01, 2017, 10:13:29 PM
Mozilla on the success of the Https-Everywhere campaign: https://blog.mozilla.org/security/2017/06/28/analysis-alexa-top-1m-sites/

HTTPS:// of course an important security measure to be taken to safeguard a secure connection.

Still the https-everywhere project will be more of a cosmetical means to an end than anything else.
Also things may go drastically wrong, when automatic re-directs from http:/ to https:// fail.

Look where a lot of other issues are being found up to be insecure, despite https-everywhere: https://www.eff.org/https-everywhere/atlas/

Example for a site that comes "disabled by default": https://www.eff.org/https-everywhere/atlas/domains/openstreetmap.org.html

Secure and safe connections may be safeguarded, just like at home when the curtains are closed,
but what insecurity goes on behind closed curtains is a guess, and that insecurity should worry us to a greater extent.

A green padlock to rock us asleep. Behind that could come insecure cloud services,
a free account with a sub-domain soon no longer to be ours (afraid dot org for example).

And where website security is concerned we meet with quite some issues. The attached image speaks for itself.

We'd better educate those m- & p-developers to turn them into 'security savvy' coder pack,
and then all the other folks that work with website building and maintaining websites secure.

But one way or another these aims are always being grandly frustrated by those,
who have other importsant interests in keeping things as they are,
so the infrastructure stays insecure or becoming more insecure even so.

Excessive server info proliferatie for insecure nameservers. An immense problem in the linux infrastructure.
Some insecure servers lower down in the network could infest all of the rest, like with Poodle etc.

For aspx sites perform a scan an asafweb scan , do a little query on shodan or perform a dazzlepod ip scan.

What to do about malicious evil DNS? Re: https://www.theregister.co.uk/2016/02/16/glibc_linux_dns_vulernability/
Random example here: http://www.dnsinspect.com/ns1.com/10056192

What to do about insecure CMS like Joomla or WordPress like with this scanner? -
hackertarget.com/wordpress-security-scan/
with a random example: https://www.magereport.com/scan/?s=https://hacmint.com/

What to do about retirable jScript libraries? See: http://www.dnsinspect.com/ns1.com/10056192

What to do and how to generate when we find missing hashes here?: https://sritest.io/
or a bad status here: https://observatory.mozilla.org/

Also import the sources & sinks, we could stumble upon while scanning here: http://www.domxssscanner.com/

It seems it is overwhelming, that is why latest targeted cyberwar attacks were such a success or rather catastrophical.

When we gonna see a change for the better, will we ever live to see this?

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on July 02, 2017, 05:01:14 PM
Well to explain the point it the previous posting: https://blog.sucuri.net/2017/06/sql-injection-vulnerability-wp-statistics.html

Word Press as a CMS stays a problem-factory, scan here: hackertarget.com/wordpress-security-scan/

For sgl injection vuln.: www.domxssscanner.com

greets,

pol
Title: Re: Tests and other Media topics
Post by: polonus on July 04, 2017, 04:50:15 PM
Into CSS and source mapping. Nice resources here for ye all:
https://www.thecssninja.com/demo/source_mapping/

Also nice to use: https://www.w3schools.com/tags/tryit.asp?filename=tryhtml5_input_type_hidden
Could lead to flags for cloaking in the is it hacked scan (alert cloaking is when Googlebot has a difference in bytes shown to Google's).

enjoy, my good friends, enjoy,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on July 11, 2017, 10:05:32 AM
New technology to restore trusting your documents:

https://proofofexistence.com/

Newest online bitcoin blockchain technology to handle your docs integrity,
amidst situations where your trust in certain services comes cheap,
where you have to find your way amidst Big Media Fake News and Social Media Censorship,
where you may not longer come to trust your own gubberment etc.

Now you have to fence for yourselves, folks, as you always had to.

Enjoy,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on August 11, 2017, 12:30:17 PM
A nice liitle proggie: https://blog.didierstevens.com/programs/usbvirusscan/
Read also: http://geeknizer.com/top-usb-hacks-pwn/ 2015

polonus
Title: Re: Tests and other Media topics
Post by: polonus on August 12, 2017, 06:49:53 PM
Why uBlock Origin now has a new companion extension named uBlock Origin Extra?
Read: https://www.theregister.co.uk/2017/08/11/ad_blocker_bypass_code/
and https://github.com/gorhill/uBO-Extra
Get it here: https://chrome.google.com/webstore/detail/ublock-origin-extra/pgdnlhfefecpicbbihgmbmffkjpaplco/related

enjoy,

pol
Title: Re: Tests and other Media topics
Post by: Asyn on August 12, 2017, 06:54:34 PM
Hi Pol, some valuable info, thanks a lot..!! :)
Title: Re: Tests and other Media topics
Post by: DavidR on August 12, 2017, 07:25:53 PM
Why uBlock Origin now has a new companion extension named uBlock Origin Extra?
Read: https://www.theregister.co.uk/2017/08/11/ad_blocker_bypass_code/
and https://github.com/gorhill/uBO-Extra
Get it here: https://chrome.google.com/webstore/detail/ublock-origin-extra/pgdnlhfefecpicbbihgmbmffkjpaplco/related

enjoy,

pol

I'm starting to find uBlock Origin bit of a pain in the backside.

I'm continually having to switch it off as it is blocking things that I feel are too aggressive. Even trying to exclude those sites doesn't seem to resolve the problem as it would appear that the exclusion is only for originating site (image1 & image3). 

It is nowhere near flexible enough, I would like to see it closer to Request policy that allows connections from a site to 3rd party connections and not exclude it for every site (image2).  So I'm honestly considering binning it and not adding additional functionality.
Title: Re: Tests and other Media topics
Post by: bob3160 on August 12, 2017, 07:54:08 PM
Sometimes (IMHO) the cure is worse than the disease. :)
Title: Re: Tests and other Media topics
Post by: DavidR on August 12, 2017, 08:17:57 PM
Sometimes (IMHO) the cure is worse than the disease. :)

This could be the case for some. AdBlockPlus wasn't bad, quite flexible, but then it shot itself in the foot with trust worthy issues.
Title: Re: Tests and other Media topics
Post by: bob3160 on August 12, 2017, 08:20:54 PM
I right now am putting up with extra adds,
One program is too aggressive and not really adjustable.
The other lost it's trust and it will be a long road back towards again earning it.
Title: Re: Tests and other Media topics
Post by: Asyn on August 12, 2017, 08:29:37 PM
I'm starting to find uBlock Origin bit of a pain in the backside.

I'm continually having to switch it off as it is blocking things that I feel are too aggressive. Even trying to exclude those sites doesn't seem to resolve the problem as it would appear that the exclusion is only for originating site (image1 & image3). 

It is nowhere near flexible enough, I would like to see it closer to Request policy that allows connections from a site to 3rd party connections and not exclude it for every site (image2).  So I'm honestly considering binning it and not adding additional functionality.
Hi Dave, uBO is highly flexible and adjustable, guess you didn't dig deep enough yet.
Anyway, I don't want to drag this thread OT, so if you want/need help let me/us know...
Title: Re: Tests and other Media topics
Post by: polonus on August 14, 2017, 01:42:00 PM
DNS CAA should be implemented now during September. It is a kind of genuine administrative control whether the domain name is in the DNS record. More vague then HPKP testing for browsers where it checked against whitelisted public keys.

In case of DNS CAA with all the different CA's the check is not often well performed and alo often social engineering sensitive.

Check: https://caatest.co.uk/vendercartoabom.com.br where we could not find any - hostname does not match certificate for this PHISHING site, certificate not correctly been installed with Hostgator Wildcard - Comodo. (carding abuse?).

How to generate CAA records: https://sslmate.com/labs/caa/

Testing: https://www.ssllabs.com/ssltest/  also compare to cryptoreport.websecurity.symantec.com/checker/
and https://observatory.mozilla.org/  and http://www.dnsinspect.com/

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on August 15, 2017, 10:57:08 PM
Check your old add-ons for compatibility: https://addons.mozilla.org/en-US/firefox/addon/add-on-compatibility-reporter/

Read about the profile clash to come: https://github.com/Aris-t2/ClassicThemeRestorer/issues/299

pol
Title: Re: Tests and other Media topics
Post by: DavidR on August 16, 2017, 12:00:01 AM
Check your old add-ons for compatibility: https://addons.mozilla.org/en-US/firefox/addon/add-on-compatibility-reporter/
<snip>

Ha, these are going to be pretty redundant in three months as support for Legacy updates will end. It is said that 80% of the add-ons on the Mozilla add-ons are still Legacy add-ons.

But you don't need the add-on-compatibility-reporter, simply going to the firefox add-ons section in the browser as all Legacy add-ons are already flagged as such.  Only one of my add-ons isn't Legacy.
Title: Re: Tests and other Media topics
Post by: bob3160 on August 16, 2017, 12:21:45 AM
(http://screencast-o-matic.com/screenshots/u/Lh/1502835654354-43451.png)
Looks like
Avast Online Security needs some work.
Title: Re: Tests and other Media topics
Post by: polonus on August 20, 2017, 12:55:01 PM
Why polonus is scanning what he is scanning and reporting what he is reporting for instance in the "virus and worms"?
All of it in vain? Some here pay attention, although as a rule it goes by greatly unnoticed....
(No I do not mean you, Eddy, no I do not mean you Pondus and others).

Nobody gives a hoot what you detect...
Read here why...https://medium.com/@homakov/why-it-sucks-to-be-a-security-researcher-8a1d17fbffe8

link info credits go to Egor Homakov

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on August 24, 2017, 07:51:08 PM
protection against clickjacking

In the document HEAD element, add the following
Code: [Select]
<style id="antiClickjack">body{display:none !important;}</style>

<script type="text/javascript">
   if (self === top) {
       var antiClickjack = document.getElementById("antiClickjack");
       antiClickjack.parentNode.removeChild(antiClickjack);
   } else {
       top.location = self.location;
   }
</script>
info credits go to StackOverflow's Prabin Tp

Check for clickjacking with https://asafaweb.com/  &  https://www.owasp.org/index.php/Testing_for_Clickjacking_(OTG-CLIENT-009)
like
Code: [Select]
<html>
   <head>
     <title>Clickjack test page</title>
   </head>
   <body>
     <p>Website is vulnerable to clickjacking!</p>
     <iframe src="http://www.target.site" width="500" height="500"></iframe>
   </body>
</html>
Protection for client users: https://www.lifewire.com/how-to-protect-yourself-from-clickjacking-attacks-2487178

polonus
Title: Re: Tests and other Media topics
Post by: polonus on August 24, 2017, 10:04:13 PM
With Mozilla now more and more going the Google Chrome monopoly way.
What is your experience with the following browser?

https://cliqz.com/en/

I see the old firefox mssion fans now turn to Palemoon or Opera. On Android we have Brave.

Will all browsers be "just another browser" soon or will there still be an escape for those,
 that want to avoid crap, scam, spam, mal-ads, tracking and other forms of extensive profiling?

The more you protect the more you stand out to these evil forces that invade your devices.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on August 25, 2017, 06:57:58 PM
Google opens up somewhat more on Titan:

Discussion on it here: https://news.ycombinator.com/item?id=15093129
and
https://www.blackhat.com/us-17/briefings/schedule/#firmware-is-the-new-black---analyzing-past-three-years-of-biosuefi-security-vulnerabilities-6924

Probably their management controller was not secure enough, and now they will protect every byte of their propriety code the hard-coded way, so even those with access to it cannot manipulate, so Google may lead and calls the shots always.
Only hope is that every one of these self-made security chips with TMP and secure boot will follow the original blue-print  :D

polonus
Title: Re: Tests and other Media topics
Post by: polonus on August 26, 2017, 11:53:07 AM
Titan security goes deep. While it even goes deeper than TPM and secure boot.
Doing somewhat more than standard iLO/Drac/BMC are capable of.
So it is additional or rather better.

Reverse engineering this is possible but comes at a price, as Google is google.
Reverse engineering chips can be done and is not outside the capabilities of NSA for instance.
Read: https://www.blackhat.com/docs/us-15/materials/us-15-Thomas-Advanced-IC-Reverse-Engineering-Techniques-In-Depth-Analysis-Of-A-Modern-Smart-Card.pdf
But it certainly is easier when you know all of the masterset and know the design as the innerlining of your pocket,
than when you have to start from scratch with functions of a to that time unknown chip.

So even Google staff with access would have a hard time doing this and it is outside the scope of the normal user/hacker/entity.

Now we can come to understand why Mainland China ousted Google from their infrastructure.
On the other hand we come to understand that for getting some form of high trust security, the going gets narrow and narrower still.
We also have to reckon the larger developer community that does not know about proper security. It is just an inner circle of specially trained TEchnical IT, that knows all the ins and outs or are specially trained for a particular security aspect.

Anyway the coming of the Titan chip tells us that security on the common infrastructure cannot be (fully) trusted.
So when it just says "google" on a container of hardware, it just cannot be trusted,
while the mobo of Johnny's weblike shop could be.

This is one side of the fascistoid Big Big Commerce times we live in, it is Alice in Wonderland revamped over and over,
and while you think you are secure and inside a trusted environment, it asks you to think hard again.

polonus (volunteer website security analyst and website error-hunter)


Title: Re: Tests and other Media topics
Post by: polonus on August 27, 2017, 03:34:22 PM
Adblocking basically do not exist on android.
Read: https://www.theregister.co.uk/2017/08/25/ad_blocking_doesnt_exist_on_mobile/

I use Brave and Disconnect Search and Avast Mobile solutions a great trio.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on August 31, 2017, 05:15:51 PM
The newer alternative to Duckduckgo DeepSearch coming:

https://deepsearch.tsignal.io/

But for real search results you cannot go without goggle: https://arstechnica.com/information-technology/2017/02/new-aslr-busting-javascript-is-about-to-make-drive-by-exploits-much-nastier/  and then  https://boingboing.net/2017/02/15/researchers-show-they-can-beat.html  and   https://www.vusec.net/projects/anc/

polonus
Title: Re: Tests and other Media topics
Post by: polonus on September 02, 2017, 08:27:01 PM
Some website security scan proposals:

Test your website whether it has last best policy website security.
Score in procents.  Scan here example : https://en.internet.nl/domain/www.minbermedia.kz/91228/   
a low grade staus 35% website.

Additional DNS scans: https://frag.co.uk/tools/?page=source&host=www2.eu
and http://dnscheck.pingdom.com/?domain=

Word Press resources -> PHP Cross Reference of WordPress Trunk
-> https://wpseek.com/source/wp/latest/nav.html?wp-content/themes/twentyfourteen/functions.php.source.html

then check at: https://hackertarget.com/wordpress-security-scan/

and check later for retirable jQuery code with http://retire.insecurity.today/

finally here: https://observatory.mozilla.org/

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on September 04, 2017, 12:25:43 PM
WODC of the Technical University Delft in The Netherlands comes up with
a new methodology to classify threat actors,
based on the motives of such cyberacors.

Cyber researchers are also classified, but as non-actors, not posing a threat.

See added typology...

polonus (volunteer website security analyst and website error-hunter)  (no-actor)
Title: Re: Tests and other Media topics
Post by: polonus on September 05, 2017, 06:58:40 PM
Test website for SSL and the use of latest security techniques:

Re: http://toolbar.netcraft.com/site_report?url=https://voordebuurt.nl
21%  https://en.internet.nl/domain/voordebuurt.nl/92003/

check on certification: https://cryptoreport.websecurity.symantec.com/checker/  &   https://www.digicert.com/help/

See complete results: https://observatory.mozilla.org/analyze.html?host=voordebuurt.nl#third

sub-results: https://www.htbridge.com/ssl/?id=rU3dptL3  &   https://hstspreload.org/?domain=voordebuurt.nl  (failed here)...

polonus
Title: Re: Tests and other Media topics
Post by: polonus on September 06, 2017, 09:57:06 PM
Ransomeware IP trackers:

https://ransomwaretracker.abuse.ch/tracker/

http://vxvault.net/ViriList.php?IP=207.58.143.135

https://www.scumware.org/report/207.58.143.135.html

https://tracker.h3x.eu/download/400  re: https://tracker.h3x.eu/about/400  (with more public tracker lists)

https://github.com/firehol/blocklist-ipsets/blob/master/hphosts_emd.ipset

http://6ca08333.fingerprinted.domains/


enjoy, my good friends, enjoy,


polonus (volunteer website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on September 17, 2017, 02:13:40 PM
Various best known URL Scan Resources:

Google Safe Browsing Diagnostic   See malware diagnostics: https://transparencyreport.google.com/safe-browsing/search#url=
McAfee Threat Intelligence   Instant lookup http://www.mcafee.com/threat-intelligence/domain/?domain=
McAfee SiteAdvisor   Instant lookup http://www.siteadvisor.com/sites/
Norton Safe Web   Instant lookup https://safeweb.norton.com/report/show?url=
AVG ThreatLabs   Instant lookup http://www.avgthreatlabs.com/sitereports/domain/
SpamHaus Domain Block List   Instant lookup https://www.spamhaus.org/query/dbl?domain=
Web of Trust (WOT)   Instant reputation lookup https://www.mywot.com/en/scorecard/freeflightoffers.com 
(WOT scan resource lost trust once)
Alexa   Website ranking/statistics http://www.alexa.com/siteinfo/
DomainTools   Review domain Whois data http://whois.domaintools.com/ (validation required)
Recommended SecureBrain Gred   Real-time URL/links scan http://check.gred.jp/?url=
Unmask Parasites   Real-time URL quick scan http://www.unmaskparasites.com/security-report/?page=
VirusTotal   Lookup website risk https://www.virustotal.com/en/#url
F-Secure Browsing Protection Lookup website risk    https://www.f-secure.com/pl_PL/welcome
Trend Micro Site Safety Lookup website risk   https://global.sitesafety.trendmicro.com/
URL Void    Lookup website risk http://www.urlvoid.com/
PhishTank   Search website/URL phishing reports http://www.phishtank.com/
ScumWare.org   Search website/URL malware reports http://www.scumware.org/search.scumware
StopBadware.org Clearinghouse   Search website malware reports https://www.stopbadware.org/clearinghouse/search
MalwareURL   Search website malware reports http://www.malwareurl.com/listing-urls.php
urlQuery   Run a real-time scan of a specific URL http://urlquery.net/
Sucuri SiteCheck   Run a real-time scan of a specific URL http://sitecheck.sucuri.net/
Comodo Site Inspector   Run a real-time scan of a specific URL http://siteinspector.comodo.com/
Zscaler Zulu URL Risk Analyzer   Run a real-time scan of a specific URL https://zulu.zscaler.com/
Quttera   Run a real-time scan of a specific URL or website https://www.quttera.com/#online url malware scanner

Enjoy, my good friends, enjoy...
Title: Re: Tests and other Media topics
Post by: polonus on September 17, 2017, 08:22:35 PM
A specific Scientology critical resource: https://umbraxenu.no-ip.biz/mediawiki/index.php/Anonymous_and_critic_sites

A good (re)searcher can beat any hacker any time all of the time.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on September 22, 2017, 12:42:34 PM
How to track url recirects in the browser: https://superuser.com/questions/242138/how-to-track-url-redirects-in-the-browser

and to see where they end up: http://redirectdetective.com/

Enjoy, my good avast friends, enjoy,

polonus (volunteer website security analyst and website error-hunter)

Oh, Firebug Light, nice extension...
Title: Re: Tests and other Media topics
Post by: polonus on September 24, 2017, 03:56:44 PM
JQuery is a sink!

Read: http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html
and https://ttmm.io/tech/jquery-xss/

Understand while polonus continously scans here: http://retire.insecurity.today/  and here: http://www.domxssscanner.com/

A function or method that can be sonsidered as insecure, when one of its arguments comes from untrusted input

(check at https://observatory.mozilla.org/  whether content is being protected properly CORS
- same origine - SRI hashes generated)

and is not correctly being validated according to the layer the function is communicating to.

jQuery.html is a sink and no one so far complains.

jQuery is also designed to perform different operations based on argument type and content.

Using the same interface for query and executing is a "bad idea".

jQuery as selector?

Never use jQuery() or $() with an unvalidated argument. No matter what version is being used. Read the code!

jQuery developers retire old version (zip all for reference). What one acquires, one also should retire!
Change and lock jQuery do-everything behaviour.

Not allow client side into Http encode URI Component. Do not use $.html() with untrusted input.
Check they work as expected <.*\?>
Test your RegExps.
Client Request Proxy is Frameable by design!
unfriendly header added
x-Ms-Origin: http://cyber.at.track.er
XMLHttpRequest.attr=val
IE sees some code as valid JSON you can still be left with an unvalidated object!
Be shy using 3rd party services that produces 3rd party surprises.
HTML Injection Vuln.
Test an' Audit all 3rd party code (jsunpack)
Angular.JS has interesting injections.

Info credits go to stafano di paola of minded security dot com.

jQuery methods that directly update the DOM

.after() same with append, before, htm,l insert After, insert Before, prepend, prependTo, replaceAl,l replaceWith, unWrap, wrap, wrapAll, wrapInner, all like .method() text() updates DOM but is safe.

Do not send unvalidated data to these methods or properly escape before doing so.

More danger from or $danger immedeately evaluates the input e.g. $("<img src =x  onerror = alert(1)>")

jQuery.globalEval()

All event handlers: bind(events), bind (type, [,data], handlers ()], .0n(), add(html).

More research is needed to identify all the safe versus unsafe methods.

polonus (volunteer website security analyst and website error-hunter)

P.S. Interesting interesting read on the dangers of 3rd party scripts:
https://css-tricks.com/potential-dangers-of-third-party-javascript/

and https://hackcabin.com/post/managing-async-dependencies-javascript/

Damian
Title: Re: Tests and other Media topics
Post by: polonus on September 26, 2017, 10:44:20 PM
All you wanna know on javascript: http://exploringjs.com/
The latest developments Async functions: http://exploringjs.com/es2016-es2017/ch_async-functions.html#ch_async-functions

Recent news: https://www.theregister.co.uk/2017/09/26/allen_wirfs_brock_interview/

Security issues: https://docstore.mik.ua/orelly/webprog/jscript/ch21_01.htm  and many, many more...

polonus
Title: Re: Tests and other Media topics
Post by: polonus on October 04, 2017, 09:25:31 PM
Checking on PHP code -> http://evuln.com/tools/php-security/

Example see attached txt... (this for security reasons, as the security savvy will understand why code as txt file)

polonus

P.S. consider exploits like these: https://www.exploit-db.com/exploits/35743/
Then you like to get such a reaction of the server: "Not Acceptable!

An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security.".

D
Title: Re: Tests and other Media topics
Post by: polonus on October 08, 2017, 08:23:33 PM
How to check on blocklist - added this one to uBlock 0 - http://sanyalnet-cloud-vps.freeddns.org/mirai-ips.txt
Checked this IP 1.180.235.36 -> https://www.abuseipdb.com/check/1.180.235.36
reported there 23 times -> also here: https://cleantalk.org/blacklists/1.180.235.36

pol
Title: Re: Tests and other Media topics
Post by: polonus on October 09, 2017, 08:39:11 PM
uBlock Origin found a way against this, but initially this malvertising campaign overcame adblockers:

https://www.technibble.com/forums/threads/malvertising-campaign-finds-a-way-around-ad-blockers.75220/

N.B. Disable "Non Proxied UDP (WebRTC) in your browser!
How to in various browsers: https://whoer.net/blog/article/how-to-disable-webrtc-in-various-browsers/

Check your browser: https://panopticlick.eff.org/

Remember every added extension makes it easier to uniquely make your browser stand out for profiling,
but there actually is no (easy nor hard) way to escape Big Brother to-day...

polonus
Title: Re: Tests and other Media topics
Post by: polonus on October 10, 2017, 10:09:12 PM
Some resources to check malware sites on.
This website no longer found active, was reported here as with generic malware:

https://otx.alienvault.com/indicator/hostname/www.stocktagfiles.com/

https://www.scumware.org/report/52.48.70.144.html

https://sitecheck.sucuri.net/results/www.stocktagfiles.com

https://www.securityhome.eu/malware/malware.php?mal_id=18398464835769f37b8669a6.43334630

https://minotr.net/detail?md5=1700ed9864bf36f580fd6efbaf1e40b0

https://www.threatcrowd.org/ip.php?ip=52.42.20.109

polonus
Title: Re: Tests and other Media topics
Post by: polonus on October 11, 2017, 12:45:53 PM
In firefox we have the beautiful Calomel extension.
But how to check beyond the green padlock inside Google Chrome,
we find the source via Control+Shift+I

How to check certificates under Google Chrome:

1. Go to the website you wanna check the certificate for
2. Push the F12 button
3. Within the window that has opened up, go to the small tab "Security"
4. Click then the button to View Certificate   (info credits go to Vixen).

Later you can check additonally:
https://cryptoreport.websecurity.symantec.com/checker/
and/or https://www.ssllabs.com/ssltest/
and https://www.digicert.com/help/
or here https://threatintelligenceplatform.com/

polonus
Title: Re: Tests and other Media topics
Post by: polonus on October 13, 2017, 11:01:41 AM
Where is your Internet connected out?

Where does the cloud take your packets?

See: https://www.peeringdb.com/asn/63949  (example for FOSCAM etc.)

Interesting background read from Chris Baker: https://dyn.com/blog/who-controls-the-internet/

polonus
Title: Re: Tests and other Media topics
Post by: polonus on October 17, 2017, 12:45:45 PM
Actual security related info.

Nonces that eventually aren't real "number onces". Such nonces seems to be a risk.
So time to implement additional security header security and check on https sites for "nonces".

An example of secure nonces we see here for example: https://gcm.tlsfun.de/check.php?host=www.terracotta.org
Quote
Collected 3 GCM nonces from www.terracotta.org

aa0015c9df6c8a46
aa0015c9df6c8a47
aa0015c9df6c8a48

NOT VULNERABLE

This host uses a counter starting with a random value (probably OpenSSL). This is secure.

For a detailed background read our paper: Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS. More supplemental information is in our Github repository.

Enjoy, my good friends, enjoy,

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on October 18, 2017, 08:03:28 PM
Certificate transparency for avast webforum according to the netcraft report:

Quote
Certificate transparency   
Signed Certificate Timestamps (SCTs)

Source   Log   Timestamp   Signature Verification
Certificate   Google Pilot
pLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BA=   2015-03-10 16:54:10   Success
Certificate   Google Aviator
aPaY+B9kgr46jO65KB1M/HFRXWeT1ETRCmesu09P+8Q=   2015-03-10 16:54:10   Success
Certificate   DigiCert 1
VhQGmi/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0=   2015-03-10 16:54:10   Success


Verify here: https://www.chromium.org/Home/chromium-security/certificate-transparency

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on October 22, 2017, 02:18:20 PM
In part experimental and results should be taken cum grano salis (with a grain of salt):
mozilla ssh_scan api reults in a dockerized way (all other forms are too abuse-prone, so you risk to become blocked),

Scan a sites privacy score (beta) here: https://privacyscore.org/site/33642/  (as an example we took avast forum site scan).
source code -> https://github.com/mozilla/ssh_scan_api
Avast forum site results as json: https://privacyscore.org/site/33642/json/

3rd party embeds, 3rd party trackers,
4 issues on unreliable encryption - HSTS and HSTS pre-loading not installed, not using Public Key pinning.
No check on mixed content and no check for CSS attempts and ticketbleed (experimental).
No protection found against LOGJAM attacks. More unreliable checks issues...

Another lesson to be learned about optimal website security,

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on October 24, 2017, 11:03:20 PM
Recent research has established that working a feature rich browser will set you out uniquely,
and this means an enhanced privacy risk.

Read: https://today.uic.edu/bloated-browser-functionality-presents-unnecessary-security-privacy-risks 
Info source: Peter Snyder.

You can check the uniqueness of your browser here: https://amiunique.org and https://amiunique.org/fp

If we break up the identifying factors, just a tiny bit of profiling is given off by my browser user agent.
Over 30% comes because of the browser header, that I send to the server.
Another 14% leaks through the way my browser processes decoded content.
A tiny bit of what I give away is through the language(s) I use (Dutch and Polish).
0,22% comes from used plug-ins and that is contradictory to above findings,
but detail of the individual plug-ins speak loudly with over 75% to set me out uniquely against all other browsers.
And do not forget the 33% by the adblocker I use.

Therefore the much liked uBlock Origin adblocker by our forum users,
is still "in it's teens" and needs further development. It will break a lot of sites.

By far the best plug-in that works to the contrary and makes you less unique by heaps is good old "Request Policy",
and here our good forum member, DavidR, was right all the way. You need not convince us any further, DavidR!

Well the use of NoScript or uMatrix is also advisable, allthough not always the unsavvy know what and how to toggle properly.

In these days of dwindling privacy or as Americans say: "Privacy that no longer exists" you have less unique browsers,
one is the Brave browser, developed by the inventor of javascript, without plug-ins and all in the browser
with a one profile for all (except for canvas and other fingerprinting). Brave as browser app a must on android!

On the other site of the scope we have the nonsensical gimmick Browzar browser, I would not recommendate.

Finally to be less outstanding withing the big browser monoculture of Big Blue, firefox and Google's chrome,
I would go for a Japanese browser like Sleipnir as one with this browser has a lesser attack surface on the Western Hemisphere.

polonus (volunteer website security analyst and website error-hunter)


Title: Re: Tests and other Media topics
Post by: DavidR on October 24, 2017, 11:43:19 PM
Well it was able to tell what virtually every browser gives, which browser and version you are using, your OS and version, plus your language, but that isn't going to get them very far in identifying the user.

EDIT: Whilst this is all well and good, you do have to selectively allow certain sites or you won't see all content.
Title: Re: Tests and other Media topics
Post by: polonus on October 25, 2017, 01:24:11 AM
Reported by Lukasz Olejnik this privacy threat: https://blog.lukaszolejnik.com/privacy-of-web-request-api/
Source:  https://www.theregister.co.uk/2017/10/06/another_w3c_api_exposing_users_to_browser_snitching/

Info credits for reporting go to Bitwiper.

A scala of browser privacy scanners: http://www.malwarehelp.org/online_browser_security_and_privacy_scanners.html
like for instance: https://www.leader.ru/secure/who.html  and extended: https://do-know.com/privacy-proxy-test.html?

Even explains I am in a FVEY country - the Netherlands, also extra private internal IPs are given. 2 CPU cores detected.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on October 30, 2017, 05:42:29 PM
L.S.

All hope's not gone - the answer towards a totall loss of privacy
and against centralised snooping on all of your Interwebs interactions =
Decentralised VPN powered by blockchain,
an innovative development, read here: https://mysterium.network/

The clock is solwly ticking the last remnants of your Internet data integrity away,
with Google now also phasing out their public key pinning policy,
who will be making up the logs to check certs transparancy against?

polonus
Title: Re: Tests and other Media topics
Post by: polonus on November 01, 2017, 04:21:48 PM
Do you consider bitcoin mining on your cycles worse than ads?

Some have it blocked by a good ad-blocker, some with anti-mining extensions.

What are the privacy implications of such a miner?

Flagged as malcode here: https://urlquery.net/report/6c776095-c1f1-4442-afc3-4d297841c802
3 to flag: https://www.virustotal.com/nl/url/b0827282045e14fe7538f204e94e13fe2491f653ed59369e5d8414feeb50e3e7/analysis/1509548406/

Some arnings here, but no tracking: https://privacyscore.org/site/33952/  (No HSTS, 
server is vuln. to Lucky13 and BEASt & DROWn atatcks, no secure client renegotiation set, no security headers set).

F-status and reco mmendations: https://observatory.mozilla.org/analyze.html?host=coinhive.com

No issues on the mining script itself, but overflow to: Results from scanning URL: -https://static.xx.fbcdn.net/rsrc.php/v3/y2/r/184G4bWm-rw.js
Number of sources found: 92
Number of sinks found: 24 -> -static.xx.fbcdn.net/rsrc.php/v3/y2/r/184G4bWm-rw.js benign

polonus (volunteer website security analyst and website error-hunter)

P.S. And when there are blockchains, there could be malware round the corner:
https://securelist.com/tales-from-the-blockchain/82971/

Damian
Title: Re: Tests and other Media topics
Post by: polonus on November 02, 2017, 02:50:15 PM
What are the privacy implications of this webproxy?

Are webproxies that privacy friendly, I think not by necessarily.

http://toolbar.netcraft.com/site_report?url=https://whoer.net
Comes witrh the Cloudflare related insecurities...ssl380088.cloudflaressl.com
Cert. installed correctly: Chain installation:
2 certificates found: RSA and ECC.
No HSTS enabled. SSL/TLS compression: Not Enabled
Heartbeat (extension):  Not Enabled

F-garde status and recommendations: https://observatory.mozilla.org/analyze.html?host=whoer.net

3 vulnerable libraries detected: http://retire.insecurity.today/#!/scan/3ccbbb2afaa1871f0fb292e8931723efc456d0f2132388d83efc464a1ff152ef

No third party cookies -  6 third party requests: http://www.cookiechecker.nl/check-cookies.php?url=https://whoer.net/webproxy

Issues with sources and sinks: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fwhoer.net%2Fwebproxy

Tracker tracker and bug issue report: see attached

Finally the beta privacy score: https://privacyscore.org/site/33961/


polonus (volunteer website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on November 07, 2017, 11:52:58 AM
Next to tor, tails and whonix there are different ways to help end-users to protect their last little bits of Internet privacy
with a bit of added anonimity.

Also one looks for new ways like the block chain technology that keeps Bitcoin secure, a decentralised solution against the overpowering intrusion of Big Brother Surveillance State's oversight forces.

A new scheme when the going gets narrow is https://mysterium.network/:

Open Sourced Network allowing anyone to rent their unused Network traffic, while providing a secure connection for those in need.

Hopefully network tld has been properly set to recognize that site's software.
Connection fail here: https://gcm.tlsfun.de/check.php?host=mysterium.network
Connection failed. Host has either no HTTPS or does not support GCM.

See how succesful they are: https://privacyscore.org/site/34025/json/
and https://privacyscore.org/site/34025/  PHP/5.5.9-1ubuntu4.21 with twelve vulnerabilities.

Retirable: http://retire.insecurity.today/#!/scan/c989f46450eddf925f09fc10ca4880608fd09dca1b83216db50cbf3b5373b3ac

Externally Linked Host   Hosting Provider   Country

-news.bitcoin.com   CloudFlare   United States

-bitconnect.co   CloudFlare   United States

-www.cryptocoinsnews.com   CloudFlare   United States

-github.com   GitHub   United States

-techannouncer.com   GoDaddy.com, LLC   United States

-www.linkedin.com   LinkedIn Corporation   United States

-mvp.mysterium.network   DigitalOcean   Netherlands

-goo.gl   Google   United States

-www.sarunas-savickas.com   OOO NPO Relcom   Lithuania

-www.subscribepage.com   CloudFlare   United States

-twitter.com      United States

-www.the-blockchain.com   CJ2 Hosting&Development   Netherlands

-www.digitaljournal.com   Digital Journal, Inc.   United States

-lt.linkedin.com   LinkedIn Corporation   United States

-medium.com   CloudFlare   United States

-cointelegraph.com   CloudFlare   United States

Please, do not fence us in further!

polonus
Title: Re: Tests and other Media topics
Post by: polonus on November 10, 2017, 05:49:07 PM
Just stumbled upon this news:
-> https://gwillem.gitlab.io/2017/11/07/cryptojacking-found-on-2496-stores/

Coinhive cryptominer activity going on on over 2500 hacked Magento webshop websites.
Re: https://twitter.com/gwillem/status/928033303466266626

I hope users stop this by using a decent adblocking or scriptblocking extension or a miner blocker extension.

Willem de Groot added this to his software here: https://github.com/gwillem/magento-malware-scanner/pull/157

One could scan a Magento CMS webshop site also here: https://www.magereport.com/

It would be better when browser developers brought a general broader solution to this problem inside the browser,
so users could be alerted to this abuse and eventually block mining through a site they visit.

As long as this has not been realised, we have to fence for ourselves,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on November 10, 2017, 06:26:57 PM
A attack scenario we could distill from the Coin Hive cryptojacking signatures developed by Willem de Groot comes for Magento webshop sites with amasta.biz vulnerable code. Read: https://support.hypernode.com/knowledgebase/how-to-protect-magento-from-amasty-product-feed-local-file-disclosure/

Rule:
Quote
@@ -648,6 +673,8 @@ ZXZhbChiYXNlNjRfZGVjb2RlK
 aHR0cDovL3Bhc3RlYmluLmNvbS9yYXcv
 account\-mage\.su\/
 air\-frog33\.pw\/
+aleinvest\.xyz\/
+alemoney\.xyz\/
 amasty\.biz\/
 analiticoscdn\.com\/
 animalzz921\.pw\/

Example https://www.magereport.com/scan/?s=+UNDERARMOUR.COM

polonus
Title: Re: Tests and other Media topics
Post by: polonus on November 19, 2017, 10:40:49 PM
Working the Cipscis - Fallout - Scriptvalidator for errors that not always come up with other methods:

Example code taken from
Quote
line 39 towards line 45 here: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=www.paperkrane.com&ref_sel=GSP2&ua_sel=ff&fs=1

Working out this standard with function tooltips
Quote
  < / sc​ript >
40:  < !-- /all in one seo pack -->
41:  < link rel='stylesheet' id='contact-form-7-css' href='-http://www.paperkrane.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=4.0.3' type='text/css' media='all' />
42:  < link rel='stylesheet' id='cpsh-shortcodes-css' href='-http://www.paperkrane.com/wp-content/plugins/column-shortcodes/assets/css/shortcodes.css?ver=0.6.6' type='text/css' media='all' />
43:  < link rel='stylesheet' id='blahlab-theme-grid-css' href='-http://www.paperkrane.com/wp-content/themes/paperkrane/assets/stylesheets/standalone/grid.css?ver=4.1.20' type='text/css' media='all' />
44:  < link rel='stylesheet' id='blahlab-external-googlefonts-css' href='-http://fonts.googleapis.com/css?family=Droid+Serif%3A400%2C400italic%7CDroid+Sans&ver=4.1.20' type='text/css' media='all' />
45:  < link rel='stylesheet' id='blahlab-theme-style-css' href='-http://www.paperkrane.com/wp-content/themes/paperkrane/assets/stylesheets/standalone/style.css?ver=4.1.20' type='text/css' media='all' />
  all links inside the validation broken, because of:
https://urlquery.net/report/6380f772-ee76-42f8-99ff-34728fc03f6f  (suspicious code detected).

Always into this because of (in)security aspects of code, because of polonus's interest in voluntarily website security analysis and website error-hunting, and always looking for new angles to come up with,

Damian

P.S.
Quote
A parser-blocking, cross site (i.e. different eTLD+1) script, htxp://www.google-analytics.com/ga.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://wXw.chromestatus.com/feature/5718547946799104 for more details.
Courtesy Google Chrome's developer console.
on my Greasemonkey json script - reported
Quote
Uncaught SyntaxError: Unexpected end of JSON input
    at JSON.parse (<anonymous>)
    at XMLHttpRequest.xhr.onreadystatechange

pol
Title: Re: Tests and other Media topics
Post by: polonus on November 25, 2017, 01:59:09 PM
You could check here whether your browser is vulnerable:  https://mineblock.org/
I get:
Quote
If the miner doesn't start, your browser is safe!
Can't start miner. Your browser is safe!
The baddies are listed here: http://www.badbitcoin.org/thebadlist/

Bad Bitcoin i.m.o.  is a big ponzi-like blockchain scam scheme, like the Black Tulip hype in the days of our Dutch painter Rembrandt, moreover the bitcoin value now halves every three years and over a few decades all present bitcoins will be mined.

When you wanna block mal-ads, you certainly wanna block bad-bitcoin-mining as well,
a good adblocker and scriptblocker combination will keep you safe from bitcoin mining scripts-
uBlockOrigin together with uMatrix.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on November 25, 2017, 10:59:02 PM
Check how privacy (un)friendly is a webproxy:

Beta-testing: https://privacyscore.org/site/34967/

Here we see issues: https://threatintelligenceplatform.com/report/proxy-de1.toolur.com/sCpTixZZn6

Here we found 3 problems: https://mxtoolbox.com/domain/proxy-de1.toolur.com/

F-grade status and recommendations: https://observatory.mozilla.org/analyze.html?host=proxy-de1.toolur.com

polonus (volunteer website security analyst and website error-hunter)

P.S. What strikes us in the results of this proxy website example as insecure, is that the webproxy site does offer https, but does not automatically defaults to it from http!
Secondly it serves up sub-secure ciphers and furthermore the server is vulnerable to Poodle, while also  the nameserver has version info proliferation: 9.9.4-RedHat-9.9.4-51.el7 (so one could check for vuln. and exploits, which attackers could do).
Also a warning goes for undesired redirects!

Damian
Title: Re: Tests and other Media topics
Post by: polonus on November 30, 2017, 10:52:55 PM
Interesting resources on BGP Security and Routing: http://moo.cmcl.cs.cmu.edu/~dwendlan/routing/

Check site example: https://ip.rst.im/dig/internal.akamaistream.net.

Later we found via another check: as21342/moas
Rate - 4.0 ;  2 Router Leaks ; 54 MOAS ; 532 dDos amplifiers

Now that sitevet dot com also as AS bad history resource has disappeared, we have to look out servers not overreach quotes and sources thus disappear for researchers.  ;)

Linkrot is the worst enemy of a volunteer website security analyst and website error-hunter like little old me,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on December 01, 2017, 11:24:34 PM
Because of recent and present threats to BGP security and the cold cyber-war,
Russia is planning to eventually set up it's own Internet only in BRICS countries.


Read here: https://www.theregister.co.uk/2017/12/01/russia_own_internet/

Here a map of the Root Server Technical Operations Assn: http://www.root-servers.org/

Then the root files: https://www.iana.org/domains/root/files

But there also new innovative solutions like blockstack coming: https://github.com/blockstack/atlas

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on December 04, 2017, 12:02:47 AM
New Panopticlick scan launched:

 https://www.eff.org/deeplinks/2017/11/panopticlick-30

See: https://panopticlick.eff.org/

Is your browser blocking tracking ads?   ✓ yes
Is your browser blocking invisible trackers?   ✓ yes
Does your blocker stop trackers that are included in the so-called “acceptable ads” whitelist?   ✓ yes
I just changed my profile using the canvas fingerprint extension.

Current canvas noise hash
#14afxxxxxxxxxxxxxxx3244bxx0271
Last changed: December 4 00:01

polonus
Title: Re: Tests and other Media topics
Post by: Evanna456 on December 06, 2017, 12:27:46 AM
is your browser block tracking ads? partial protection. Considering my ad blocker is adblock plus, it might be true
is your browser blocking invisible trackers? partial protection. So firefox built in tracking protection is not enough.
Firefox uses disconnect.me tracking list, @_@ i really need a plugin/addon for this huh.
Does your browser stop trackers....acceptable ads. ? no. same answer with my previous one.
Does your browser unblock third parties....Do not track? no. I set my browser to always block third party trackers.
Does your browser protect you from fingerprinting? your browser has a unique fingerprint.

Full result of browser fingerprinting:
screen size is wrong.
no timezone, undefined plugin details
system fonts is wrong, there are fonts missing on the list
user agent: firefox 52, no im using firefox 57
Title: Re: Tests and other Media topics
Post by: polonus on December 10, 2017, 05:04:26 PM
Nice new scanner outlay for Cymon - Search Threats.

Example of a randowm IP search result:
https://app.cymon.io/search/ip/209.202.252.95

Enjoy my good friends, enjoy

P.S. Missed completely here: https://www.virustotal.com/#/url/4f5f0accd4fc42fcd4c51851d77c980eaa6f0016aea08de65e3cf3cbb0da9853/detection

Can be combined with these results: https://ransomwaretracker.abuse.ch/ip/209.202.252.95/
and these: https://www.scumware.org/report/209.202.252.95.html

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on December 11, 2017, 05:18:24 PM
Some signs of computer compromise:

Your AV is disabled and you did not do this yourself.

You get a ransom message and it does not go away after restarting your computer.

You get frequent pop-ups at a time.

Your online passwords do not work anymore and you did not change them.

An unapproved software starts to download suddenly, and you did not allow it to do so.

Your websearches in your browser are redirected.

Your browser suddenly has a new toolbar added.

You are sending spam to friends on social media for instance , and you did not do that yourself.

Your mouse suddenly starts to move all by itself.

Conclusion all could be signs of an infested computer or someone hacking into it.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on December 12, 2017, 10:26:09 PM
Is your server secure against a 19 year old revived crypto attack threat, called by the name of ROBOT?
Background read (facebook has been patched): https://www.theregister.co.uk/2017/12/13/robot_tls_rsa_flaw/

Read: https://robotattack.org/

Check: https://robotattack.org/check/?h=   (h give domain name with www and without).

Test also added here now: https://testssl.sh/

Here: https://github.com/RUB-NDS/TLS-Attacker

Here: https://github.com/tomato42/tlsfuzzer

and here: https://dev.ssllabs.com/

Vulnerable server admins are advised to install available updates or whenever possible disable TLS RSA encryption functionality.

How this could have been kept under the detection radar for that long (19 years) is so far unknown,
but again makes the infrastructure an even more insecure theater.

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on December 18, 2017, 11:12:06 PM
Checked here: https://www.detectadblock.com/

It said that I am allowing ads, good for me.

I have an anti-adblock-solution of sorts running under my Tampermonkey user-script extension,
called Anti-Adblock Killer | Reek and it does a great job for me.

When I meet an adblocker blocker I can choose to block their ads and visit the site via a webproxy anyway.

Else the risk of getting any (3rd party) mal-ad-code is too great a risk in my opinion to even considering lifting my adblocker.

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on January 02, 2018, 05:17:48 PM
Test your browser against password manager leak:
https://senglehardt.com/demo/no_boundaries/loginmanager/
this as webtrackers follow internet-users via password managers.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on January 03, 2018, 12:09:24 AM
Tested IP here: https://www.perfect-privacy.com/check-ip/

Results OK for
Quote
HTTP metadata does not contain any suspicious information
HTTP_VIA   - empty -
HTTP_CLIENT_IP   - empty -
HTTP_CLIENT_IP (DNS)   - empty -
HTTP_FROM   - empty -
HTTP_X_REAL_IP   - empty -
HTTP_X_FORWARDED   - empty -
HTTP_X_FORWARDED_FOR   - empty -
Java disabled
Flash diabled
;)

polonus
Title: Re: Tests and other Media topics
Post by: polonus on January 08, 2018, 09:59:21 PM
Check here your Spectre CPU vulnerability

http://xlab.tencent.com/special/spectre/spectre_check.html

Enjoy, my friends, enjoy,

polonus
Title: Re: Tests and other Media topics
Post by: DavidR on January 08, 2018, 10:20:04 PM
Check here your Spectre CPU vulnerability

http://xlab.tencent.com/special/spectre/spectre_check.html

Enjoy, my friends, enjoy,

polonus

I had thought this would actually be a CPU check for vulnerability, as per the 'bold text.'

However, this would be browser check and not a CPU check.
Title: Re: Tests and other Media topics
Post by: polonus on January 08, 2018, 11:04:25 PM
Hi DavidR,

Probably you did not grasp the workings of the Spectre bug.
Explained in layman's terms, sort of going like this to get info out of a box (browser cache in this case, where it should not leave your system, they question the CPU cache and this could cheat on confidential info you don't wanna share, but your chip will anyways.

Above is a check how your browser is vulnerable about this pre-cache CPU info cheating bug thingie, without overhyping it.
So we have to see connections now are being more secure, encryption more solid etc. until a new range of new non-vulnerable chips come into production.

Your chip is cheating inside the browser, wherever. it should because it was a stupid way of enhancing the speed with pre-guessing to make it faster.  If they check say for G and get a fractional glimpse of G and then later the cache protection says Y, they still could have a good guess inside the CPU a fraction earlier it was indeed G they were after. Capito?

So it is definitely Spectre CPU related.

Damian
Title: Re: Tests and other Media topics
Post by: polonus on January 08, 2018, 11:17:55 PM
Maybe browsers should come up with a cache flush button.

What your browser does not (re)collect, it cannot spread.

So guys and gals flush that browser cache.

Two more spectre tests: https://github.com/wearefriday/spectre tool
Info credits go to vgrigorik & nickdunn

Testing on Windows via a Powershell command, read:
https://www.bleepingcomputer.com/news/microsoft/how-to-check-and-update-windows-systems-for-the-meltdown-and-spectre-cpu-flaws/ info credits go out to Catalin Cimpanu

polonus
Title: Re: Tests and other Media topics
Post by: DavidR on January 09, 2018, 12:12:02 AM
Hi DavidR,

Probably you did not grasp the workings of the Spectre bug.
Explained in layman's terms, sort of going like this to get info out of a box (browser cache in this case, where it should not leave your system, they question the CPU cache and this could cheat on confidential info you don't wanna share, but your chip will anyways.
<snip>
So it is definitely Spectre CPU related.

Damian

It is just that the bold headline is somewhat misleading when it only talks of CPU vulnerability but the test is only browser related.

So it was surprising when it is only checking your browser in isolation.  For instance if your CPU isn't vulnerable why check the browser.  On this win10 system with the latest firefox version 57.0.4 (64-bit), it reports the browser isn't vulnerable.

Though if I ran this test on my XP system with the ESR version of Firefox it may be different, but the major thing on my XP system is by all accounts my 'old not modern' CPU isn't vulnerable.
Title: Re: Tests and other Media topics
Post by: polonus on January 09, 2018, 12:54:11 AM
Firefox and Google browser already patched to this as with most patching this will be only in a software manner,
as the Intel hardware design flaw/hole can only be patched with a new secure upcoming production line,
and this will not be with us until 2020.

As we know the flaw can be again abused through javascript played out within very tiny tiny time frames.

As we both have known now for a long time, blocking javascript to run inside a browser,
is the best security measurement one could take under all circumstances and for all kind of threats.

Over to a completely other subject:

I am always on the look-out to combine non-likely related results to get at a better overall verdict, like
the malware presented from here: http://urlquery.net/report/0e68bab7-835a-4ca5-b9bb-2f075f1a6188
combined with results like here: http://sun-adv.com.dnstree.com/

Damian
Title: Re: Tests and other Media topics
Post by: polonus on January 10, 2018, 12:10:17 AM
Just like the new service from VT for registered users, this is also new:
https://urlscan.io/result/9b5e14d3-7ce4-49b0-a26f-b8adccb8046d/related/

Related from: https://urlscan.io/result/9b5e14d3-7ce4-49b0-a26f-b8adccb8046d/#summary

Just as it was discussed in the virus and worms makes it the more relevant on Webzilla abuse,
a Dutch hosting AS. Spamhaus just asked cloudproviders to give a bigger effort to fight off spam botnets.

Reported: https://www.spamhaus.org/news/article/772/spamhaus-botnet-threat-report-2017

We also have to do our bit as end users report botnet abuse on the Interwebs here and else-where.

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on January 10, 2018, 04:57:30 PM
Check whether your Windows cpu is vulnerable to Meltdown and Spectre:

https://www.ashampoo.com/en/usd/pin/1304/security-software/spectre-meltdown-cpu-checker

polonus

Anyone found results for AMD E1 chips? Scan results may not materrialize...

D
Title: Re: Tests and other Media topics
Post by: bob3160 on January 10, 2018, 06:15:43 PM
Check whether your Windows cpu is vulnerable to Meltdown and Spectre:

https://www.ashampoo.com/en/usd/pin/1304/security-software/spectre-meltdown-cpu-checker (https://www.ashampoo.com/en/usd/pin/1304/security-software/spectre-meltdown-cpu-checker)

polonus
(https://screencast-o-matic.com/screenshots/u/Lh/1515604484704-22878.png)
A bit strange since this system is totally updated ???
Title: Re: Tests and other Media topics
Post by: polonus on January 10, 2018, 09:23:34 PM
Hi bob3160,

Probably has to do with not all vendors gave you the necessary firmware updates.
Reason probably is through your video-card that still is vulnerable to Spectre.

Spectre should be mitigated only via a firmware hardware update,
and these will be finally due in at the end of this month.

The real definite mitigation of the Intel debacle needs a new hardware chip and that may,
taking a bit of debugging and the necessary testing scheduled for another two years  ::)

So this means a lot of new laptops, computers, smartphones and all sort of IoT devices to buy,
or in need maintanance and a new "total recall" to speak with Schwartzenegger.

This Spectre/Meltdown debacle gonna cost us all.
The only laughing third party is commerce, they gonna get extra revenue big time.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on January 11, 2018, 01:30:26 PM
Those that tested with this tool be extra careful,
your settings may have been changed by the test tool.
  :o

Nota Bene!
The use of the Ashampoo Spectre Meltdown CPU Checker will result that in Windows PowerShell the ExecutionPolicy for CurrenttUser is being set as, and will remain set as "Bypass".
This while the standard setting should be "Undefined" or "Restricted" and not "Bypass".

To check your  PowerShell ExecutionPolicies and correct the settings,
open Windows PowerShell, through clicking right, Ëxecute as Admininstrator".

Inside Windows PowerShell, give in the following command:
Get-ExecutionPolicy -list

When for  CurrentUser weergegeven is listed that ExecutionPolicy has been set as "Bypass",
restore the default settings by giving in the followingt command:
Set-ExecutionPolicy -ExecutionPolicy Default -Scope CurrentUser

Or just not set this for CurrentUser but for all Scopes at a time:
Set-ExecutionPolicy -ExecutionPolicy Default

Documentated here:
https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-5.1

Info credits go to itman, re:
https://www.wilderssecurity.com/threads/kernel-memory-leaking-intel-processor-design-flaw-forces-linux-windows-redesign.399338/page-16#post-2730623
https://www.wilderssecurity.com/threads/kernel-memory-leaking-intel-processor-design-flaw-forces-linux-windows-redesign.399338/page-16#post-2730646

Info credits for the above message go to Spiff (security dot nl).

polonus
Title: Re: Tests and other Media topics
Post by: bob3160 on January 11, 2018, 02:20:27 PM
(https://screencast-o-matic.com/screenshots/u/Lh/1515676586563-50493.png)

(https://screencast-o-matic.com/screenshots/u/Lh/1515676718361-73246.png)
After a reboot, I'll check to see if I have updates waiting for me.
Title: Re: Tests and other Media topics
Post by: polonus on January 11, 2018, 02:48:45 PM
Another way could be to set it to

Quote
MachinePolicy        Undefined
UserPolicy             Undefined
Process                 Undefined
CurrentUser          Undefined
LocalMachine        Undefined

pol
Title: Re: Tests and other Media topics
Post by: polonus on January 11, 2018, 02:56:54 PM
Adopt Chromium OS settings:

Quote
Chrome Site Isolation -> https://support.google.com/chrome/answer/7623121

If you are using Google Chrome or Chromium, please follow the steps below:

Type chrome://flags in the address bar and press Enter.
Scroll down the page and find “Strict site isolation” and press the Enable button.
Restart the Chrome browser.
https://www.chromium.org/Home/chromium-security/ssca

polonus
Title: Re: Tests and other Media topics
Post by: polonus on January 11, 2018, 03:10:37 PM
Checking on domain configuration and certificate installed...

For this PHISHING domain: -guru.cr

Re: https://toolbar.netcraft.com/site_report?url=guru.cr
Re: https://cryptoreport.websecurity.symantec.com/checker/
Results:
Quote
Certificate is installed correctly
Common name:
 guru.cr
SAN:
 guru.cr, cpanel.guru.cr, gurucr.com, mail.guru.cr, mail.gurucr.com, webdisk.guru.cr, webmail.guru.cr, whm.guru.cr, www.guru.cr, www.gurucr.com
Valid from:
 2017-Dec-29 00:00:00 GMT
Valid to:
 2018-Mar-29 23:59:59 GMT
Certificate status:
 Valid
Revocation check method:
 OCSP
Organization:
 
Organizational unit:
 
City/locality:
 
State/province:
 
Country:
 
Certificate Transparency:
 Not embedded in certificate
Serial number:
 f549d40077ef9ca14b21b7a669b991f1
Algorithm type:
 SHA256withRSA
Key size:
 2048
Certificate chainShow details
COMODO RSA Certification AuthorityIntermediate certificate
cPanel, Inc. Certification AuthorityIntermediate certificate
guru.crTested certificate
Server configuration
Host name:
 198.23.60.248
Server type:
 Apache
IP address:
 198.23.60.248
Port number:
 443
Protocols enabled:
TLS1.2
TLS1.1
TLS1.0
Protocols not enabled:
SSLv3
SSLv2
Secure Renegotiation:
 Enabled
Downgrade attack prevention:
 Enabled
Next Protocol Negotiation:
 Not Enabled
Session resumption (caching):
 Enabled
Session resumption (tickets):
 Enabled
Strict Transport Security (HSTS):
 Not Enabled
SSL/TLS compression:
 Not Enabled
Heartbeat (extension):
 Enabled
RC4:
 Not Enabled
OCSP stapling:
 Not Enabled

Vulnerabilities checked:
Heartbleed
Poodle (TLS)
Poodle (SSLv3)
FREAK
BEAST
CRIME
Cipher suites enabled:
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000A)
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
TLS_RSA_WITH_AES_128_CBC_SHA (0x002F)
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003C)
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003D)
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006B)
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009C)
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009D)
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009E)
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009F)
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xC012)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xC013)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xC014)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xC027)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xC028)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xC02F)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xC030)

11 issues here: https://mxtoolbox.com/domain/guru.cr/

F-grade status and recommendation and further scans: https://observatory.mozilla.org/analyze.html?host=guru.cr

Flagged: http://urlquery.net/report/80affa33-f2af-40e6-b824-6888dd8fb762

Also consider: https://urlscan.io/domain/guru.cr  -> -> https://urlscan.io/result/32d9da5e-c460-4f4e-8857-0f10341263f2/#summary

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: RejZoR on January 12, 2018, 09:31:58 AM
Thx for the headsup Polonus! That's a bit stupid on the Ashampoo's side...
Title: Re: Tests and other Media topics
Post by: RejZoR on January 12, 2018, 10:02:45 AM
Another way could be to set it to

Quote
MachinePolicy        Undefined
UserPolicy             Undefined
Process                 Undefined
CurrentUser          Undefined
LocalMachine        Undefined

pol

How do you set it to "Undefined"? Using "Default" sets it to "Restricted"...
Title: Re: Tests and other Media topics
Post by: DavidR on January 12, 2018, 11:16:00 AM
Another way could be to set it to

Quote
MachinePolicy        Undefined
UserPolicy             Undefined
Process                 Undefined
CurrentUser          Undefined
LocalMachine        Undefined

pol

How do you set it to "Undefined"? Using "Default" sets it to "Restricted"...

If you check bob3160's earlier post, it has some images and there is a link in one of the images that may help. 
https://forum.avast.com/index.php?topic=129271.msg1441045#msg1441045

I don't know if you have tried the ? after the command to see if it gives much help.
Title: Re: Tests and other Media topics
Post by: polonus on January 12, 2018, 03:10:57 PM
Hi DavidR,

A better way to check is: https://www.howtogeek.com/338801/how-to-check-if-your-pc-is-protected-against-meltdown-and-spectre/

undefined in this sense equals restricted - from this article
Quote
https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-5.1
names under "Windows PowerShell Execution Policies", "Undefined",
If the execution policy in all scopes is Undefined, the effective execution policy is Restricted, which is the default execution policy.

So I am fine, on AMD I am also not vulnerable to meltdown where Intel users are  ;) ;D

polonus
Title: Re: Tests and other Media topics
Post by: DavidR on January 12, 2018, 05:28:59 PM
Hi DavidR,

A better way to check is: https://www.howtogeek.com/338801/how-to-check-if-your-pc-is-protected-against-meltdown-and-spectre/

undefined in this sense equals restricted - from this article
Quote
https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-5.1
names under "Windows PowerShell Execution Policies", "Undefined",
If the execution policy in all scopes is Undefined, the effective execution policy is Restricted, which is the default execution policy.

So I am fine, on AMD I am also not vulnerable to meltdown where Intel users are  ;) ;D

polonus

My post was a direct response to RejZoR, he may well find this useful.

I'm on an old Core2Duo and as far as I can tell that too isn't vulnerable. 

The only thing you are vulnerable to is MS screwing up your system with a windows update for AMD chips, but they have now pulled windows updates for AMD chips.
Title: Re: Tests and other Media topics
Post by: polonus on February 05, 2018, 01:03:39 PM
Full list of Symantec-dertificates that will become untrusted:
https://raw.githubusercontent.com/arkadiyt/symantec-certificate-checker/master/bad_hosts.txt

Read: https://arkadiyt.com/2018/02/04/quantifying-untrusted-symantec-certificates/

Checked with Symantec's: https://observatory.mozilla.org/analyze.html?host=easyredmine.com#tls
Quote
SSL certificate is not installed. Click here to get a certificate.

Many systems are configured with firewalls that block SSH access. To successfully scan with the SSH Observatory,
access must be granted to Mozilla's scanning system.
But a A- status here? -> https://www.ssllabs.com/ssltest/analyze?d=easyredmine.com
DNS CAA No - Chain issues - 5 DNS issues -> https://mxtoolbox.com/domain/www.easyredmine.com/

Also consider info here: https://toolbar.netcraft.com/site_report?url=%09https%3A%2F%2Fwww.easyredmine.com

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on February 09, 2018, 12:11:31 AM
From June 2018 henceon Google Chrome browser will start to label all http websites as insecure,
this in order to come to a https only Internet, which will also better protect connections for their core business
and all data that they will be sending to their chocolate factory (including your private data) via non-public CDN,
so who will check their tracking and profiling and to whom they stand responsible?

To better be able to check your https website functionality and code use:
https://developers.google.com/web/tools/chrome-devtools/#open

polonus
Title: Re: Tests and other Media topics
Post by: polonus on February 11, 2018, 06:17:46 PM
Checking backupspider.com.html on Zonemaster creates critical errors, this scan however is fine:
https://zonemaster.iis.se/?resultid=a9edfa238f0b5f9b

Results supported by these results: https://intodns.com/backupspider.com

3 issues here: https://mxtoolbox.com/domain/backupspider.com/

Risk rating 1 red out of 10: https://toolbar.netcraft.com/site_report?url=backupspider.com

polonus (volunteer website security analyst & website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on February 20, 2018, 08:31:30 PM
One knows polonus checks for retirable jquery libraries, including node js,  using online retire js scanner,
There is also a way to check node.js for insecurety: snyk open source .
One can do a test for azure (azure@2.2.1-preview) and test e.g. "tunnel agent" in for instance Brave browser on android and we will get 9 issues, "do not use callbacks"  for one.
Install -> npm install -g snyk d -/projects/myproj/
snyk test

Enjoy,
polonus
Title: Re: Tests and other Media topics
Post by: polonus on February 24, 2018, 11:15:28 PM
Hi security minded friends,

Polonus was away for the week to central Poland, temp now minus 8 Celsius.

While not much online here last week on these here forums,
polonus is as always continuously on the look-out for script-security improvement of any sort.

I and a younger IT friend of mine stumbled onto this super script from the renowed resource engineer
& open source security researcher, zx2c4, from Paris, France.

His is the innovative secure.js script. To enjpoy this script, go to this link,
and see this javascript to prevent HTTPS leaks:  https://git.zx2c4.com/secure.js/tree/secure.js

As we find in his to do list inside the code there is still some work to be done on detecting async scripts,
and through going over StackOverflow's solutions,  and thnx to Cookie_Monster there, we stumbled upon:

Code: [Select]
document.querySelectorAll ( 'script') ;
< script async src= "jquery.js"onload = "jqueryloaded ( )"
var script = document.  create Element ("script") ; script.src = jquery.js' ;
script.onload = jqueryloaded ;
document.body.appendChild(script) ;
head.load ("jQuery.js)" ,
function ( ) {
console.log
}) ; 
 

Could there be a possibility secure.js could be adopted & enhanced in such a way?
Still waiting from a response from Jason Donenfeld (aka zx2c4) accordingly,

polonus (volunteer website security analyst and website error-hunter)

Title: Re: Tests and other Media topics
Post by: polonus on February 27, 2018, 05:43:09 PM

Get a universally unique identifier to protect your geekie code
from here: http://onlineuuidgenerator.com/  (also time-based version).

Unique identifiers can protect you and also can give you away when you violate online laws.

Think of Verizon's Precison ID? (re: http://www2.ca3.uscourts.gov/opinarch/163588p.pdf )
and re: https://readwrite.com/2015/01/31/verizon-tracking-perma-cookies-supercookies-uidh-precisionid-opt-out/
also perma-cookies while on tor and afterwards can identify you.

Tor will not anonymize you, in combination with tails also not fully anonymize ye, recorded is the size of your browser window open for instance, and other unique identifiers like typing habits/speed/anomalities, websites visited etc.

Using tails in combination with a VM is a bad idea, it can unveil your OS identification. Using tot and tails and a vpn a la default is always a bad idea for hackers and cybercriminals alike. You get caught period.

Also be aware of correlation attacks, targeted malware injection, and time-based attacks.Also never share privacy related data online or break your online habits. These mistakes has caused many a perpetrator quite some jailtime.
So better do not do the crime, if you cannot do the time.

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on March 05, 2018, 06:03:30 PM
A fine AI-driven PHISHing-IP checker:
(example IP): https://checkphish.ai/ip/94.23.220.38

Enjoy, my good friends, enjoy,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on March 05, 2018, 06:25:58 PM
An example of what we can detect starting to use this service:
https://checkphish.ai/ip/94.23.220.38  and then checked: https://checkphish.ai/domain/poufmarocain.com
and then https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=poufmarocain.com&ref_sel=GSP2&ua_sel=ff&fs=1
and also two detections here: https://retire.insecurity.today/#!/scan/8daed221f8bde319f1f93ab73c4d2578663ae7ee4fdd039823c1c35b578c47bf
moreover this:
Quote
poufmarocain.com/js/jquery/jquery-migrate-1.2.1.min.js benign
     info: [decodingLevel=0] found JavaScript
     error: undefined variable jQuery
     error: undefined function e
Also http://www.domxssscanner.com/scan?url=https%3A%2F%2Fpoufmarocain.com%2F
leading us here: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=www.comservice-online.de%2Findex.php%3Fmod%3Dusers%26action%3Dview%26id%3D121198%2F&ref_sel=GSP2&ua_sel=ff&fs=1

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on March 06, 2018, 01:52:36 PM
To keep everything tested and secure: http://seclist.us/category/security-tools

polonus
Title: Re: Tests and other Media topics
Post by: polonus on March 16, 2018, 02:15:55 PM
Are you out on a spoofable AS?
Test and help fight against InfoSpoofing:

https://www.infospoofing.com/

polonus

Info credits also: https://www.caida.org/projects/spoofer/
Title: Re: Tests and other Media topics
Post by: polonus on March 17, 2018, 01:25:13 PM
Important as an anti-spoof protection for sub-domains etc is to have a dmarc record,

Read background info: https://fraudwatchinternational.com/expert-explanations/dmarc-protecting-domains/

test here (free trial 14 days): https://dmarcian.com/dmarc-inspector/rug.nl
Or check here: https://mxtoolbox.com/dmarc.aspx

Free check tool: https://www.dmarcanalyzer.com/dmarc/dmarc-record-check/

Example - -https://app.dmarcanalyzer.com/dns/dmarc_validator?domain=yahoo.com&g-recaptcha-response=03ANcjospioYln4U73s09y5mmYq3HTT0IWNbAdz78uQ0oIrCBEQ2WO1BHfSQIpFpdHxyVPGyKpgSu1o32MqXIsZ4oqWbW_bcRGuKmcB_UFpvR4IDgCKaadO87tU42mQhzFKqGKQBcP3dy4VEUDC-HXLUDvN23gnyP5twFdOJbZ9I41IrorzPm38kI4_wJlWXE9_3pwTwy9qLM8x1eg-P8RBrSb_jyYgvhB-Y0RNB1_dio1RWg39d-HUpS7VGyAcewNwVvUXQ-RuzlYSF0cRLJvwBEv6ED2J1dKlozAWbRNXqx5G6fvY-vj8SMe9g8DeMjxA914b0gQ5D5S&_token=d6VBx3OrOvqoZE8tUwj5AAh7Id6u7tlneivRvAIH

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on March 30, 2018, 08:45:30 PM
Proxies and VPN's may leak your IP-address through WebRTC.
This can be done via so-called stun-server logs.


Read about it here: https://voidsec.com/vpn-leak/
Protect against it with this extension: https://chrome.google.com/webstore/detail/webrtc-network-limiter/npeicpdbkakmehahjeeohfdhnlpdklia

Check your vulnerability: http://ip.voidsec.com/

Quote
How to disable WebRTC in Firefox?

In short: Set "media.peerconnection.enabled" to "false" in "about:config".

Explained:

Enter "about:config" in the firefox address bar and press enter.
Press the button "I'll be careful, I promise!"
Search for "media.peerconnection.enabled"
Double click the entry, the column "Value" should now be "false"
Done. Do the WebRTC leak test again.

If you want to make sure every single WebRTC related setting is really disabled change these settings:

media.peerconnection.turn.disable = true
media.peerconnection.use_document_iceservers = false
media.peerconnection.video.enabled = false
media.peerconnection.identity.timeout = 1

Now you can be 100% sure WebRTC is disabled.
Quiote source: : https://www.privacytools.io/#webrtc

You will be astounded when you check here: https://www.dnsleaktest.com/
and for further tests: https://www.grc.com/dns/dns.htm

No more leaks via a IPVanish with this extension:
https://addons.mozilla.org/nl/firefox/addon/happy-bonobo-disable-webrtc/

In privacy badger you can set prevent WebRTC to leak the internal IP address.
This could cause some slowness on Google Hangout.

Palemoon browser blocks this leaking as per default.

Info credits go to posters here: -https://www.security.nl/posting/555923

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on April 05, 2018, 03:07:00 PM
In the light of re-appearing security issues with websites with PHP driven Word Press CMS
(CMS short for Content Management Software).

Start to scan for a really quick and dirty here: http://hackertarget.com/wordpress-security-scan/

Also at: https://sitecheck.sucuri.net/
and https://www.quttera.com scans.

Furthermore for retirable jQuery libraries scan here: https://retire.insecurity.today/#

Also: https://observatory.mozilla.org/?
Together with a scan here: https://cryptoreport.websecurity.symantec.com/checker/en
Furthermore scan at: http://www.domxssscanner.com/

All scans are just meant for obtain benevolent research info.
Never use any info so gained against a certain AS, domain, IP range or IP etc.

For a json and api info scan: https://urlscan.io/domain

More scan suggestions via : https://geekflare.com/online-scan-website-security-vulnerabilities/

Interesting results may also be obtrained here via a scan here:
https://www.eff.org/https-everywhere/atlas/

Also via http://rips-scanner.sourceforge.net/ 
and
https://app.upguard.com/webscan#/

Enjoy my friends, enjoy.  Info credits luntrus (@security dot nl)

With questions or issues come to the virus and worms section of these avast forums,

polonus (volunteer website security analyst and website error hunter)
Title: Re: Tests and other Media topics
Post by: bob3160 on April 05, 2018, 04:06:09 PM
Thank You. :)
(https://screencast-o-matic.com/screenshots/u/Lh/1522937124978-50695.png)
Title: Re: Tests and other Media topics
Post by: polonus on April 07, 2018, 02:49:18 PM
This is a POC - DO NOT use it for a production environment  Info credits goes to thecker at Github Today

Checking this POC code against facebook's proxygen-bolt -> https://github.com/lhecker/libnodecc
Do not use libnodecc in a developer's production environment, just for research experiments only.
See: https://urlscan.io/result/3b26405e-cc14-49fb-ba92-e2e2f8be0368/jsonview/
and https://urlquery.net/report/c85aceb0-5456-4363-ad7f-b9bb3e960636
proxygen-bolt unrecognized despite returning data
There always should be room for PHP (in)security testing: Security Checks for -static.xx.fbcdn.net
Verdict of insecurity:
(2) Susceptible to man-in-the-middle attacks
HSTS header does not contain includeSubDomains
HSTS header not prepared for preload list inclusion
Vulnerable to cross-site attacks
HttpOnly cookies not used

error to go onto
Quote
-static.xx.fbcdn.net/rsrc.php/v3iCvN4/yt/l/DE/iNEySX6agJT.js benign
     info: [decodingLevel=0] found JavaScript
     error: undefined variable __d
     error: undefined function __d
nested undefined variable error, when you try to grab, but you do not see what is run...(pol).

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on April 10, 2018, 04:49:27 PM
Babel, a strict VM driven javascript compiler on the client (browser) to tight-test javascript security!

What we tested? Well javascript taken from this scan: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fyandex.ru

Tested against babel here: https://babeljs.io/repl#?babili=false&browsers=&build=&builtIns=false&code_lz=BQMwrgdgxgLglgewsA5gGgBZoDIEoDe408SABAG7ACGaARmlAQE4CmMYTEpRsiyBMJgE98rdp1JUAdFQAOsgDZDgMDHA

Do not think out of the box, think strict and exact. Go to the next phase with Rust and Babel.

Another check of this code: -mc.yandex.ru/metrika/watch.js benign
DOM-XSS vuln.
Number of sources found: 77
Number of sinks found: 14

For instance
Quote
repl: Unexpected token, expected ; (1:17)
> 1 | ["\x3c/form\x3e"]);h.innerHTML=k.join("")
    |                  ^ 

Enjoy, my research developer friends, enjoy,

Example
Quote
import codeFrame from 'babel-code-frame';
 
const rawLines = `class Foo {
  constructor()
}`;
const lineNumber = 2;
const colNumber = 16;
 
const result = codeFrame(rawLines, lineNumber, colNumber, { /* options */ });
 
console.log(result);
var jsTokens = require("js-tokens").default
 
var jsString = "var foo=opts.foo;\n..."
 
jsString.match(jsTokens)
// ["var", " ", "foo", "=", "opts", ".", "foo", ";", "\n", ...]
import {matchToToken} from "js-tokens"
// or:
var g = 9.82
var number = bar / 2/g


polonus
Title: Re: Tests and other Media topics
Post by: polonus on May 03, 2018, 04:35:06 PM
Checking the privacy status of a certain website to a certain degree (cookies, advice, privacy, mozilla recommendations):

Re: https://webcookies.org/scan/15218489
Re: https://www.scamadviser.com/check-website/borneonews.co.id
Re: https://observatory.mozilla.org/analyze/www.borneonews.co.id
Re: https://privacyscore.org/site/96307/
Quote
This website is secured
100% of the trackers on this site are helping protect you from NSA snooping. Why not thank borneonews.co.id for being secure?

 All trackers
At least 7 third parties know you are on this webpage.

 -Google
 -www.borneonews.co.id
 -Facebook
 -Google
-www.google-analytics.com Google
 -api.borneonews.co.id
 -Google

 Info Tracker SSL extension report for wXw.borneonews.co.id

Also consider (1 red out of 10 netcraft risk given):
https://toolbar.netcraft.com/site_report?url=https%3A%2F%2Fwww.borneonews.co.id%2F

and insecurity reported here: https://app.upguard.com/webscan#/borneonews.co.id

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on May 06, 2018, 03:07:39 PM
L.S.

DNS Record Viewer and another fine collection of handy dandy tools here:

http://dns-record-viewer.online-domain-tools.com/

Good to be used in combination with my Shodan extension in the browser - example:
https://www.shodan.io/host/52.2.58.67  -> http://ec2-52-2-58-67.compute-1.amazonaws.com/
PTR - pdns1.ultradns.net  x4.amazonaws.org  x2.amazonaws.com  x1.amazonaws.com  x3.amazonaws.org

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on May 07, 2018, 11:42:47 PM
For Word Press website admins and maintanance:

Looking for retirable jQuery libraries: https://retire.insecurity.today/#

Scan for Word Press issues (a quick and dirty) scan at https://hackertarget.com/wordpress-security-scan/

For developers in the audience:
Quote
With Word Press plug-ins there is a possibility to get errors wih a certain plug-in that overwrites,
Press F 12 and inspect in the browser console what file causes this.
First thing to do now is to de-activate the plug-in, and a second solution is to remove the code,
but in that case you have to know your javascript a bit.


Quote info credits and thanks for the instruction goes out to Jasminder Pal Singh
,
who instructed this method to me via an online video.

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on May 10, 2018, 12:35:42 AM
Going over an error after a PTR request for 165.38.101.151.in-addr.arpa , it said I got a name error.

After reading on how to setup Reverse DNS & PTR records, I stumbled on this nice online interface website:

https://www.digwebinterface.com/?hostnames=165.38.101.151.in-addr.arpa&type=Reverse&ns=resolver&useresolver=8.8.4.4&nameservers=

Not much to go by here: https://toolbar.netcraft.com/site_report?url=165.38.101.151.in-addr.arpa

Above link for IT specialists and researchers only.

We also checked it here and found out why it failed: DNSsy Report Results
Results for 165.38.101.151.in-addr.arpa

Test   Results   Status
Checking domain format:   Hostname looks good.   Pass
Checking for parent nameservers:   Found 6 parent nameservers.   Pass
Checking for parent glue:   Found glue from root nameservers to parent nameservers.   Info
NS records at parent nameserver:   Your NS records at your parent nameserver are:
 
 
Provided by e.in-addr-servers.arpa -> pri.authdns.ripe.net   Info
Nameservers listed at parent:   No nameservers found at parent nameserver.   Fail

Another tool for web admins in this line: http://www.subnet-calculator.com/cidr.php
and for dns: https://www.dnscolos.com/dnsreport.php


Enjoy, my good friends, enjoy,

polonus (volunteer website security analyst and website error-hunter)

Title: Re: Tests and other Media topics
Post by: polonus on May 10, 2018, 02:55:25 PM
More on the dig web interface -

Quote
h@8.8.4.4 (Default):
Usage:  dig [@global-server] [domain] [q-type] [q-class] {q-opt}
            {global-d-opt} host [@local-server] {local-d-opt}
            [ host [@local-server] {local-d-opt} [...]]
Where:  domain     is in the Domain Name System
        q-class  is one of (in,hs,ch,...) [default: in]
        q-type   is one of (a,any,mx,ns,soa,hinfo,axfr,txt,...) [default:a]
                 (Use ixfr=version for type ixfr)
        q-opt    is one of:
                 -x dot-notation     (shortcut for reverse lookups)
                 -i                  (use IP6.INT for IPv6 reverse lookups)
                 -f filename         (batch mode)
                 -b address[#port]   (bind to source address/port)
                 -p port             (specify port number)
                 -q name             (specify query name)
                 -t type             (specify query type)
                 -c class            (specify query class)
                 -k keyfile          (specify tsig key file)
                 -y [hmac:]name:key  (specify named base64 tsig key)
                 -4                  (use IPv4 query transport only)
                 -6                  (use IPv6 query transport only)
                 -m                  (enable memory usage debugging)
        d-opt    is of the form +keyword[=value], where keyword is:
                 +[no]vc             (TCP mode)
                 +[no]tcp            (TCP mode, alternate syntax)
                 +time=###           (Set query timeout) [5]
                 +tries=###          (Set number of UDP attempts) [3]
                 +retry=###          (Set number of UDP retries) [2]
                 +domain=###         (Set default domainname)
                 +bufsize=###        (Set EDNS0 Max UDP packet size)
                 +ndots=###          (Set NDOTS value)
                 +edns=###           (Set EDNS version)
                 +[no]search         (Set whether to use searchlist)
                 +[no]showsearch     (Search with intermediate results)
                 +[no]defname        (Ditto)
                 +[no]recurse        (Recursive mode)
                 +[no]ignore         (Don't revert to TCP for TC responses.)
                 +[no]fail           (Don't try next server on SERVFAIL)
                 +[no]besteffort     (Try to parse even illegal messages)
                 +[no]aaonly         (Set AA flag in query (+[no]aaflag))
                 +[no]adflag         (Set AD flag in query)
                 +[no]cdflag         (Set CD flag in query)
                 +[no]cl             (Control display of class in records)
                 +[no]cmd            (Control display of command line)
                 +[no]comments       (Control display of comment lines)
                 +[no]question       (Control display of question)
                 +[no]answer         (Control display of answer)
                 +[no]authority      (Control display of authority)
                 +[no]additional     (Control display of additional)
                 +[no]stats          (Control display of statistics)
                 +[no]short          (Disable everything except short
                                      form of answer)
                 +[no]ttlid          (Control display of ttls in records)
                 +[no]all            (Set or clear all display flags)
                 +[no]qr             (Print question before sending)
                 +[no]nssearch       (Search all authoritative nameservers)
                 +[no]identify       (ID responders in short answers)
                 +[no]trace          (Trace delegation down from root)
                 +[no]dnssec         (Request DNSSEC records)
                 +[no]nsid           (Request Name Server ID)
                 +[no]sigchase       (Chase DNSSEC signatures)
                 +trusted-key=####   (Trusted Key when chasing DNSSEC sigs)
                 +[no]topdown        (Do DNSSEC validation top down mode)
                 +[no]multiline      (Print records in an expanded format)
                 +[no]onesoa         (AXFR prints only one soa record)
        global d-opts and servers (before host name) affect all queries.
        local d-opts and servers (after host name) affect only that lookup.
        -h                           (print help and exit)
        -v                           (print version and exit)
Example output:
Quote
nimbus.bitdefender.net@8.8.4.4 (Default):
nimbus.bitdefender.net.   21599   IN   CNAME   elb-nvi-amz.nimbus.bitdefender.net.
elb-nvi-amz.nimbus.bitdefender.net. 21599 IN CNAME kube-nimbus-1671728955.us-east-1.elb.amazonaws.com.
kube-nimbus-1671728955.us-east-1.elb.amazonaws.com. 20 IN A 52.204.39.25
kube-nimbus-1671728955.us-east-1.elb.amazonaws.com. 20 IN A 52.203.98.12
kube-nimbus-1671728955.us-east-1.elb.amazonaws.com. 20 IN A 52.203.77.162
kube-nimbus-1671728955.us-east-1.elb.amazonaws.com. 20 IN A 52.205.81.93
kube-nimbus-1671728955.us-east-1.elb.amazonaws.com. 20 IN A 52.45.231.34
kube-nimbus-1671728955.us-east-1.elb.amazonaws.com. 20 IN A 52.45.221.142
kube-nimbus-1671728955.us-east-1.elb.amazonaws.com. 20 IN A 52.44.27.79
kube-nimbus-1671728955.us-east-1.elb.amazonaws.com. 20 IN A 52.21.175.100

pol
Title: Re: Tests and other Media topics
Post by: polonus on May 10, 2018, 08:56:44 PM
Just some further additional sources: https://www.crunchbase.com/organization/securolytics#section-overview

Scam scanning sites: http://www.scamfoo.com/  &   https://www.islegitsite.com/check

So many ways to establish what a website is all about without actually clicking that website link

polonus (volunteer website security analyzer and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on May 23, 2018, 11:05:21 PM
For developer's best practices and for debuggers alike, all your cheat sheets together online:

Re: http://overapi.com/                                       A pity you are not allowed to use it, when doing exams.

Also available as an extension: https://chrome.google.com/webstore/detail/all-cheat-sheets/oedodeocfdeegliepeeoieemhdgoijod

For those into websecurity and error-hunting: https://infosec.mozilla.org/guidelines/web_security.html

Enjoy, my good friends, enjoy,

polonus (volunteer website security analyst and website error-hunter)

Title: Re: Tests and other Media topics
Post by: polonus on June 03, 2018, 07:26:17 PM
Net Neutrality Monitor - Monitor and analysis in real-time of the censorship systems used by Internet Service Providers.

Test your ISP for net neutrality: example: http://www.neumon.org/ip/206.165.6.11.html

polonus
Title: Re: Tests and other Media topics
Post by: Vania19 on June 09, 2018, 02:40:38 PM
HTTP Header check: https://hackertarget.com/http-header-check/
another way using their api: http://api.hackertarget.com/httpheaders/?q=http://www.google.com

See: https://adresults.nl/tools/header-checker/  &  https://headers.cloxy.net/
Re: http://www.internetmarketingninjas.com/header-checker/

Read: https://www.keycdn.com/blog/http-security-headers/  -> check: https://tools.keycdn.com/curl

polonus

Halo Polonus, I have tried link that you share here to check my http header https://smartdigital.id/jasa-seo/ but its show message "unable to connect to HTTP port" and still load more time process than webconfs that I usually use.
Title: Re: Tests and other Media topics
Post by: polonus on June 23, 2018, 01:39:51 PM
A nice website and  webserver scanner for a "quick and dirty"scan,
see results: https://www.htbridge.com/ -> https://www.htbridge.com/websec/

Can be combined with results of this scanner: https://sonarwhal.com/scanner/
and other specific scanners like for instance https://privacyscore.org/ &  https://urlscan.io/domain
Other aspects can be scanned as well, like jQuery library vulnerability at retire.insecurity.today/#
and dom based issues like sources and sinks via: http://www.domxssscanner.com/  (a Google provided service).

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on June 23, 2018, 02:02:23 PM
This could also help you to find initializer errors in scripts like error: Undefined variable storage, where storage had be changed by ::Storage and then in the controller Storage.put_object_url(...)  to no longer get an error like
Quote
found JavaScript
     error: undefined function storage._each
     error: undefined variable storage
for ci.psdev.de/static/61489873/scripts/behavior.js  (info credits amonetti on Github's).

Other related scans: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fpsdev.de
re: https://urlscan.io/result/0f751ff0-71e9-4649-ab52-54e567d86693

All coming from the scan results at: https://www.htbridge.com/websec/ for related https://retire.insecurity.today/#!/scan/7149f4aa52e5c1e085e865b9b15c34cf6da783c323b3b17f1da65f9b9f4e7d50

polonus
Title: Re: Tests and other Media topics
Post by: polonus on June 26, 2018, 10:09:34 PM
EFF starts new project STARTTLS Everywhere to enhance e-mail security:
Example:
https://starttls-everywhere.org/results/?xs4all.nl

polonus
Title: Re: Tests and other Media topics
Post by: polonus on July 03, 2018, 06:07:22 PM
L.S.

When the configuration of STARTTLS is OK, with the right policy list,
and all your hops secured, it is time for automatically enabling HTTPS on your website,
through the use of EEF's Certbot, go here: https://certbot.eff.org/

polonus
Title: Re: Tests and other Media topics
Post by: polonus on July 04, 2018, 06:35:27 PM
Idiot proof implementation of HTTPS: https://httpsiseasy.com/

polonus
Title: Re: Tests and other Media topics
Post by: polonus on July 05, 2018, 05:44:07 PM
Non-malicious site fails SSLScan. See: https://www.htbridge.com/ssl/?id=JcZI3CnC
Compare to: https://observatory.mozilla.org/analyze/www.overgang.no
Also consider: https://dnssec-analyzer.verisignlabs.com/www.overgang.no
Also see: https://sonarwhal.com/scanner/6b727529-dc3f-4687-9596-08107898f6a1

polonus
Title: Re: Tests and other Media topics
Post by: polonus on July 10, 2018, 01:14:08 PM
Cryptojacking test for your browser: https://cryptojackingtest.com/

Cryptojacking test for your website: https://notmining.org/

Example of the second scanner for https://notmining.org/url?busqueda=http%3A%2F%2Fmejortorrent.com
Quote
Last update was on: Tue Jul 10 13:13:11 CEST 2018 . The result of this analyse was: Mining.
Detected: CoinHive.Anonymous (coinhive.com)

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on July 11, 2018, 03:46:46 PM
Online Interactive JavaScript Cheat Sheet for developer and debugger alike:
https://htmlcheatsheet.com/js/

Enjoy, my good friends, enjoy,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on July 14, 2018, 12:45:48 PM
How are the results like in this Cryptojacking campaign report are being searched?

Example: https://pastebin.com/gYkbVP8b  (some blockers block this link, link for researchers only, temporalily unblock in this case).

This is the searchengine they use: https://publicwww.com

Consider this: https://publicwww.com/websites/cryptojacking+/

And one finds further insights like these: https://www.csoonline.com/search?query=cryptojacking+websites&contentType=article%2Cresource

Enjoy, my good friends, enjoy,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on July 14, 2018, 01:56:11 PM
Coming from here: https://www.htbridge.com/websec/?id=Cpy7Tv2c
We stumbled upon: -http://www.baberesto.com/jquery/jquery-1.8.3.min.js

Quote
Attackers often hide backdoors, crypto jacking malware and other malicious code inside of legitimate third-party JS (various libraries and frameworks). We check if a particular version of the third-party JS code was altered with a new code, and report any anomalies here.
The JS seems to match the original code.
The following JS component were found inside:- jQuery [1.8.3]
Then we scanned - https://retire.insecurity.today/#!/scan/641317ed91f88ae93e9067610c473dfcd9e2d68cf1aa721f4c47884ec7e9a1be

And then did a query with "" here: https://publicwww.com/websites/%22%2Fjquery%2Fjquery-1.8.3.min.js%22/
coming up with potentially 18774 websites in 5.14 s. with this medium secerity vulnerability:

Quote
Detected libraries:
jquery - 1.8.3 : (active1) hxtp://www.baberesto.com/jquery/jquery-1.8.3.min.js
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
https://bugs.jquery.com/ticket/11974
http://research.insecurelabs.org/jquery/test/
(active) - the library was also found to be active by running code
1 vulnerable library detected

error(s) inside this javascript code:
Quote
wXw.baberesto.com/jquery/jquery-1.8.3.min.js
     status: (referer=http:/XXX/web?q=puppies)saved 93636 bytes 06e872300088b9ba8a08427d28ed0efcdf9c6ff5
     info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
     info: [decodingLevel=0] found JavaScript
     error: undefined function p.getElementsByTagName
     error: undefined variable p
     info: [element] URL=wXw.baberesto.com/jquery/undefined
     info: [1] no JavaScript
     file: 06e872300088b9ba8a08427d28ed0efcdf9c6ff5: 93636 bytes
     file: d5dba94a76a67a54f2b98b16227da20414542fd9: 72 bytes
-> leading to wXw.baberesto.com/jquery/undefined

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on July 16, 2018, 05:47:20 PM
An iOT Cyber Space search-engine to use next to shodan: https://www.zoomeye.org/searchResult?q=%2Fjquery-1.9.1.min.js

Read: https://twitter.com/ankit_anubhav/status/1017426076467855360 because of
https://depthsecurity.com/blog/dahua-dvr-authentication-bypass-cve-2013-6117


polonus

Title: Re: Tests and other Media topics
Post by: polonus on July 17, 2018, 12:18:03 AM
Testing websites for tracking.

Check websites for tracking here (example): https://whotracks.me/trackers/snigelweb.html

and compare with a scan at (same example): https://privacyscore.org/site/111090/
ANALYZED URL AFTER LOADING:
-http://www.snigelweb.com/   site is using 17 known tracking- or advertising companies.
Vulnerable to the SWEET32 attack.

ANALYZED MAIL SERVER:
-aspmx.l.google.com


polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on July 17, 2018, 12:40:51 PM
Tracking is hot and there is almost no avoiding it. So you'd better know who's tracking you out of your sock(et)s  ;)

See this one, a site that I would block for malicious ad-redirecting.

Explore the data on this page: https://whotracks.me/websites/bulbagarden.net.html

Now compare with this Tracker Tracker report :
Quote
host   distinct names   name frequencies
-https://sb.scorecardresearch.com/beacon.js   1   ScoreCard Research Beacon (1)
1   ADTECH (1)
-https://bulbapedia.bulbagarden.net   8   OpenX (1) DoubleClick (3) ScoreCard Research Beacon (1) Google Tag Manager (1) Google Analytics (2) Twitter Button (1) ZergNet (1) Econda (1)
-https://Q1MediaHydraPlatform·com/ads/video/controller·php?qid=57d6d4bcdbcb6cda37200d1d&qz=1   1   (1)
-https://forums.bulbagarden.net/js/apantic/profilepostlimit/profile_post_limit.min.js?_v=3b17caa1   1   (1)

We tracked using these URLs
Quote
-https://Q1MediaHydraPlatform·com/ads/video/controller·php?qid=57d6d4bcdbcb6cda37200d1d&qz=1
-https://sb.scorecardresearch.com/beacon.js
-http://adserver.adtechus.com/addyn/3.0/5259.1/2787268/0/277/ADTECH;apid=1A8b2d8494-89ab-11e8-b592-d89d671a1f74;cfp=1;rndc=1531823050;loc=100;target=_blank;key=key1+key2+key3+key4;grp=405;misc=1531823049959
-https://bulbapedia.bulbagarden.net
-https://forums.bulbagarden.net/js/apantic/profilepostlimit/profile_post_limit.min.js?_v=3b17caa1

But there are more links: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=bulbagarden.net&ref_sel=GSP2&ua_sel=ff&fs=1

No specifics alerted here: http://isithacked.com/check/http%3A%2F%2Fbulbagarden.net%2F

polonus



Title: Re: Tests and other Media topics
Post by: polonus on July 17, 2018, 04:02:36 PM
Results may differ 17 trackers in one report, 18 trackers found up in the second:
https://whotracks.me/websites/tripadvisor.de.html   versus    https://privacyscore.org/site/42802/

Also see here: https://trackography.org/
For instance data in the Netherlands go to com.score public TV -> -b.scorecardresearch.com (from nos.nl)

polonus
Title: Re: Tests and other Media topics
Post by: polonus on July 17, 2018, 09:05:41 PM
Nice Google JavaScript online compiler service:
https://closure-compiler.appspot.com/home

Repository of such tools: https://mvnrepository.com/artifact/com.google.javascript/closure-compiler

enjoy,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on July 19, 2018, 12:02:25 PM
Is your website ready for the latest technology or rather ready for the "Hall of Shame"?

Checking a Hall of Shame site.

New checksite: https://en.internet.nl/site/phenoelit.org/338066/

Compare with existing website testing sites, like:
https://securityheaders.com/?q=http%3A%2F%2Fphenoelit.org%2F
and https://www.htbridge.com/websec/?id=DnFHnhuc
and https://observatory.mozilla.org/analyze/phenoelit.org

Enjoy, my good friends, enjoy,

polonus (volunteer third party cold reconnaissance website security analyst and website error-hunter)

P.S. I do not advise regular users go here: -http://seurat.0xffffffff.net/  (developer and network hacking)
but with the right mind-set  and being into security, one could learn a lot about insecurity of protocols
(white hat relevant knowledge, ignore the other darker material out there)

Damian
Title: Re: Tests and other Media topics
Post by: polonus on July 19, 2018, 06:16:37 PM
Are you or your devices not on Shodan?

Scan for it here: https://iotscanner.bullguard.com/

Enjoy, I was not on Shodan and secure via the deepscan results. How about you?
Title: Re: Tests and other Media topics
Post by: polonus on July 23, 2018, 11:59:13 AM
Testing with a JavaScript Tester online /*! JsRender v1.0.0-beta: http://github.com/BorisMoore/jsrender and http://jsviews.com/jsviews
informal pre V1.0 commit counter: 63 */
Possible strict violation - Assignment in conditional expression - Confusing use of '!' - 't' is already defined - A constructor name should start with an uppercase lletter - 'g' is already defined - 'd' is already defined - The function constructor is a form of eval - use '!==' to compare with "null'.

Unpacker does not find errors
Quote
nothing detected] script
     info: [decodingLevel=0] found JavaScript
     file: d3d7bb9a49ca44016a34a26956f1bfeacc4de695: 16068 bytes

Read here in this respect: http://mahalingamganesan.weebly.com/security.html
Re: http://www.webtoolkitonline.com/javascript-tester.html  Test in http://jsbin.com

polonus
Title: Re: Tests and other Media topics
Post by: polonus on August 02, 2018, 12:40:17 AM
Check your secure connection DNSSEC & DS algorithm
at https://rootcanary.org/test.html

enjoy my good friends, enjoy

polonus

Somehow GOST WebCrypto is not validated by my resolver(s) - Pure Javascript implementation of WebCrypto API interfaces and Public Key Infrastructure for GOST algorithms (Russian Cryptographic Standards) - read: https://github.com/rudonick/crypto
Demo: http://gostcrypto.com/

When trying to test GOST I was held back by a MalwareBytes Browser Extension Beta alert: Website blocked due
to possible suspicious activity

We strongly recommend you do not visit this site.

Website blocked: htXp://gostcrypto.com/self-tests.html

Damian
Title: Re: Tests and other Media topics
Post by: polonus on August 02, 2018, 01:07:36 AM
Tested it in a decentralized browser, Beaker browser beta, then it worked as a charm, results below:

Quote
GOST R 34.11-94 TEST

Test 01 GOST R 34.11-94-256 ........................................ PASSED 0.024 sec
Test 02 GOST R 34.11-94-256 ........................................ PASSED 0.007 sec
Test 03 GOST R 34.11-94-256 ........................................ PASSED 0.018 sec
Test 04 GOST R 34.11-94-256 ........................................ PASSED 0.032 sec
 
Test 05 GOST R 34.11-94-256/D-TEST ................................. PASSED 0.003 sec
Test 06 GOST R 34.11-94-256/D-TEST ................................. PASSED 0.002 sec
Test 07 GOST R 34.11-94-256/D-TEST ................................. PASSED 0.002 sec
Test 08 GOST R 34.11-94-256/D-TEST ................................. PASSED 0.003 sec
 
PBKDF2 tests
Test 09 GOST R 34.11-94-256-PBKDF2 ................................. PASSED 0.069 sec
Test 10 GOST R 34.11-94-256-PBKDF2 ................................. PASSED 0.026 sec
Test 11 GOST R 34.11-94-256-PBKDF2 ................................. PASSED 1.527 sec
 
TOTAL OK
 
GOST R 34.11-2012 TEST

Test 01 GOST R 34.10-12-256 ........................................ PASSED 0.01 sec
Test 02 GOST R 34.10-12-256 ........................................ PASSED 0.026 sec
Test 03 GOST R 34.10-12-256 ........................................ PASSED 0 sec
Test 04 GOST R 34.10-12-256 ........................................ PASSED 0 sec
 
Test 05 GOST R 34.11-12-256-KDF .................................... PASSED 0.013 sec
Test 06 GOST R 34.11-12-256-KDF .................................... PASSED 0.005 sec
 
HMAC/PBKDF2 tests
Test 07 GOST R 34.11-12-256-HMAC ................................... PASSED 0.001 sec
Test 08 GOST R 34.11-12-512-HMAC ................................... PASSED 0.001 sec
Test 09 GOST R 34.11-12-256-PBKDF2 ................................. PASSED 0.476 sec
Test 10 GOST R 34.11-12-512-PBKDF2/VN .............................. PASSED 0.029 sec
Test 11 GOST R 34.11-12-512-PBKDF2/VN .............................. PASSED 0.026 sec
 
Test 12 GOST R 34.11-12-512 ........................................ PASSED 0 sec
Test 13 GOST R 34.11-12-512 ........................................ PASSED 0 sec
Test 14 GOST R 34.11-12-512 ........................................ PASSED 0 sec
Test 15 GOST R 34.11-12-512 ........................................ PASSED 0.004 sec
 
TOTAL OK
 
SHA-1 TEST

Test 01 SHA-1 ...................................................... PASSED 0.007 sec
Test 02 SHA-1 ...................................................... PASSED 0.001 sec
Test 03 SHA-1 ...................................................... PASSED 0.008 sec
 
PBKDF2 tests
Test 04 SHA-1-PBKDF2 ............................................... PASSED 0.001 sec
Test 05 SHA-1-PBKDF2 ............................................... PASSED 0.004 sec
Test 06 SHA-1-PFXKDF ............................................... PASSED 0.004 sec
Test 07 SHA-1-PFXKDF ............................................... PASSED 0.029 sec
Test 08 SHA-1-PFXKDF ............................................... PASSED 0.003 sec
Test 09 SHA-1-PFXKDF ............................................... PASSED 0.106 sec
 
TOTAL OK
 
GOST R 34.10-94 TEST

Test 01 GOST R 34.10-94-256/S-TEST ................................. PASSED Sign 0.072 sec, Verify 0.036 sec
 
TOTAL OK
 
GOST R 34.10-2012 TEST

Test 01 GOST R 34.10-12-256/S-256-TEST ............................. PASSED Sign 0.237 sec, Verify 0.118 sec
Test 02 GOST R 34.10-12-256/T-512-TEST ............................. PASSED Sign 0.566 sec, Verify 0.408 sec
Test 03 GOST R 34.10-12-256/S-256-TEST ............................. PASSED Sign 0.056 sec, Verify 0.141 sec
Test 04 GOST R 34.10-12-256/S-256-TEST ............................. PASSED Sign 0.035 sec, Verify 0.063 sec
Test 05 GOST R 34.10-12-256/S-256-TEST ............................. PASSED Sign 0.079 sec, Verify 0.279 sec
Test 06 GOST R 34.10-12-256/T-512-TEST ............................. PASSED Sign 0.235 sec, Verify 0.297 sec
 
Key exchange scenario
Test 07 GOST R 34.10-12-256-DH/S-256-TEST .......................... PASSED DeriveKey 0.067 sec
Test 08 GOST R 34.10-12-256-DH/X-256-A ............................. PASSED DeriveKey 0.05 sec
Test 09 GOST R 34.10-12-256-DH/X-256-A ............................. PASSED DeriveKey 0.047 sec
 
TOTAL OK
 
GOST 28147-89/GOST R 34.12-2015 TEST

Test 01 GOST 28147-ECB/D-TEST ...................................... PASSED
Test 02 GOST 28147-CBC/D-TEST ...................................... PASSED
Test 03 GOST 28147-CTR/D-TEST ...................................... PASSED
Test 04 GOST 28147-CFB/D-TEST ...................................... PASSED
Test 05 GOST 28147-ECB/D-TEST ...................................... PASSED
Test 06 GOST 28147-CFB/D-TEST ...................................... PASSED
Test 07 GOST 28147-CFB/E-TEST ...................................... PASSED
Test 08 GOST 28147-CFB/E-A ......................................... PASSED
Test 09 GOST 28147-CFB-8/E-B ....................................... PASSED
Test 10 GOST 28147-CFB-8/E-C ....................................... PASSED
Test 11 GOST 28147-CFB-8/E-D ....................................... PASSED
Test 12 GOST 28147-CFB-8/D-A ....................................... PASSED
Test 13 GOST 28147-CFB-8 ........................................... PASSED
Test 14 GOST 28147-CTR/E-A ......................................... PASSED
Test 15 GOST 28147-ECB/E-Z ......................................... PASSED
 
MAC sing/verify
Test 16 GOST 28147-MAC-32/E-A ...................................... PASSED
Test 17 GOST 28147-MAC-32/E-A ...................................... PASSED
 
Padding
Test 18 GOST 28147-ECB-BITPADDING/D-TEST ........................... PASSED
Test 19 GOST 28147-ECB-BITPADDING/D-TEST ........................... PASSED
Test 20 GOST 28147-ECB-PKCS5PPADDING/D-TEST ........................ PASSED
Test 21 GOST 28147-ECB-PKCS5PPADDING/D-TEST ........................ PASSED
Test 22 GOST 28147-ECB-ZEROPADDING/D-TEST .......................... PASSED
 
Key meshing
Test 23 GOST 28147-CFB-CPKEYMESHING/E-A ............................ PASSED
Test 24 GOST 28147-CBC-CPKEYMESHING/E-A ............................ PASSED
Test 25 GOST 28147-CTR-CPKEYMESHING/E-A ............................ PASSED
Test 26 GOST 28147-MAC-32/E-A ...................................... PASSED
 
Key wrapping
Test 27 GOST 28147-KW/D-TEST ....................................... PASSED
Test 28 GOST 28147-KW/E-A .......................................... PASSED
Test 29 GOST 28147-CPKW/D-TEST ..................................... PASSED
Test 30 GOST 28147-CPKW/E-A ........................................ PASSED
Test 31 GOST 28147-SCKW/E-SC ....................................... PASSED
 
GOST R 34.12-2015/64bits
Test 32 GOST R 34.12-15-ECB ........................................ PASSED
Test 33 GOST R 34.12-15-ECB ........................................ PASSED
Test 34 GOST R 34.12-15-CTR ........................................ PASSED
Test 35 GOST R 34.12-15-CBC ........................................ PASSED
Test 36 GOST R 34.12-15-CFB ........................................ PASSED
Test 37 GOST R 34.12-15-OFB ........................................ PASSED
Test 38 GOST R 34.12-15-MAC-32 ..................................... PASSED
 
GOST R 34.12-2015/128bits
Test 39 GOST R 34.12-15-128-ECB .................................... PASSED
Test 40 GOST R 34.12-15-128-ECB .................................... PASSED
Test 41 GOST R 34.12-15-128-CTR .................................... PASSED
Test 42 GOST R 34.12-15-128-OFB .................................... PASSED
Test 43 GOST R 34.12-15-128-CBC .................................... PASSED
Test 44 GOST R 34.12-15-128-CFB .................................... PASSED
Test 45 GOST R 34.12-15-128-MAC-64 ................................. PASSED
 
RC2
Test 46 RC2-63-ECB ................................................. PASSED
Test 47 RC2-ECB .................................................... PASSED
Test 48 RC2-ECB .................................................... PASSED
Test 49 RC2-ECB .................................................... PASSED
Test 50 RC2-ECB .................................................... PASSED
Test 51 RC2-ECB .................................................... PASSED
Test 52 RC2-128-ECB ................................................ PASSED
Test 53 RC2-129-ECB ................................................ PASSED
 
TOTAL OK

Do not understand why it does not work in the main line of browsers, should work in Yandex browser,
but did not test it there. Also do not understand the over-reactive security alert from MalwareBytes extension  ???


polonus (volunteer 3rd party website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on August 11, 2018, 12:41:40 PM
Nice collection of various blocklists, all incorporated in the code of this dns-fw:
https://github.com/cbuijs/unbound-dns-firewall/blob/master/dns-firewall.lists

Some you could add to your blocker of sorts.
Quote
////
Default-Regex-Black   black   /etc/unbound/regex-blacklist
Default-Regex-White   white   /etc/unbound/regex-whitelist

##Disconnect-Ads   black   https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt   /etc/unbound/disconnect-ads.list   86400   @DOMAIN
##Disconnect-Malware   black   https://s3.amazonaws.com/lists.disconnect.me/simple_malware.txt   /etc/unbound/disconnect-malware.list   86400   @DOMAIN
##Disconnect-Tracking   black   https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt   /etc/unbound/disconnect-tracking.list   86400   @DOMAIN
##Disconnect-Malvertising   black   https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt   /etc/unbound/disconnect-malvertising.list   86400   @DOMAIN

#Adguard-Android   white   https://raw.githubusercontent.com/AdguardTeam/HttpsExclusions/master/android.txt   /etc/unbound/adguard-android.list   86400   @DOMAIN
#Adguard-Banks   white   https://raw.githubusercontent.com/AdguardTeam/HttpsExclusions/master/banks.txt   /etc/unbound/adguard-banks.list   86400   @DOMAIN
#Adguard-FireFox   white   https://raw.githubusercontent.com/AdguardTeam/HttpsExclusions/master/firefox.txt   /etc/unbound/adguard-firefox.list   86400   @DOMAIN
#Adguard-Issues   white   https://raw.githubusercontent.com/AdguardTeam/HttpsExclusions/master/issues.txt   /etc/unbound/adguard-issues.list   86400   @DOMAIN
#Adguard-Sensistive   white   https://raw.githubusercontent.com/AdguardTeam/HttpsExclusions/master/sensitive.txt   /etc/unbound/adguard-sensitive.list   86400   @DOMAIN

EasyList   black   https://easylist.to/easylist/easylist.txt   /etc/unbound/easylist.list   86400   @ADBLOCK-BLACK
EasyList-Element   black   /etc/unbound/easylist.list.download   /etc/unbound/easylist-element.list   86400   @ADBLOCK-ELEMENT
EasyList-White   white   /etc/unbound/easylist.list.download   /etc/unbound/easylist-white.list   86400   @ADBLOCK-WHITE   @ADBLOCK-EXCLUDE
EasyPrivacy   black   https://easylist.to/easylist/easyprivacy.txt   /etc/unbound/easyprivacy.list   86400   @ADBLOCK-BLACK
EasyPrivacy-Element   black   /etc/unbound/easyprivacy.list.download   /etc/unbound/easyprivacy-element.list   86400   @ADBLOCK-ELEMENT
EasyPrivacy-White   white   /etc/unbound/easyprivacy.list.download   /etc/unbound/easyprivacy-white.list   86400   @ADBLOCK-WHITE   @ADBLOCK-EXCLUDE
EasyList-Dutch   black   https://easylist-downloads.adblockplus.org/easylistdutch.txt   /etc/unbound/easylist-dutch.list   86400   @ADBLOCK-BLACK
EasyList-Dutch-Element   black   /etc/unbound/easylist-dutch.list.download   /etc/unbound/easylist-dutch-element.list   86400   @ADBLOCK-ELEMENT
EasyList-Dutch-White   white   /etc/unbound/easylist-dutch.list.download   /etc/unbound/easylist-dutch-white.list   86400   @ADBLOCK-WHITE   @ADBLOCK-EXCLUDE
EasyList-French   black   https://easylist-downloads.adblockplus.org/liste_fr.txt   /etc/unbound/easylist-french.list   86400   @ADBLOCK-BLACK
EasyList-French-Element   black   /etc/unbound/easylist-french.list.download   /etc/unbound/easylist-french-element.list   86400   @ADBLOCK-ELEMENT
EasyList-French-White   white   /etc/unbound/easylist-french.list.download   /etc/unbound/easylist-french-white.list   86400   @ADBLOCK-WHITE   @ADBLOCK-EXCLUDE

#FanBoy-Complete   black   https://fanboy.co.nz/r/fanboy-complete.txt   /etc/unbound/fanboy.list   86400   @ADBLOCK-BLACK
#FanBoy-Complete-White   white   /etc/unbound/fanboy.list.download   /etc/unbound/fanboy-white.list   86400   @ADBLOCK-WHITE   @ADBLOCK-EXCLUDE

#PipeRun   black   https://raw.githubusercontent.com/piperun/iploggerfilter/master/filterlist   /etc/unbound/piperun.list   86400   @ADBLOCK-BLACK

#PopAds   black   https://raw.githubusercontent.com/Yhonay/antipopads/master/popads.txt   /etc/unbound/popads.list   86400   @ADBLOCK-BLACK

#Anudeep   white   https://raw.githubusercontent.com/anudeepND/whitelist/master/whitelist.txt   /etc/unbound/anudeep.list   86400   @DOMAIN
#Anudeep-YouTube-Ads   black   https://raw.githubusercontent.com/anudeepND/youtubeadsblacklist/master/domainlist.txt   /etc/unbound/anudeep-youtube-ads.list   86400   @DOMAIN

#BarbBlock   black   https://ssl.bblck.me/blacklists/domain-list.txt   /etc/unbound/barbblock.list   86400   @DOMAIN

##Adguard-Cryptominers   black   https://raw.githubusercontent.com/AdguardTeam/AdguardFilters/master/EnglishFilter/sections/cryptominers.txt   /etc/unbound/adguard-cryptominers.list   86400   @ADBLOCK-BLACK
##CoinBlocker   black   https://raw.githubusercontent.com/ZeroDot1/CoinBlockerLists/master/list.txt   /etc/unbound/coinblocker.list   86400   @DOMAIN
##CoinBlocker-IP   black   https://raw.githubusercontent.com/ZeroDot1/CoinBlockerLists/master/MiningServerIPList.txt   /etc/unbound/coinblocker-ip.list   86400   @IP
##NoCoin   black   https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/hosts.txt   /etc/unbound/nocoin.list   86400   @HOST0

##Dshield-Top10   black   http://feeds.dshield.org/top10-2.txt   /etc/unbound/dshield-top10.list   86400   @HOST   ^site$
##Dshield-Suspicious   black   https://www.dshield.org/feeds/suspiciousdomains_High.txt   /etc/unbound/dshield-suspicious.list   86400   @DOMAIN   ^site$
#Dshield-Whitelist   white   https://dshield.org/feeds/suspiciousdomains_whitelist_approved.txt   /etc/unbound/dshield-white.list   86400   @DOMAIN   ^site$

##FireHol1   black   https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset   /etc/unbound/firehol1.list   86400   @IP
#FireHol2   black   https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level2.netset   /etc/unbound/firehol2.list   86400   @IP
#FireHol3   black   https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level3.netset   /etc/unbound/firehol3.list   86400   @IP
#FireHol4   black   https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level4.netset   /etc/unbound/firehol4.list   86400   @IP
#FireHol-Abusers   black   https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_abusers_30d.netset   /etc/unbound/firehol-abusers.list   86400   @IP

##BaddBoys   black   https://raw.githubusercontent.com/mitchellkrogza/Badd-Boyz-Hosts/master/hosts   /etc/unbound/baddboyz.list   86400   @HOST0
#Krogza-False-Positive   exclude   https://raw.githubusercontent.com/mitchellkrogza/CENTRAL-REPO.Dead.Inactive.Whitelisted.Domains.For.Hosts.Projects/master/DOMAINS-whitelist.txt   /etc/unbound/krogza-fp.list   86400   @DOMAIN
#Krogza-Dead-Domains   exclude   https://raw.githubusercontent.com/mitchellkrogza/CENTRAL-REPO.Dead.Inactive.Whitelisted.Domains.For.Hosts.Projects/master/DOMAINS-dead.txt   /etc/unbound/krogza-dead.list   86400   @DOMAIN
#Krogza-Reactivated   black   https://raw.githubusercontent.com/mitchellkrogza/CENTRAL-REPO.Dead.Inactive.Whitelisted.Domains.For.Hosts.Projects/master/DOMAINS-re-active.txt   /etc/unbound/krogza-reactivate.list   86400   @DOMAIN
#Krogza-Ultimate-IP   black   https://hosts.ubuntu101.co.za/ips.list   /etc/unbound/krogza-ultimate-ip.list   86400   @IP
#Krogza-Ultimate-Domain   black   https://hosts.ubuntu101.co.za/domains.list   /etc/unbound/krogza-ultimate-domain.list   86400   @DOMAIN
##Krogza-Hacked   black   https://raw.githubusercontent.com/mitchellkrogza/The-Big-List-of-Hacked-Malware-Web-Sites/master/hacked-domains.list   /etc/unbound/krogza-hacked.list   86400   @DOMAIN

##Notracking-Hosts   black   https://raw.githubusercontent.com/notracking/hosts-blocklists/master/hostnames.txt   /etc/unbound/notracking-hosts.list   86400   @HOST0
##Notracking-Domains   black   https://raw.githubusercontent.com/notracking/hosts-blocklists/master/domains.txt   /etc/unbound/notracking-domains.list   86400   @DNSMASQ-ADDRESS

##SpamHaus-Top10-TLD   black   https://www.spamhaus.org/statistics/tlds/   /etc/unbound/spamhaus-top10-tld.list   86400   @SPAMHAUS
##SpamHaus-Top10-BotNet   black   https://www.spamhaus.org/statistics/botnet-isp/   /etc/unbound/spamhaus-top10-botnet.list   86400   @SPAMHAUS
##SpamHaus-Top10-ASN   black   https://www.spamhaus.org/statistics/botnet-asn/   /etc/unbound/spamhaus-top10-asn.list   86400   @SPAMHAUS
##SpamHaus-Drop   black   https://www.spamhaus.org/drop/drop.txt   /etc/unbound/spamhaus-drop.list   86400   @IP
##SpamHaus-Edrop   black   https://www.spamhaus.org/drop/edrop.txt   /etc/unbound/spamhaus-edrop.list   86400   @IP
##SpamHaus-DropV6   black   https://www.spamhaus.org/drop/dropv6.txt   /etc/unbound/spamhaus-dropv6.list   86400   @IP
##SpamHaus-ASNDrop   black   https://www.spamhaus.org/drop/asndrop.txt   /etc/unbound/spamhaus-asndrop.list   86400   @ASN

##Steven-Black-Hosts   black   https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling-porn/hosts   /etc/unbound/stevenblack.list   86400   @HOST0

#SquidBlackList-Ads   black   https://www.squidblacklist.org/downloads/dg-ads.acl   /etc/unbound/squidblacklist-ads.list   86400   @DOMAIN
#SquidBlackList-Malicious   black   https://www.squidblacklist.org/downloads/dg-malicious.acl   /etc/unbound/squidblacklist-malicious.list   86400   @DOMAIN

##Suspect-Networks   black   https://suspect-networks.io/downloads/suspect_networks.txt   /etc/unbound/suspect-networks.list   86400   @IP

##Turris-Grey   black   https://project.turris.cz/greylist-data/greylist-latest.csv   /etc/unbound/turris-grey.list   86400   @IP

#Zonefiles-Malware   black   https://zonefiles.io/f/compromised/domains/live/   /etc/unbound/zonefiles-malware.list   86400   @DOMAIN
#Zonefiles-Malware-IP   black   https://zonefiles.io/f/compromised/ip/live/   /etc/unbound/zonefiles-malware-ip.list   86400   @IP

##MalwareDomainList   black   http://www.malwaredomainlist.com/hostslist/hosts.txt   /etc/unbound/malwaredomain.list   86400   @HOST127

##MailwareDomains   black   https://mirror1.malwaredomains.com/files/justdomains   /etc/unbound/malwaredomains.list   86400   @DOMAIN
##Bulk-Registars   black   http://mirror1.malwaredomains.com/files/bulk_registrars.txt   /etc/unbound/bulk-registars.list   86400   @DOMAIN-WILDCARD
##Immortal-Malware   black   http://mirror1.malwaredomains.com/files/immortal_domains.txt   /etc/unbound/immortal-domains.list   86400   @DOMAIN
##Skype-Resolvers   black   http://mirror1.malwaredomains.com/files/Skype-resolvers.txt   /etc/unbound/skype-resolvers.list   86400   @DOMAIN
##Free-WebHosts   black   http://mirror1.malwaredomains.com/files/freewebhosts.txt   /etc/unbound/freewebhosts.list   86400   @DOMAIN
##Spyware   black   http://mirror1.malwaredomains.com/files/spywaredomains.zones   /etc/unbound/spyware.list   86400   @ZONE

##RansomeWareTracker-Domains   black   https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt   /etc/unbound/ransomewaretracker-doms.list   86400   @DOMAIN
##RansomeWareTracker-IPs   black   https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt   /etc/unbound/ransomewaretracker-ips.list   86400   @IP
##ZeusTracker-BadDomains   black   https://zeustracker.abuse.ch/blocklist.php?download=baddomains   /etc/unbound/zeus-baddomains.list   86400   @DOMAIN
##ZeusTracker-BadIPs   black   https://zeustracker.abuse.ch/blocklist.php?download=badips   /etc/unbound/zeus-badips.list   86400   @IP
##Feado-Domains   black   https://feodotracker.abuse.ch/blocklist/?download=domainblocklist   /etc/unbound/feado-domains.list   86400   @DOMAIN
##Feado-IPs   black   https://feodotracker.abuse.ch/blocklist/?download=ipblocklist   /etc/unbound/feado-ips.list   86400   @IP
#SSL-BL   black   https://sslbl.abuse.ch/blacklist/sslipblacklist.csv   /etc/unbound/ssl-blacklist.list   86400   @IP

#SA-BlackList   black   http://www.sa-blacklist.stearns.org/sa-blacklist/sa-blacklist.current.domains   /etc/unbound/sa-blacklist.list   86400   @DOMAIN

#OpenPhish   black   https://openphish.com/feed.txt   /etc/unbound/openphish.list   86400   @URL

#PhishTank   black   http://data.phishtank.com/data/online-valid.csv   /etc/unbound/phishtank.list   86400   @URLCSV2

#HPHosts-Ads   black   https://hosts-file.net/ad_servers.txt   /etc/unbound/hphosts-ads.list   86400   @HOST127
#HPHosts-Exploit   black   https://hosts-file.net/exp.txt   /etc/unbound/hphosts-exploit.list   86400   @HOST127
#HPHosts-Misleading   black   http://hosts-file.net/mmt.txt   /etc/unbound/hphosts-misleading.list   86400   @HOST127
#HPHosts-Phising   black   https://hosts-file.net/psh.txt   /etc/unbound/hphosts-phising.list   86400   @HOST127

##Blacklist.DE   black   https://lists.blocklist.de/lists/all.txt   /etc/unbound/blocklist.de.list   86400   @IP
##Blacklist.DE-Strong   black   https://lists.blocklist.de/lists/strongips.txt   /etc/unbound/blocklist.de-strong.list   86400   @IP

#Bogon4   black   https://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt   /etc/unbound/bogon4.list   86400   @IP
#Bogon6   black   https://www.team-cymru.org/Services/Bogons/fullbogons-ipv6.txt   /etc/unbound/bogon6.list   86400   @IP

Info credits cbuys

polonus
Title: Re: Tests and other Media topics
Post by: polonus on August 12, 2018, 02:40:30 PM
Re: -https://www.makeuseof.com/tag/followed-click-bait-internet-ads-heres-found/  (Clickbait as clickbait goes)

What do you use as a fact checker for clickbait and media bias?
Example: https://mediabiasfactcheck.com/awareness-act/
Or do you have an extension for that?

Is this a new WOT, webutation outlet?

Always take it with a pince of salt, and make up your own opinion, based of what you know to be facts.
Don't get locked up in your own tunnel-vision.  ;)

polonus
Title: Re: Tests and other Media topics
Post by: bob3160 on August 12, 2018, 03:11:32 PM
Part of the Avast Secure Browser:
(https://screencast-o-matic.com/screenshots/u/Lh/1534079363335-25216.png)
(https://screencast-o-matic.com/screenshots/u/Lh/1534079434258-66231.png)
Title: Re: Tests and other Media topics
Post by: polonus on August 14, 2018, 12:34:51 PM
Does the website you are on offer the new TLS-protocol version?
Firefox browsers are now ready for it.
Read: https://blog.cloudflare.com/rfc-8446-aka-tls-1-3/ *
Test website online here: https://www.1and1.com/ssl-checker

* polonus does not particularly recommend the use of CloudFlare. (Be aware of CloudBleed bug).

polonus
Title: Re: Tests and other Media topics
Post by: mchain on August 15, 2018, 06:58:13 AM
Thanks, pol

avast com has two issues of which ssl test will reveal.  Who to notify?
Title: Re: Tests and other Media topics
Post by: polonus on August 17, 2018, 09:34:24 PM
LS,

Bypassing of cookie crunchers in the browser of tracking and monitoring cookies
 
(uBlock Origin, ABP, Disconnect, Ghostery etc.).
How they do it and what they do not fix: https://www.theregister.co.uk/2018/08/17/usenix_cookies/
test data: https://wholeftopenthecookiejar.eu/

How to check cookies random example: http://www.cookiechecker.nl/check-cookies.php?url=ogv-pompetzki.de
and another one: https://webcookies.org/cookies/media.reklamaizer.ru/2468946
also scan: https://privacyscore.org/

polonus (volunteer 3rd part cold reconnaissance website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on August 18, 2018, 10:35:19 AM
Canvas Tracking example - give in some text and then click generate (Dutch genereren).
Re: http://ermmedia.nl/canvas/

Protection against canvas tracking: https://thehackernews.com/2017/10/canvas-browser-fingerprint-blocker.html
Trace: -https://www.thewindowsclub.com/trace-offers-tracking-protection-chrome-firefox
MalwareBytes warns against installing Cliqz Internet solution!

polonus
Title: Re: Tests and other Media topics
Post by: polonus on August 19, 2018, 08:49:11 PM
Searching for outward links on a malware infested (Ramnit A) domain -888088 dot com:
https://seomon.com/domain/88088.com/outbound/
Also: https://moz.com/researchtools/ose/ which ends August 31st, and now https://moz.com/link-explorer ,
where you have to start an account to scan for links:
Same example from the existing links checker:
https://moz.com/researchtools/ose/links?site=88088.com&filter=&source=external&target=page&group=0&page=1&sort=page_authority&anchor_id=&anchor_type=&anchor_text=&from_site=

polonus
Title: Re: Tests and other Media topics
Post by: polonus on August 21, 2018, 06:43:22 PM
On the subject of DNS interception and manipulation, read:

https://www.theregister.co.uk/2018/08/20/dns_interception/

Some tests to perform:

1. https://cmdns.dev.dns-oarc.net/
2. https://medium.com/@dnsoarc/go-go-check-your-dns-resolver-s-8793e977a84d 
3.  https://www.whatsmydns.net/ 
4. https://openresolver.com/?ip=   
5. https://www.cyberciti.biz/faq/how-to-find-out-what-my-dns-servers-address-is/

Tested with a form and
Quote
Recursive resolver is not detected on X.X.X.X

IP address X.X.X.X is not vulnerable to DNS Amplification attacks.

Also test at:
1.  https://dnssec-debugger.verisignlabs.com/ 
2.  http://www.ipvoid.com/dnssec-lookup/

Read: 3. https://pypi.org/project/dnsknife/ 

In the case of error-scanning:
Please check if you can resolve for instance domain address  'mycomputer.bmw.us' to IP at your Security Center
and at your scanner. I suspect you've got bad DNS server address definition.

Enjoy, my good friends,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on August 21, 2018, 11:55:10 PM
A situation of a malicious 301 redirect flagged by avast's, re: https://forum.avast.com/index.php?topic=221314.msg1473291#new

You can check the search engine friendliness of redirects here: http://www.webconfs.com/redirect-check.php
In the above example we got these results:
Quote
Either www.club21ids.is is NOT REDIRECTING to any URL or the redirect is NOT SEARCH ENGINE FRIENDLY

or check with Google's Malware Check Tool: https://transparencyreport.google.com/safe-browsing/search?url=%20www.club21ids.is
No insecurity found there for -www.club21ids.is .

polonus
Title: Re: Tests and other Media topics
Post by: polonus on August 26, 2018, 03:01:05 PM
Added blocklist collection: https://firebog.net/

Also out of the ordinairy blocklist like coinblocker list: https://zerodot1.gitlab.io/CoinBlockerLists/hosts

polonus
Title: Re: Tests and other Media topics
Post by: polonus on August 27, 2018, 01:15:11 AM
Sometimes you find a block of Base64 Encoded code on a website & you want to see what that code is all about.

Random example: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=dHxrbXxeLm5tLn11YEJ7fH0tYltnLV58LV58YltuLX17bnQuaHRtbA%3D%3D~enc  see inside line 32

Here you could have it decoded https://www.base64decode.org/

Our example comes out like this:
Quote
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:ev="http://www.w3.org/2001/xml-events" height="18px" width="18px"><path fill="rgb( 181, 181, 181 )" d="M17.01,7.98299999999995 C17.01,7.98299999999995 17.01,10.005 17.01,10.005 C17.01,10.005 4.87799999999993,10.005 4.87799999999993,10.005 C4.87799999999993,10.005 10.4390000000001,15.566 10.4390000000001,15.566 C10.4390000000001,15.566 9.00299999999993,17.001 9.00299999999993,17.001 C9.00299999999993,17.001 0.99600000000009,8.99400000000003 0.99600000000009,8.99400000000003 C0.99600000000009,8.99400000000003 9.00299999999993,0.98800000000006 9.00299999999993,0.98800000000006 C9.00299999999993,0.98800000000006 10.4390000000001,2.423 10.4390000000001,2.423 C10.4390000000001,2.423 4.87799999999993,7.98299999999995 4.87799999999993,7.98299999999995 C4.87799999999993,7.98299999999995 17.01,7.98299999999995 17.01,7.98299999999995 Z "/></svg>

Good to know if you have some Base64 Decoding and Encoding on your hands, so enjoy my good friends, enjoy.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on August 27, 2018, 06:28:36 PM
Important to-day is to know who is tracking you, and who and what to block inside your browser of choice.

Who is tracking you? Find out here: https://whotracks.me/trackers/adriver.html
Related to https://whotracks.me/trackers/aidata.io.html (Mind you several IPs may point to various Autonomous Systems),
Re: https://urlscan.io/domain/ssp.adriver.ru

Re: https://urlquery.net/queue/6866f928-a6f6-4093-aadf-81537d7faeab

https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=eDAxLnxbI3x0fC5bXWAwLmdbZjxwWyM9fFBQTntYVVMmWyM9NDE0Njg3NTA2NzkwMzEyOTU1OCZifF5rPXwjfVtWe30%3D~enc

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on September 02, 2018, 12:24:21 AM
Interesting DNS, SSL/TLS, HTTP and HTML results scanner, example:
https://www.htmlyse.com/htmlyse/rules.quantcount.com

Enjoy my friends, enjoy,

A tester online (do not abuse) - http://iseebug.com/XSSOnline/

polonus
Title: Re: Tests and other Media topics
Post by: polonus on September 04, 2018, 05:40:20 PM
Checking for PHP vulnerabilities, mainly through JavaScript:
What we checked? -> echo"%20<a%20href=$userfile_name><center><b>Sucess%20Upload%20:D%20==>%20$userfile_name</b></center></a>"; from where: hxtps://github.com/Moham3dRiahi/XAttacker/blob/master/XAttacker.php

Analysis at http://www.devbug.co.uk/# produced Line 21: Cross-Site Scripting (XSS) in 'echo' via '$userfile_name'

polonus
Title: Re: Tests and other Media topics
Post by: polonus on September 16, 2018, 07:29:44 PM
Handy shortcuts for Google Chrome when your cursor has been hacked through fraudulous helpdesk malware.
ALT-TAB to return to the desktop.
ALT-F4 and close Command-W
Esc stops page from loading

Various Google Chrome shortcuts that everyone that only sweaps and clicks should learn by heart:
https://www.computerhope.com/shortcut/chrome.htm

polonus
Title: Re: Tests and other Media topics
Post by: polonus on September 21, 2018, 02:50:08 PM
1500 websites hackable with the latest WordPress helpdesk fraud attack:
Read: http://labs.sucuri.net/?note=2018-09-18

Example of a query for vulnerable websites:
https://publicwww.com/websites/%22String.fromCharCode%28118%2C+97%2C+114%2C+32%2C+115%2C+111%2C+109%22/

-publicwww.com is a special search engine to search for compromised and/ or compromizable websites, a bit like shodan.
For instance: https://exploits.shodan.io/?q=String.fromCharCode 
Do not go there, when you plan evil, as all you do is being logged.  :D

But for security researchers it is a trove of treasures.  ;)  8)

polonus
Title: Re: Tests and other Media topics
Post by: polonus on September 28, 2018, 03:24:57 PM
Were your mail accounts ever been compromised?
Find out here: https://monitor.firefox.com/scan

For one of my mail accounts this showed up, have long changed passwords in the mean time.
Quote
Example: Malwarebytes
Breach date:November 15, 2014
Compromised accounts:111,623
Compromised data:Dates of birth, Email addresses, IP addresses, Passwords, Usernames, Website activity

Breach data are being provided by: https://www.haveibeenpwned.com/

N.B. If you feel uncomfortable scanning, do not!
I know of several users here on the forums, that won't risk going to haveibeenpwned dot com for instance.


Damian aka polonus
Title: Re: Tests and other Media topics
Post by: polonus on September 29, 2018, 10:35:41 PM
Fun Countdown Clock:
https://www.timeanddate.com/counters/newyear.html?p0=534

pol
Title: Re: Tests and other Media topics
Post by: polonus on October 05, 2018, 10:56:43 PM
Abuse IP base: https://www.abuseipdb.com/check/5.188.10.76
Bad ip resource to check against: https://www.bytefarm.ch/fail2ban/
Reporting: ip   hostname   tor   country   filter(s)   first reported   last reported   hits   reported by'..'
-5.188.10.76   -5.188.10.76   n    [RU] Russian Federation   sshd   06.06.2018 15:46.03 GMT+0200   13.09.2018 00:08.37 GMT+0200   11   2 host(s)

On belated reporting read: https://abuse.ch/blog/measuring-reaction-time-of-abuse-desks/

and check: https://urlhaus.abuse.ch/browse.php?search=5.188.10.76

Another interesting SSL resource bad certs: https://sslbl.abuse.ch/

Incidents as detected on AS: (random example) https://abuse.shaunc.com/incidents/about/AS16276/

A fail2ban repository from a home address: https://jackfarrand.uk/admin/

Another resource: https://packettotal.com/app/analysis?id=7b770d9a70d575f66e8778b0bb5bdf8e&name=conn

list of bruteforcers: https://home.nuug.no/~peter/bruteforcers.txt

attackers going on: https://attackers.ongoing.today/httpd.txt

another drop of attackers: https://report.cs.rutgers.edu/DROP/attackers

SSH honeypot: https://otx.alienvault.com/pulse/5b8fd4d62f7c866a98fcf80b

spam emitters: https://www.megarbl.net/asncheck/AS16276

POWER DNS queries for non-existent records for existing domains:
https://ns1.fast.qa/?ring=nxdomain-queries

So some lists abuse galore  >:( :D

polonus
Title: Re: Tests and other Media topics
Post by: polonus on October 14, 2018, 08:47:10 PM
Links to check on spam-IPs:
Found at: https://github.com/stamparm/ipsum  in it's Hall of Shame.
Checked for higher miniFraud Score: https://www.maxmind.com/en/high-risk-ip-sample/171.25.193.25
Forum spam checker: https://www.stopforumspam.com/ipcheck/171.25.193.25
At project honeypot's: https://www.projecthoneypot.org/ip_171.25.193.25
Green Snow list: https://greensnow.co/view/171.25.193.25
WatchGuard RepAuthority's list check: http://www.reputationauthority.org/lookup.php?ip=tor-exit5-readme.dfri.se
In beta: http://beta.brightcloud.com/tools/url-ip-lookup.php

Enjoy, my friends, enjoy,

polonus

P.S. And to say with my good friend, Pondus, it is always a good idea to check IPs against VT:
https://www.virustotal.com/#/ip-address/171.25.193.25

Damian

Title: Re: Tests and other Media topics
Post by: polonus on October 17, 2018, 11:48:01 PM
Known CMS still accept older PHP versions and accordingly vulnerabilities (Drupal, Joomla, Word Press)

Check your code online at the PHPStan Playground...
checked vulnerable code like
Quote
<?
session_start();
include (“../config.php”);
echo $loggedin;

if ($loggedin != “1”){
header(“Location: http://www.google.com”); /* Redirect browser */

}

{
echo “Will this code Get executed?”;
}?>
Where we stumble upon
Quote
unexpected T_STRING, expecting ';'
in line 12 - While testing a web application today, i noticed an unusual 302 HTTP response. Normally a 302 response just has a header and no html code, becuase its meant to be redirecting you to the page cited in the ‘Location’ field of the http header.� The 302 response had the html code which will be presented to the authenticated admin user, but, we didnt have the admin credentials. So, how are we seeing this code. After analyzing the 302 redircect response, we concluded that this was the result of insecure coding. Info credits go to Tesjawi.

So not escaping quotes in the string, of course it's not going to work.
Just add a \ before the " in the <input> tag and you are good to go.
(pol).

Check with PHP malware finder: https://github.com/nbs-system/php-malware-finder/

Enjoy, my good friends, enjoy, and remember PHP often can be inherently insecure.

Encrypted with Yellowpipe's Code Source Encrypter it looks like
Quote
<script>
<!--
document.write(unescape("%3C%3F%0Asession_start%28%29%3B%0Ainclude%20%28%u201C../config.php%u201D%29%3B%0Aecho%20%24loggedin%3B%0A%0Aif%20%28%24loggedin%20%21%3D%20%u201C1%u201D%29%7B%0Aheader%28%u201CLocation%3A%20http%3A//www.google.com%u201D%29%3B%20/*%20Redirect%20browser%20*/%0A%0A%7D%0A%0A%7B%0Aecho%20%u201CWill%20this%20code%20Get%20executed%3F%u201D%3B%0A%7D%3F%3E"));
//-->
</script>
  file: 368a84ccc831bea70c7649b7ce50c0abea9c4557: 412 bytes
     file: c01a81e4621b7a3059b2257cffb9f2c743efd250: 223 bytes

Decoded Files
368a/84ccc831bea70c7649b7ce50c0abea9c4557 from script (412 bytes, 4 hidden) download
coded source: c01a/81e4621b7a3059b2257cffb9f2c743efd250 from script (223 bytes)

polonus
Title: Re: Tests and other Media topics
Post by: polonus on October 21, 2018, 09:34:40 PM
Pages to test your ad-blocker performance: https://pi-hole.net/pages-to-test-ad-blocking-performance/

Read: https://www.raymond.cc/blog/10-ad-blocking-extensions-tested-for-best-performance/

Another test: https://ads-blocker.com/testing/

Pecular subliminal adtest: https://ads-blocker.com/subliminal-advertising/  (not for minors!)
Also see: https://ads-blocker.com/block-referral-spam/

polonus
Title: Re: Tests and other Media topics
Post by: polonus on October 22, 2018, 09:16:28 PM
A not so known browser leak is known as TLS session resumption tracking,
set per default for seven days in stead of the 10 hours several known security researchers propose. 

This tracking is even more of a problem on Android devices ,
 where the browser sessions could stay open much longer.

Both facebook and google to abuse this security protocol for (third party) user tracking and moniotoring.
When the user blocks an ad-tracking way, they find a way around this either this or that way.
It is just a big uneven cat and mouse game.

Read: Lees: https://www.theregister.co.uk/2018/10/19/tls_handshake_privacy/

But there many more ways to track someone through a browser at the cost of privacy.

Test: Notable testing websites:

https://browserleaks.com/

https://whoer.net/

https://ip-check.info/?foundHTTPS=true

https://panopticlick.eff.org/

https://www.doileak.com/'

Also read here: https://www.reddit.com/r/privacy/comments/8221hn/tob_ios_browser_vs_duck_duck_go_ios_browser_vs/
Do not understand why some block reddit now as being a form of  "fake news"?

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on October 25, 2018, 12:38:51 AM
Feeds: https://app.cymon.io/feeds  with various malware trackers.

There is loads, like this one: https://urlhaus.abuse.ch/browse/

polonus
Title: Re: Tests and other Media topics
Post by: polonus on October 25, 2018, 12:33:49 PM
Multiple 0-days in Magecart: https://gwillem.gitlab.io/2018/10/23/magecart-extension-0days/

An older object injection exploit from 2014 was again being used:
Re: https://websec.wordpress.com/2014/12/08/magento-1-9-0-1-poi/

And dangerous PHP function was being abused: http://php.net/manual/en/function.unserialize.php

Check:  https://www.functions-online.com/unserialize.html

polonus
Title: Re: Tests and other Media topics
Post by: polonus on October 29, 2018, 03:52:25 PM
Interesting virtual representation on malware analysis:
https://app.any.run/tasks/e15b7ee2-5977-4b8d-b2d7-4a1c74236c52
Also see: https://app.any.run/submissions
and https://report.any.run/44c359341f1956e45ed284befb27115db2c4ef78a123234fcbbd18948d109696/0bc676ad-8d64-466f-b9fd-ad3327963fe6#generalInfo

polonus
Title: Re: Tests and other Media topics
Post by: Pondus on October 29, 2018, 05:30:30 PM
Interesting virtual representation on malware analysis:
https://app.any.run/tasks/e15b7ee2-5977-4b8d-b2d7-4a1c74236c52
Also see: https://app.any.run/submissions
and https://report.any.run/44c359341f1956e45ed284befb27115db2c4ef78a123234fcbbd18948d109696/0bc676ad-8d64-466f-b9fd-ad3327963fe6#generalInfo

polonus
Any.Run - An Interactive Malware Analysis Tool - Is Now Open To The Public
https://www.bleepingcomputer.com/news/security/anyrun-an-interactive-malware-analysis-tool-is-now-open-to-the-public/


Title: Re: Tests and other Media topics
Post by: polonus on November 03, 2018, 01:28:39 PM
Whenever javascript error hunting is your thingie, this YouTube video is just for you: https://www.youtube.com/watch?v=0dgmeTy7X3I
Very illustrative and instructing presentation.

It is interesting how security mechanisms within core-packages still can be circumvented by respresenting code in some other form, for instance via type manipulation. Just think about the sheer number of some 375.000 packages for node.js alone, where such insecurities may lure around the corner!

Also consider how these packages could impact each other. How they could kick up insecurity through the  eco-system. Think of angular.js via %2e/%2e/etc. & alert(1) to circumvent inbuilt safety code.

Is code being skimmed and screened for such errors and insecurity, because we cannot do this automatically? Always a pair of eyes are needed to do this properly.

Fine presentation via the Snyk platform and various vulnerabilities presented for json javascript libraries and ways to compromise ready-made. Read: https://snyk.io/ One could also test code there online.

Example in apis.google.com/js/plusone.js with errors detected in undefined function $ and a Syntax error, see: https://gist.github.com/ashumeow/34c11dcff0f7b2920364 -> Try to open this inside codepad, Undeminished plusone.js has 377 lines of code,  (info source credits go to luntrus).

enjoy, my friends, enjoy,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on November 04, 2018, 12:31:13 AM
As I found the dom-xss online scanner now almost constantly producing a "503 Over Quota",
Hey, Google, give that site another swing?!?

So I looked for an alternative.

Another test site full of tests here: https://find-xss.net/tests/?test_id=1&l=en
Also to test your score of xss vulnerability patterns.
Just for training and protection purposes.

(Do not use these info for evil purposes, as that will put you in trouble with authorities)

polonus
Title: Re: Tests and other Media topics
Post by: polonus on November 05, 2018, 09:59:27 PM
Online analysis of some malware:
Where we found it: https://urlquery.net/report/7788ed09-00cf-47dc-93f1-f5a63adb6c83
Online analyses:
https://www.hybrid-analysis.com/sample/da117d759fe6aff7b76efa28028e6fcd04c56f80e8b5149fe4d3f5f16b00dc5c?environmentId=100
and: https://www.maltiverse.com/sample/092055023937e87f7926f1905c0ddf23fc85d33e987594e5535b3f995df7931e
and:
https://report.any.run/c1ada39372a4c755098718feaf45d6f7bb389a680e71944352ea2bcb63f146e4/4521ac0e-cc80-434e-9d5f-e90c155785f6
and on IP: https://cymon.io/188.209.52.136
And on security: https://www.htbridge.com/websec/?id=3jqvV8qK
Oversight: https://support.clean-mx.com/clean-mx/viruses.php?country=nl
and here: https://support.clean-mx.com/clean-mx/xmlviruses?response=alive&format=xml&fields=review,url&sa=U&ei=3p2eU8vjH4PwPLbWgJgG&ved=0CBQQFjAA&usg=AFQjCNFW6BPj8vKD_Fo-5fZfTFMi2DNXfw

enjoy, my good friends, enjoy,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on November 09, 2018, 11:21:26 PM
Scanner has come to end of lifetime: (was started in 2011)
https://www.troyhunt.com/its-end-of-life-for-asafaweb/

Still there are other valuable scanners online, for instance:
https://codebeautify.org/jsvalidate

polonus
Title: Re: Tests and other Media topics
Post by: polonus on November 11, 2018, 11:05:47 PM
You own a website that runs Word Press CMS Content Management Software),
Just check it from time to time,
using the following online scan engines:

https://urlquery.net/
https://sitecheck.sucuri.net
https://hackertarget.com/wordpress-security-scan/
https://retire.insecurity.today/#
https://webhint.io/scanner/
https://aw-snap.info/file-viewer/
https://observatory.mozilla.org/?

Follow up the recommendations found there or inform your web-admin/hoster of security issues detected.

Always use last versions of core-software, theme-software and plug-in software.
Update en Patch continuously , also mind to update PHP.
Retire vulnerable JQuery script(s).

Whenever in doubt post in the "virus and worms" section, and wait for a reaction.

Stay safe and secure,

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on November 17, 2018, 05:11:25 PM
Relations from searching for a malicious IP address.
We started out here: https://www.maltiverse.com/dashboards/newioc
and found this malicious Toolbar.Conduit executable: https://www.maltiverse.com/sample/b2c78409224552a0522cd218f08b9aea18b47f2accaff3b6068c20519c5d63c2
From that hash we stumbled upon: https://www.virustotal.com/pl/file/b2c78409224552a0522cd218f08b9aea18b47f2accaff3b6068c20519c5d63c2/analysis/
and also searched at urlquery dot net: https://urlquery.net/report/a2dbd597-f2a8-4536-bffa-4c69afa4c14e
which delivered a bad request alert for us.
This while we also had these resources: https://www.malwareurl.com/ip_listing.php?ASN=AS22822
and  https://www.threatcrowd.org/domain.php?domain=s.delvenetworks.com
or: https://packettotal.com/app/analysis?id=c1a3a5f6393a42e9015251c23cc58c56&name=http
and https://www.threatminer.org/ssl.php?q=66fbc4c6f3788d27a2218571055d8076ef1297e8

IP and hash searches really make sense to find out what malware or suspicious activity lies behind a certain IP address or a specific hash stands for, like:
Quote
SHA256:   b2c78409224552a0522cd218f08b9aea18b47f2accaff3b6068c20519c5d63c2
Nazwa pliku:   uTorrent.exe
Współczynnik wykrycia:   6 / 67
Data analizy:   2018-10-23 06:59:10 UTC ( 3 tygodnie, 4 dni temu )

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on November 22, 2018, 11:08:15 PM
To enable security passed between two parties via JSON Web Tokens.

Editing JSON Web Tokens at jwt.io -Example > eyJhbGciOiJIUzI1NiJ9.e30.FXibJVNHsvJ6Ff-N9XtTTom9cGExRqsldHbrhAOqRUg
HEADER:ALGORITHM & TOKEN TYPE


{
  "alg": "HS256"
}
PAYLOAD:DATA


{}
VERIFY SIGNATURE

HMACSHA256(
  base64UrlEncode(header) + "." +
  base64UrlEncode(payload),
 
your-256-bit-secret

) secret base64 encoded
 Signature Verified
Libraries for Token Signing/VerificationFILTER BY
Warning: Critical vulnerabilities in JSON Web Token libraries with asymmetric keys. Learn more
Then follow the checks..

Securely implement authentication with JWTs using Auth0 on any stack and any device in less than 10 minutes.

TOKENS CREATED
Supported byMissing something?Send a Pull Request-License

Enjoy, my good folks, enjoy,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on November 24, 2018, 10:32:03 PM
Website scan sites come and go.

We lost asafaweb scan, which has reached End of Life.
Interesting website scanner is UpGuard Cloud Scanner: https://webscan.upguard.com/#/
Website Health Check: https://webscan.foregenix.com/
WebScan: https://www.htbridge.com/websec/

Some things lost, some things gained,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on November 24, 2018, 11:35:19 PM
Just to present you with the results of above mentioned scanners for and on this next website
->  https://urlquery.net/report/ea1db0cd-562a-43f3-811a-15464bac12f9
We will see various issues on security check-ups here: https://webscan.upguard.com/#/http://passmcsa.com
Bad security headers in Word Press detected: https://webscan.foregenix.com/webscan_results.html?scanid=e65cd8d6_06cb_4230_80f0_5d258de9d5ef
F-grade test result: https://www.htbridge.com/websec/?id=DZMx7uMz
Of course we have to add specific Word Press check results": user enumeration not disabled and directory listing not disabled via
https://hackertarget.com/wordpress-security-scan/ 
and 1 vuln. jQuery library to be retired -> https://retire.insecurity.today/#!/scan/7ee81e4693c6039d7b6b0debe1cc68c908ddd9a7c36e7a014a22b3a68a12a52d

Interesting on website is that we found that the bootstrap code was altered (there were recent bug errors),
at a final note this scan qualifying the website as clean: https://quttera.com/detailed_report/passmcsa.com
but what's that verdict worth in the light of all security recommendations web admins had better heed,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on December 05, 2018, 12:53:52 AM
Searching for a particular malware: Example:
Old info and probably not reliable:
https://www.experts-exchange.com/questions/22038431/Virus-on-computerthat-symantec-cannot-remove.html
A reliable source: https://www.threatcrowd.org/listMalware.php?page=55&antivirus=TrojW
and also: https://www.threatcrowd.org/listMalware.php?page=33&antivirus=FakeMS
and also: http://zerocert.org/?code=9d2f0e2260b7c643b043b2ea87b24747110cf9812ea17f51e5645c3f37b3e94c
On a specific domain: https://urlscan.io/domain/count18.51yes.com
and also: https://www.virustotal.com/#/domain/count18.51yes.com
All starting from: https://urlquery.net/report/7451855c-f83c-40f7-92aa-79f0566371f1

polonus
Title: Re: Tests and other Media topics
Post by: polonus on December 05, 2018, 05:08:31 PM
Is your IP or host address blaclisted : http://www.anti-abuse.org/multi-rbl-check/
or here: https://whatismyipaddress.com/blacklist-check
or: https://mxtoolbox.com/blacklists.aspx

polonus
Title: Re: Tests and other Media topics
Post by: polonus on December 16, 2018, 04:01:35 PM
Several checks on websites being malicious:
https://keystonesolutions.io/solutions/lookup-potentially-malicious-websites/

Interesting background information: https://www.securityskeptic.com/malware/

Malware prevention: http://malwaredomains.lehigh.edu/

polonus
Title: Re: Tests and other Media topics
Post by: polonus on December 16, 2018, 04:53:43 PM
Checking on malware information (for security researchers only):

Queried because of : https://urlquery.net/report/7e9093e0-7fae-40c8-9f42-014f156fca2d
report here: https://www.malwareurl.com/listing.php?domain=addictive.de
http://www.urlvir.com/search-host/addictive.de/
Also consider the informative scan results here: https://www.htbridge.com/websec/?id=4yPpdRiU

polonus
Title: Re: Tests and other Media topics
Post by: polonus on December 23, 2018, 09:39:58 PM
Sometimes we feel the need to do a scan on an AS.
Example to start from - https://urlquery.net/report/1891ca82-d335-448a-8862-614508466d7a
On that particular AS -> https://www.peeringdb.com/net/308
re: https://radar.qrator.net/as4134
re: http://www.cidr-report.org/cgi-bin/as-report?as=AS4134
re: https://www.spamhaus.org/statistics/botnet-asn/
background info: https://bgpmon.net/chinese-isp-hijacked-10-of-the-internet/
on botnet activity: https://zeustracker.abuse.ch/monitor.php?as=4134
re: https://isc.sans.edu/asreport.html

polonus
Title: Re: Tests and other Media topics
Post by: polonus on December 26, 2018, 03:40:51 PM
Various block lists of attack IP's: example IP:
https://www.abuseipdb.com/check/129.204.34.155
https://report.cs.rutgers.edu/mrtg/drop/dropstat.cgi?start=-1h
https://www.binarydefense.com/banlist.txt?__hstc=103210719.1bb630f9cde2cb5f07430159d50a3c91.1538179200074.1538179200075.1538179200076.1&__hssc=103210719.1.1538179200077&__hsfp=2025384311
https://www.axarva.co.id/blacklist-ip/blocklist.rsc
http://www.eventreader.com/firegen_malicious_ips.txt

Nice resources, enjoy, my good friends, enjoy!

polonus
Title: Re: Tests and other Media topics
Post by: polonus on January 22, 2019, 05:07:55 PM
L.S.

See what malware sites were being reported to URLhaus lately: https://urlhaus.abuse.ch/browse/
Before being taken down by providers, some stay active for over a week and can infect a great many devices with malware.

In the case of Chinese malware sites, Chinese providers are known to react rather slow, some malcode may stay on for over a month. They shouldn't be that lax. Domination on malware is not a thing to be proud of.  ;)

URLhaus with 256 researchers over the last 10 month achieved to have a 100.000 websites being taken down.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on January 22, 2019, 05:56:26 PM
Example of such a blacklisted site been taken down: https://urlhaus.abuse.ch/url/107430/
See: Web Server:
None
X-Powered-By:
None
IP Address:
69.90.66.40
Hosting Provider:
Cogeco Peer 1  -> https://www.privacyshield.gov/participant?id=a2zt0000000TNvtAAG&status=Active
Shared Hosting:
3 sites found on 69.90.66.40

Clean-up needed: https://sitecheck.sucuri.net/results/tekacars.com/wp-content

Re: http://69.90.66.40/cgi-sys/defaultwebpage.cgi  not secure.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on January 25, 2019, 05:54:30 PM
Stumbled upon this scam tester: https://www.scamner.com/latest
Could be checked also against scams at https://www.urlvoid.com/
and here: https://www.siteprice.org/tools/AdultWebsiteChecker.aspx

enjoy my friends, enjoy

polonus
Title: Re: Tests and other Media topics
Post by: polonus on February 03, 2019, 06:57:04 PM
Quite a selection of website scanners:
https://keystonesolutions.io/solutions/lookup-potentially-malicious-websites/
to look up potentially malicious websites.

Example looked up on PHISHCheck from here: wXw.hannahsartistcorner.com  -> https://www.threatminer.org/domain.php?q=www.hannahsartistcorner.com  delivering result
Quote
{"sid": 177823, "is_success": true}

Google Safebrowsing alerts for such sites like htxps://uprisefest.com/images/account/index.php with a security error,
which is being reported to PHISHTank. 
100% given as malicious here: https://zulu.zscaler.com/submission/9067b9f4-3f64-46e4-8200-a2bfe3262741

polonus
Title: Re: Tests and other Media topics
Post by: polonus on February 05, 2019, 12:10:51 AM
Different days for first time detections, are they being reported independantly?

Re: https://urlhaus.abuse.ch/url/117199/   &  https://otx.alienvault.com/indicator/domain/vektorex.com
Also see external sources given there...

Our forum friend, Pondus, always being very accurate on the most recent VT results.  ;) Thank you, Pondus.

Here they'd come up with 'three days ago': https://www.virustotal.com/nl/file/199a431e655b6890e3641cda8a98cdaa5c9e4c79303aa734f1ad05eb7ba6b01c/analysis/1549019095/

and this was only yesterday: https://www.virustotal.com/nl/domain/vektorex.com/information/

polonus
Title: Re: Tests and other Media topics
Post by: polonus on February 14, 2019, 09:38:35 PM
Hole in Word Press plug-ins.
A listing of vulnerable plug-ins from various resources:
https://firstsiteguide.com/tools/free-fsg/hacked-dangerous-vulnerable-wordpress-plugins/#bad_plugins

To get recommendations and tipts to improve websites, scan: https://webhint.io/scanner/ & https://webscan.upguard.com/

Specifically for a quick and dirty on Word Press CMS: https://hackertarget.com/wordpress-security-scan/

Or use retire.js as a Google Chrome/Brave 1.0/ extension: https://chrome.google.com/webstore/detail/retirejs/moibopkbhjceeedibkbkbchbjnkadmom

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on February 15, 2019, 06:39:36 PM
Background of malware injecting script IP: https://urlquery.net/report/c843e000-63ab-4175-8cd4-864427eeabc3
See: https://www.virustotal.com/fr/url/dab0812fe89ebcac05a3f37cbad6effaa06802bf91b00535ae789f8d05096aa2/analysis/1528944320/
and https://www.polaris64.net/blog/cyber-security/2017/wordpress-hacks-jquery-js-script-injection
and https://otx.alienvault.com/indicator/ip/134.249.116.78
and https://cymon.io/134.249.116.78   
and https://malwarebreakdown.com/2017/04/18/hacked-sites-redirecting-users-to-various-malvertising-campaigns/
How to find the backdoor: https://wordpress.stackexchange.com/questions/256050/how-to-find-the-backdoor-of-the-hack
Re: https://www.ip-finder.me/134.249.116.78/  Your IP 172.69.54.30 has been blacklisted!
and https://www.quicksilk.com/blog/1/checkpoint-10000-hacked-wordpress-sites
and https://productforums.google.com/forum/#!topic/webmasters/02BijAFd9n4
check: https://services.normshield.com/blacklist/ip/134.249.116.78

polonus
Title: Re: Tests and other Media topics
Post by: polonus on February 21, 2019, 08:05:08 PM
Resources for vulnerabilities. Example outdated vulnerable Word Press plug-in:
https://publicwww.com/websites/wp-pagenavi+2.92/

wp-pagenavi 2.92   latest release (2.93) Update required
https://lesterchan.net/portfolio/programming/php/

polonus
Title: Re: Tests and other Media topics
Post by: polonus on February 26, 2019, 11:51:57 PM
Handy online tool for the javascript analyst (use with discern and always play nice):.

A good online deobfuscator of javascript: https://www.dcode.fr/javascript-unobfuscator
Proof of the pudding - "probieren geht ueber studieren":

Some harmless obfuscated code like wp-embed.min.js?ver=4.9.9
Quote
var _0x9024=["\x75\x73\x65\x20\x73\x74\x72\x69\x63\x74","\x4D\x53\x49\x45\x20\x31\x30","\x69\x6E\x64\x65\x78\x4F\x66","\x61\x70\x70\x56\x65\x72\x73\x69\x6F\x6E","\x6D\x61\x74\x63\x68","\x75\x73\x65\x72\x41\x67\x65\x6E\x74","\x69\x66\x72\x61\x6D\x65\x2E\x77\x70\x2D\x65\x6D\x62\x65\x64\x64\x65\x64\x2D\x63\x6F\x6E\x74\x65\x6E\x74","\x71\x75\x65\x72\x79\x53\x65\x6C\x65\x63\x74\x6F\x72\x41\x6C\x6C","\x6C\x65\x6E\x67\x74\x68","\x64\x61\x74\x61\x2D\x73\x65\x63\x72\x65\x74","\x67\x65\x74\x41\x74\x74\x72\x69\x62\x75\x74\x65","\x73\x75\x62\x73\x74\x72","\x72\x61\x6E\x64\x6F\x6D","\x73\x72\x63","\x23\x3F\x73\x65\x63\x72\x65\x74\x3D","\x73\x65\x74\x41\x74\x74\x72\x69\x62\x75\x74\x65","\x63\x6C\x6F\x6E\x65\x4E\x6F\x64\x65","\x73\x65\x63\x75\x72\x69\x74\x79","\x72\x65\x6D\x6F\x76\x65\x41\x74\x74\x72\x69\x62\x75\x74\x65","\x72\x65\x70\x6C\x61\x63\x65\x43\x68\x69\x6C\x64","\x70\x61\x72\x65\x6E\x74\x4E\x6F\x64\x65","\x71\x75\x65\x72\x79\x53\x65\x6C\x65\x63\x74\x6F\x72","\x61\x64\x64\x45\x76\x65\x6E\x74\x4C\x69\x73\x74\x65\x6E\x65\x72","\x77\x70","\x72\x65\x63\x65\x69\x76\x65\x45\x6D\x62\x65\x64\x4D\x65\x73\x73\x61\x67\x65","\x64\x61\x74\x61","\x73\x65\x63\x72\x65\x74","\x6D\x65\x73\x73\x61\x67\x65","\x76\x61\x6C\x75\x65","\x74\x65\x73\x74","\x69\x66\x72\x61\x6D\x65\x5B\x64\x61\x74\x61\x2D\x73\x65\x63\x72\x65\x74\x3D\x22","\x22\x5D","\x62\x6C\x6F\x63\x6B\x71\x75\x6F\x74\x65\x5B\x64\x61\x74\x61\x2D\x73\x65\x63\x72\x65\x74\x3D\x22","\x64\x69\x73\x70\x6C\x61\x79","\x73\x74\x79\x6C\x65","\x6E\x6F\x6E\x65","\x73\x6F\x75\x72\x63\x65","\x63\x6F\x6E\x74\x65\x6E\x74\x57\x69\x6E\x64\x6F\x77","\x68\x65\x69\x67\x68\x74","\x6C\x69\x6E\x6B","\x61","\x63\x72\x65\x61\x74\x65\x45\x6C\x65\x6D\x65\x6E\x74","\x68\x72\x65\x66","\x68\x6F\x73\x74","\x61\x63\x74\x69\x76\x65\x45\x6C\x65\x6D\x65\x6E\x74","\x6C\x6F\x63\x61\x74\x69\x6F\x6E","\x74\x6F\x70","\x44\x4F\x4D\x43\x6F\x6E\x74\x65\x6E\x74\x4C\x6F\x61\x64\x65\x64","\x6C\x6F\x61\x64"];!function(_0x9312x1,_0x9312x2){_0x9024[0];function _0x9312x3(){if(!_0x9312x9){_0x9312x9=  !0;var _0x9312x1,_0x9312x3,_0x9312x4,_0x9312x5,_0x9312x6=-1!== navigator[_0x9024[3]][_0x9024[2]](_0x9024[1]),_0x9312x7=!!navigator[_0x9024[5]][_0x9024[4]](/Trident.*rv:11\./),_0x9312x8=_0x9312x2[_0x9024[7]](_0x9024[6]);for(_0x9312x3= 0;_0x9312x3< _0x9312x8[_0x9024[8]];_0x9312x3++){if(_0x9312x4= _0x9312x8[_0x9312x3],!_0x9312x4[_0x9024[10]](_0x9024[9])){_0x9312x5= Math[_0x9024[12]]().toString(36)[_0x9024[11]](2,10),_0x9312x4[_0x9024[13]]+= _0x9024[14]+ _0x9312x5,_0x9312x4[_0x9024[15]](_0x9024[9],_0x9312x5)};if(_0x9312x6|| _0x9312x7){_0x9312x1= _0x9312x4[_0x9024[16]](!0),_0x9312x1[_0x9024[18]](_0x9024[17]),_0x9312x4[_0x9024[20]][_0x9024[19]](_0x9312x1,_0x9312x4)}}}}var _0x9312x4=!1,_0x9312x9=!1;if(_0x9312x2[_0x9024[21]]){if(_0x9312x1[_0x9024[22]]){_0x9312x4=  !0}};if(_0x9312x1[_0x9024[23]]= _0x9312x1[_0x9024[23]]|| {},!_0x9312x1[_0x9024[23]][_0x9024[24]]){if(_0x9312x1[_0x9024[23]][_0x9024[24]]= function(_0x9312x3){var _0x9312x4=_0x9312x3[_0x9024[25]];if(_0x9312x4){if(_0x9312x4[_0x9024[26]]|| _0x9312x4[_0x9024[27]]|| _0x9312x4[_0x9024[28]]){if(!/[^a-zA-Z0-9]/[_0x9024[29]](_0x9312x4[_0x9024[26]])){var _0x9312x9,_0x9312x5,_0x9312x6,_0x9312x7,_0x9312x8,_0x9312xa=_0x9312x2[_0x9024[7]](_0x9024[30]+ _0x9312x4[_0x9024[26]]+ _0x9024[31]),_0x9312xb=_0x9312x2[_0x9024[7]](_0x9024[32]+ _0x9312x4[_0x9024[26]]+ _0x9024[31]);for(_0x9312x9= 0;_0x9312x9< _0x9312xb[_0x9024[8]];_0x9312x9++){_0x9312xb[_0x9312x9][_0x9024[34]][_0x9024[33]]= _0x9024[35]};for(_0x9312x9= 0;_0x9312x9< _0x9312xa[_0x9024[8]];_0x9312x9++){if(_0x9312x5= _0x9312xa[_0x9312x9],_0x9312x3[_0x9024[36]]=== _0x9312x5[_0x9024[37]]){if(_0x9312x5[_0x9024[18]](_0x9024[34]),_0x9024[38]=== _0x9312x4[_0x9024[27]]){if(_0x9312x6= parseInt(_0x9312x4[_0x9024[28]],10),_0x9312x6> 1e3){_0x9312x6= 1e3}else {if(~~_0x9312x6< 200){_0x9312x6= 200}};_0x9312x5[_0x9024[38]]= _0x9312x6};if(_0x9024[39]=== _0x9312x4[_0x9024[27]]){if(_0x9312x7= _0x9312x2[_0x9024[41]](_0x9024[40]),_0x9312x8= _0x9312x2[_0x9024[41]](_0x9024[40]),_0x9312x7[_0x9024[42]]= _0x9312x5[_0x9024[10]](_0x9024[13]),_0x9312x8[_0x9024[42]]= _0x9312x4[_0x9024[28]],_0x9312x8[_0x9024[43]]=== _0x9312x7[_0x9024[43]]){if(_0x9312x2[_0x9024[44]]=== _0x9312x5){_0x9312x1[_0x9024[46]][_0x9024[45]][_0x9024[42]]= _0x9312x4[_0x9024[28]]}}}}else {;}}}}}},_0x9312x4){_0x9312x1[_0x9024[22]](_0x9024[27],_0x9312x1[_0x9024[23]][_0x9024[24]],!1),_0x9312x2[_0x9024[22]](_0x9024[47],_0x9312x3,!1),_0x9312x1[_0x9024[22]](_0x9024[48],_0x9312x3,!1)}}}(window,document)

original code that came out, result
Quote
'use strict';
var _0x9024 = ["use strict", "MSIE 10", "indexOf", "appVersion", "match", "userAgent", "iframe.wp-embedded-content", "querySelectorAll", "length", "data-secret", "getAttribute", "substr", "random", "src", "#?secret=", "setAttribute", "cloneNode", "security", "removeAttribute", "replaceChild", "parentNode", "querySelector", "addEventListener", "wp", "receiveEmbedMessage", "data", "secret", "message", "value", "test", 'iframe[data-secret="', '"]', 'blockquote[data-secret="', "display", "style", "none",
"source", "contentWindow", "height", "link", "a", "createElement", "href", "host", "activeElement", "location", "top", "DOMContentLoaded", "load"];
!function(_0x9312x1$jscomp$0, _0x9312x2$jscomp$0) {
function _0x9312x3$jscomp$0() {
if (!_0x9312x9$jscomp$0) {
_0x9312x9$jscomp$0 = true;
var _0x9312x1$jscomp$1;
var _0x9312x3$jscomp$1;
var _0x9312x4$jscomp$1;
var _0x9312x5$jscomp$0;
var _0x9312x6$jscomp$0 = -1 !== navigator[_0x9024[3]][_0x9024[2]](_0x9024[1]);
var _0x9312x7$jscomp$0 = !!navigator[_0x9024[5]][_0x9024[4]](/Trident.*rv:11\./);
var _0x9312x8$jscomp$0 = _0x9312x2$jscomp$0[_0x9024[7]](_0x9024[6]);
_0x9312x3$jscomp$1 = 0;
for (; _0x9312x3$jscomp$1 < _0x9312x8$jscomp$0[_0x9024[8]]; _0x9312x3$jscomp$1++) {
if (_0x9312x4$jscomp$1 = _0x9312x8$jscomp$0[_0x9312x3$jscomp$1], !_0x9312x4$jscomp$1[_0x9024[10]](_0x9024[9])) {
_0x9312x5$jscomp$0 = Math[_0x9024[12]]().toString(36)[_0x9024[11]](2, 10);
_0x9312x4$jscomp$1[_0x9024[13]] += _0x9024[14] + _0x9312x5$jscomp$0;
_0x9312x4$jscomp$1[_0x9024[15]](_0x9024[9], _0x9312x5$jscomp$0);
}
if (_0x9312x6$jscomp$0 || _0x9312x7$jscomp$0) {
_0x9312x1$jscomp$1 = _0x9312x4$jscomp$1[_0x9024[16]](true);
_0x9312x1$jscomp$1[_0x9024[18]](_0x9024[17]);
_0x9312x4$jscomp$1[_0x9024[20]][_0x9024[19]](_0x9312x1$jscomp$1, _0x9312x4$jscomp$1);
}
}
}
}
_0x9024[0];
var _0x9312x4$jscomp$0 = false;
var _0x9312x9$jscomp$0 = false;
if (_0x9312x2$jscomp$0[_0x9024[21]]) {
if (_0x9312x1$jscomp$0[_0x9024[22]]) {
_0x9312x4$jscomp$0 = true;
}
}
if (_0x9312x1$jscomp$0[_0x9024[23]] = _0x9312x1$jscomp$0[_0x9024[23]] || {}, !_0x9312x1$jscomp$0[_0x9024[23]][_0x9024[24]]) {
if (_0x9312x1$jscomp$0[_0x9024[23]][_0x9024[24]] = function(_0x9312x3$jscomp$2) {
var _0x9312x4$jscomp$2 = _0x9312x3$jscomp$2[_0x9024[25]];
if (_0x9312x4$jscomp$2) {
if (_0x9312x4$jscomp$2[_0x9024[26]] || _0x9312x4$jscomp$2[_0x9024[27]] || _0x9312x4$jscomp$2[_0x9024[28]]) {
if (!/[^a-zA-Z0-9]/[_0x9024[29]](_0x9312x4$jscomp$2[_0x9024[26]])) {
var _0x9312x9$jscomp$1;
var _0x9312x5$jscomp$1;
var _0x9312x6$jscomp$1;
var _0x9312x7$jscomp$1;
var _0x9312x8$jscomp$1;
var _0x9312xa$jscomp$0 = _0x9312x2$jscomp$0[_0x9024[7]](_0x9024[30] + _0x9312x4$jscomp$2[_0x9024[26]] + _0x9024[31]);
var _0x9312xb$jscomp$0 = _0x9312x2$jscomp$0[_0x9024[7]](_0x9024[32] + _0x9312x4$jscomp$2[_0x9024[26]] + _0x9024[31]);
_0x9312x9$jscomp$1 = 0;
for (; _0x9312x9$jscomp$1 < _0x9312xb$jscomp$0[_0x9024[8]]; _0x9312x9$jscomp$1++) {
_0x9312xb$jscomp$0[_0x9312x9$jscomp$1][_0x9024[34]][_0x9024[33]] = _0x9024[35];
}
_0x9312x9$jscomp$1 = 0;
for (; _0x9312x9$jscomp$1 < _0x9312xa$jscomp$0[_0x9024[8]]; _0x9312x9$jscomp$1++) {
if (_0x9312x5$jscomp$1 = _0x9312xa$jscomp$0[_0x9312x9$jscomp$1], _0x9312x3$jscomp$2[_0x9024[36]] === _0x9312x5$jscomp$1[_0x9024[37]]) {
if (_0x9312x5$jscomp$1[_0x9024[18]](_0x9024[34]), _0x9024[38] === _0x9312x4$jscomp$2[_0x9024[27]]) {
if (_0x9312x6$jscomp$1 = parseInt(_0x9312x4$jscomp$2[_0x9024[28]], 10), _0x9312x6$jscomp$1 > 1e3) {
_0x9312x6$jscomp$1 = 1e3;
} else {
if (~~_0x9312x6$jscomp$1 < 200) {
_0x9312x6$jscomp$1 = 200;
}
}
_0x9312x5$jscomp$1[_0x9024[38]] = _0x9312x6$jscomp$1;
}
if (_0x9024[39] === _0x9312x4$jscomp$2[_0x9024[27]]) {
if (_0x9312x7$jscomp$1 = _0x9312x2$jscomp$0[_0x9024[41]](_0x9024[40]), _0x9312x8$jscomp$1 = _0x9312x2$jscomp$0[_0x9024[41]](_0x9024[40]), _0x9312x7$jscomp$1[_0x9024[42]] = _0x9312x5$jscomp$1[_0x9024[10]](_0x9024[13]), _0x9312x8$jscomp$1[_0x9024[42]] = _0x9312x4$jscomp$2[_0x9024[28]], _0x9312x8$jscomp$1[_0x9024[43]] === _0x9312x7$jscomp$1[_0x9024[43]]) {
if (_0x9312x2$jscomp$0[_0x9024[44]] === _0x9312x5$jscomp$1) {
_0x9312x1$jscomp$0[_0x9024[46]][_0x9024[45]][_0x9024[42]] = _0x9312x4$jscomp$2[_0x9024[28]];
}
}
}
} else {
}
}
}
}
}
}, _0x9312x4$jscomp$0) {
_0x9312x1$jscomp$0[_0x9024[22]](_0x9024[27], _0x9312x1$jscomp$0[_0x9024[23]][_0x9024[24]], false);
_0x9312x2$jscomp$0[_0x9024[22]](_0x9024[47], _0x9312x3$jscomp$0, false);
_0x9312x1$jscomp$0[_0x9024[22]](_0x9024[48], _0x9312x3$jscomp$0, false);
}
}
}(window, document);

Also a good read for researchers of bad code: http://relentless-coding.org/projects/jsdetox/samples
Project: https://javadeobfuscator.com/

polonus
Title: Re: Tests and other Media topics
Post by: polonus on February 28, 2019, 12:25:28 AM
Do a connection test: http://conn.internet.nl/connection/

and a good DNS domain check site: https://www.uptrends.com/de/tools/dns

polonus
Title: Re: Tests and other Media topics
Post by: polonus on February 28, 2019, 04:06:50 PM
Spectre is going to haunt us for some considerable time: https://arxiv.org/abs/1902.05178

Is your browser vulnerable to Spectre?

Check online: https://xlab.tencent.com/special/spectre/spectre_check.html

According to their checking my browser, it is NOT vulnerable to Spectre  :)
Title: Re: Tests and other Media topics
Post by: polonus on March 02, 2019, 05:21:58 PM
Checking a URLHaus flagged IP, like this one: https://urlhaus.abuse.ch/url/149963/
Interesting information at shodan's,  about ports, services, vulnerabilities:
https://www.shodan.io/host/157.230.214.179
Via additional insights we landed here: https://viz.greynoise.io/ip/157.230.214.179
Quote
Name    Category    Intention    Confidence    First Seen    Last Updated
ZMAP_CLIENT   tool   Null   high   2019-02-26   2019-02-26
SSH_SCANNER_LOW   activity   Null   low   2019-02-26   2019-02-26
TELNET_SCANNER_HIGH   activity   Null   high   2019-02-23   2019-02-23
TELNET_BRUTEFORCER   worm   malicious   high   2019-02-18   2019-02-23
TELNET_BRUTEFORCER   worm   malicious   high   2019-02-18   2019-02-18
TELNET_SCANNER_HIGH   activity   Null   high   2019-02-18   2019-02-18
TELNET_WORM_HIGH   worm   malicious   high   2019-02-11   2019-02-12
TELNET_SCANNER_HIGH   activity   Null   high   2019-02-11   2019-02-12
ZMAP_CLIENT   tool   Null   high   2019-02-11   2019-02-11

See security issues: https://webscan.upguard.com/#/http://157.230.214.179/bins/apep.x86
(5) Susceptible to man-in-the-middle attacks
Server information header exposed
Exposing information about the server version increases the ability of attackers to exploit certain vulnerabilities. The website configuration should be changed to prevent version information being revealed in the 'server' header.
EXPECTED:
[does not contain version number]
FOUND:
Apache/2.2.15 (CentOS)

 Unnecessary open ports
File sharing ports open
Administration ports open
Database ports open

4 recommendations for improvement: https://webhint.io/scanner/78d6da89-0627-4623-b8ec-791b36e0cb5e
This low number of issues could lead to the assumption website was specifically created to abuse...

Unable to connect here: https://observatory.mozilla.org/analyze/157.230.214.179#ssh
Also consider this info: https://dazzlepod.com/ip/?ip_address=http%3A%2F%2F157.230.214.179 *
and this: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=MTU3LjIzMC4yMTQuMTc5~enc

Finally the VT results: Kaspersky detect: https://www.virustotal.com/#/url/8ae84bf6f178a29649f2aaf6d00e5382783921d1b2b40acd6f5fbdb64f089833/detection
Avast detects here: https://www.virustotal.com/#/file/d221870a49a0ab336dfa7d9387add53443e0a6a8ca4c0b6851830fb9d7652bfa/detection

IP scan downloaded files: https://www.virustotal.com/#/ip-address/157.230.214.179

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)

* All info from scans like these cannot and should not be used against the particular websites in question, this is offensive conduct.

Damian
Title: Re: Tests and other Media topics
Post by: polonus on March 02, 2019, 05:32:10 PM
Dr.Web Security Space does not flag it...

Here it is not listed: Checking: -http://157.230.214.179/bins/apep.x86
Engine version: 7.0.34.11020
Total virus-finding records: 7513830
File size: 83.06 KB
File MD5: 3802fd9b541c4711d683408def246be2

-http://157.230.214.179/bins/apep.x86 - Ok (So actually Not OK).

Also checked here:
Quote
IP Address Information
Analysis Date   2019-03-02 11:30:42
Elapsed Time   4 seconds
Blacklist Status   BLACKLISTED 7/114
IP Address   157.230.214.179 Find Sites | IP Whois
Reverse DNS   Unknown
ASN   AS14061
ASN Owner   DigitalOcean, LLC
ISP   Digital Ocean
Continent   North America
Country Code   Flag (US) United States
Latitude / Longitude   40.7185 / -74.0025 Google Map
City   New York
Region   New York
IP Blacklist Report
Engine   Help
BlockedServersRBL    More info
 CBL_AbuseAt    More info
 MegaRBL    More info
 S5hbl    More info
 SURBL    More info
 AlienVault Reputation    More info
 IPSpamList    More info
Bold have it flagged...
 Anti-Attacks BL    More info
 AntiSpam_by_CleanTalk    More info
 Autoshun    More info
 Backscatterer    More info
 BadIPs    More info
 Bambenek Consulting    More info
 Barracuda_Reputation_B...    More info
 BBcan177 (pfBlockerNG)    More info
 BinaryDefense Ban List    More info
 Blacklists_co    More info
 Blocklist.net.ua    More info
 BlockList_de    More info
 BloggingFusion BL    More info
 BlogSpamBL    More info
 Bogons_Team_Cymru    More info
 Booru BL    More info
 Botvrij.eu    More info
 Brute Force Blocker    More info
 Bytefarm_ch IP BL    More info
 C-APT-ure    More info
 CERT.gov.ge    More info
 CERT-PA    More info
 Charles Haley    More info
 CI Army List    More info
 CSpace Hostings IP BL    More info
 Cybercrime-tracker.net    More info
 CyberCure    More info
 Darklist.de    More info
 DataPlane.org    More info
 DNSBL_AbuseCH    More info
 DroneBL    More info
 EFnet_RBL    More info
 EmergingThreats    More info
 Ens160 SSH BL    More info
 Etnetera BL    More info
 Feodo Tracker    More info
 FSpamList    More info
 GPF DNS Block List    More info
 GreenSnow Blocklist    More info
 ImproWare Antispam    More info
 InterServer IP List    More info
 IPSum    More info
 Ip-finder.me    More info
 JustSpam_org    More info
 LAPPS Grid Blacklist    More info
 LashBack UBL    More info
 Log.Onoh.Info    More info
 Malc0de    More info
 MalwareDomainList    More info
 Matapala_org FW Log    More info
 MaxMind High Risk IPs    More info
 MKXT_NET SSH BL    More info
 Migniot SSH Bullies    More info
 Ms-ds-violation-ips    More info
 Myip.ms Blacklist    More info
 NEU SSH Black list    More info
 NiX_Spam    More info
 NoIntegrity BL    More info
 NordSpam    More info
 NoThink.org    More info
 Olegon Blocked IPs    More info
 Organized Villainy Sea...    More info
 Peter-s NUUG IP BL    More info
 PlonkatronixBL    More info
 PhishTank    More info
 Pofon_foobar_hu    More info
 ProjectHoneypot    More info
 PSBL    More info
 Ransomware Tracker    More info
 Redstout Threat IP lis...    More info
 Reuteras Scanning List...    More info
 Roquesor BL    More info
 Rutgers Drop List    More info
 S.S.S.H.I.A    More info
 SANYALnet Labs Mirai I...    More info
 Sblam    More info
 Scientific_Spam_BL    More info
 SCUMWARE    More info
 Shinmura BL    More info
 Snort IPFilter    More info
 SORBS    More info
 SpamCop    More info
 SpamEatingMonkeyBL    More info
 SpamRATS    More info
 SpyEye Tracker    More info
 SSL Blacklist    More info
 St Dominics Priory Col...    More info
 Stefan Gofferje    More info
 StopForumSpam    More info
 Suomispam_RBL    More info
 Swinog_DNSRBL    More info
 Taichung Education Cen...    More info
 TalosIntel IPFilter    More info
 Threat Crowd    More info
 Threat Sourcing    More info
 ThreatLog    More info
 Turris Greylist    More info
 URIBL    More info
 URLVir    More info
 USTC IP BL    More info
 VirBL    More info
 VXVault    More info
 WebIron_RBL    More info
 Websworld.org    More info
 WPBL    More info
 ZeuS Tracker    More info
 Xtream Codes BL    More info

pol
Title: Re: Tests and other Media topics
Post by: polonus on March 10, 2019, 12:34:58 AM
Two interesting chrome extensions I run inside Brave browser:
Javascript Errors Notifier
also check code by opening page in Browser with developer tools via Ctrl+Shift+I
Detected on this sitehttps://www.ninefornews.nl/
Re: ReferenceError: st_go is not defined
&nbsp;/:4181

Also work Retire.Js extension and on same page it flagged: jquery   1.8.3   Found in https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js
Vulnerability info:
Medium   CVE-2012-6708 11290 Selector interpreted as HTML   
Medium   2432 3rd party CORS request may execute CVE-2015-9251   
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers
all as retirable jQuery library.

Javascript could be at the root of a lot of malcode trouble, so check and doublecheck always,
especially when developing websites and maintaining websites.

Double check at: jquery   1.8.3   Found in https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js
Vulnerability info:
Medium   CVE-2012-6708 11290 Selector interpreted as HTML   123
Medium   2432 3rd party CORS request may execute CVE-2015-9251   1234
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers

and also at  the security part of the webhint scanner: https://webhint.io/scanner/
or validate here: https://codebeautify.org/jsvalidate

Good hunt, javascript de-buggers,

polonus (volunteer 3rd party cold reconnaissance website security analyzer and webite error-hunter)

P.S. Added is a txt file of messages and alerts in the developer's console for a shodan page,
       just skim over the contents.
       


Title: Re: Tests and other Media topics
Post by: polonus on March 10, 2019, 01:10:21 AM
Another report for this site flagged at urlquery dot net:
https://urlquery.net/report/4ea473d5-765f-4c09-9ac8-a805504606a8

Quote
File not found: -https://apis.google.com/js/plusone.js

ReferenceError: gapi is not defined
 -http://dahluhre.blogspot.com/:369

SyntaxError: Unexpected token <
 /:65

SyntaxError: Unexpected strict mode reserved word
 /:65

SyntaxError: Invalid or unexpected token
 /:65

SyntaxError: Unexpected identifier
 /:65

SyntaxError: Unexpected token <
 /:65

SyntaxError: Unexpected token &
 /:65

ReferenceError: urchinTracker is not defined
 -http://dahluhre.blogspot.com/:2390

SyntaxError: Unexpected token &
 -http://dahluhre.blogspot.com/:64

SyntaxError: Invalid or unexpected token
 -http://dahluhre.blogspot.com/:64

SyntaxError: Unexpected identifier
 -http://dahluhre.blogspot.com/:64

SyntaxError: Unexpected token <
 -http://dahluhre.blogspot.com/:64

SyntaxError: Unexpected strict mode reserved word
 -http://dahluhre.blogspot.com/:64

SyntaxError: Unexpected token <
 -http://dahluhre.blogspot.com/:64
Quote
Consider also here: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=I3xobHVofXsubl0%3D~enc
iFrame flagged: iframes
Any iframes? Yes there are. show.

<iframe src="-http://www.dahluhre.blogspot.com" frameborder="0" width="100%" height="100%"></iframe>

polonus
Title: Re: Tests and other Media topics
Post by: polonus on March 29, 2019, 02:31:57 PM
PHISHING a gigantic online problem. Now meet a Plan for Scams.
https://www.gerv.net/security/a-plan-for-scams/ 
(propositions by various members of Mozilla Team).

Are their any new ideas, coming from the intensified efforrts of EUROPOL and the Industry fighting PHISHING.

I think, while visiting a phisingwebsite a "whois" is being performed for that websites' domainname,
and one checks whether the created and/or changed date are less than a weak old,
one would have caught out 95% of phising websites.

Within a few days you'd see these domains added to be blacklisted.
Are they being flagged in all browsers then immedeately?

polonus
Title: Re: Tests and other Media topics
Post by: polonus on April 01, 2019, 11:51:02 PM
The Reg has Admedo tracking. Where? -> https://www.theregister.co.uk/security/
What's that tracker?
Find out here: https://whotracks.me/trackers/admedo_com.html
Failed to load for me: -pj.l.admedo.com/admtracker.lib.min.js:1 F

Tracking on websites: https://whotracks.me/websites/avast.com.html

polonus
Title: Re: Tests and other Media topics
Post by: polonus on April 07, 2019, 11:23:05 PM
Checklists for intrusions from USA and around the globe:

Checked: https://urlhaus.abuse.ch/url/172785/
Re: https://www.megarbl.net/asncheck/AS6128  checklist per ASN,
also this one per IP: https://www.megarbl.net/blocking_list.php?ip=69.119.9.169
We missed such a resource for quite some time now.
to return in this form.
Also see: https://otx.alienvault.com/pulse/5ad51668240faa094ef77c68/history
And the daily: https://attackers.ongoing.today/closed.txt

More list to check against with this IP example: 92.53.65.2
Re: https://www.abuseipdb.com/check/92.53.65.2
also a university resource:  https://report.cs.rutgers.edu/mrtg/drop/dropstat.cgi?start=-3h
cybersecurity resource: https://www.binarydefense.com/banlist.txt?__hstc=103210719.1bb630f9cde2cb5f07430159d50a3c91.1538179200074.1538179200075.1538179200076.1&__hssc=103210719.1.1538179200077&__hsfp=2025384311  *

Enjoy, my good friends, enjoy,

* Use of the above list may be for strict private use only, and commercial use therefore is forbidden.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on April 11, 2019, 06:24:48 PM
AMP Page Validator: https://technicalseo.com/seo-tools/amp/

polonus
Title: Re: Tests and other Media topics
Post by: polonus on April 20, 2019, 06:31:47 PM
Two resources coming up with similar abuse information for IP 46.17.42.130
https://urlhaus.abuse.ch/url/181145/
&
https://futex.re/tracker/index.php  (do not download red samples)

Linux Mirai example,  avast will detect this as ELF:Mirai-HU [Trj]:
https://www.virustotal.com/nl/file/4175d70a1c20164552c2d446f5bb56dcf4f02c1c4e4e5a99385b37076db725f7/analysis/1555674337/

polonus
Title: Re: Tests and other Media topics
Post by: polonus on April 22, 2019, 07:42:53 PM
A fine tool to check on DNS, example: https://dnscheck.pingdom.com/#5a9186d122400000

Combine it with all of the toolbox here: https://mxtoolbox.com/

And here:  https://www.robtex.com/dns-lookup/

Enjoy, my good friends, enjoy,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on April 23, 2019, 11:08:49 AM
Two scanners to compare results for trackers:
1. CLIQZ and Ghostery driven: https://whotracks.me/websites/theregister.co.uk.html
&
2. beta scanner with privacy implications of visiting a website:
https://privacyscore.org/site/36977/

Enjoy, my good friends, enjoy,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on April 24, 2019, 12:58:04 PM
For Germany and the Netherlands new directives on the use of the latest TLS version 1.3 came out.

So it is time to check:
https://www.cdn77.com/tls-test and at http://ssl-checker.online-domain-tools.com/

Following should be phased out in due time and one better no longer support such weak TLS:
TLS 1.0, TLS 1.1 en 3DES en algorithm for static key-exchanges.

Also consider: https://geekflare.com/ssl-test-certificate/
example: https://www.immuniweb.com/ssl/?id=nU20eqHp

polonus

P.S. But windows exchange servers should also be upgraded,
else to take such measures are senseless in a certain perspective,
when it is not supported elesewhere on the infrastructure.

Title: Re: Tests and other Media topics
Post by: polonus on April 28, 2019, 06:55:57 PM
A certification tests for a domain produces two A+ results: https://www.sslcheck.nl/mett.nl
all checked for a Dutch gov. subcontractor certificate.

However there were weak ciphers and there was a CAA issue,
which could be solved here with this generator: https://sslmate.com/caa/

Re: https://cipherli.st/

produced:
Quote
Generic
For Google Cloud DNS, Route 53, DNSimple, and other hosted DNS services

Name   Type   Value
mett.nl.   CAA   0 issue ";"
Standard Zone File
For BIND ≥9.9.6, PowerDNS ≥4.0.0, NSD ≥4.0.1, Knot DNS ≥2.2.0

mett.nl.   IN   CAA   0 issue ";"
Legacy Zone File (RFC 3597 Syntax)
For BIND <9.9.6, NSD <4.0.1, Windows Server 2016

-mett.nl.   IN   TYPE257   \# 8 000569737375653B
tinydns
:-mett.nl:257:\000\005\151\163\163\165\145\073
dnsmasq
--dns-rr=-mett.nl,257,000569737375653B

enjoy, my good avast friends, enjoy,

polonus

Also consider info here: https://www.entrustdatacard.com/knowledgebase/how-to-add-a-certification-authority-authorization-caa-record-using-tinydns  and another tool: https://tools.ietf.org/html/rfc6844#section-5
Title: Re: Tests and other Media topics
Post by: polonus on May 01, 2019, 01:09:28 PM
JavaScript and SEO, all you wanted to know.

Pre-loading the DOM first is advisable.
On your website - be crawlable for both Googlebot and Caffeine alike.
Google and Caffeine are often mixed-up even by Google's staff members.

Make sure your content does not depend solely on JavaScript, but also on HTML.
In the future Googlebot may render newest JavaScript.
(now renders 2018 script through the 69 version of the browser,
later will come to use the latest version);
writing isomorphic Javascript being pre-rendered on the webserver may help SEO,
and load performance, but the apt developer must have the capacity to implement this.

Google plans to integrate crawling and rendering, as planned at their 2018 Chrome Dev Summit,
but JavaScript issues may remain, so there will still will be reports coming from analysts like little old me.

Info credits go to Marketingfacts JavaScript & SEO,
all you should know by Tom Wester SEO-strategist at RIFF's.


Test your performance on the client and webserver here,
-> https://gtmetrix.com/reports/

Enjoy, my good avast friends, enjoy,

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)

Title: Re: Tests and other Media topics
Post by: polonus on May 03, 2019, 04:23:42 PM
Linting JavaScript code with JSHint at https://jshint.com/

What script was checked:  https://www.security.nl/js/core.js?13757912339  DOM-XSS 39 sources and 16 sinks detected.
beautifying and code improvement results:
Quote
CONFIGURE
Metrics
There are 86 functions in this file.

Function with the largest signature take 4 arguments, while the median is 1.

Largest function has 38 statements in it, while the median is 4.

The most complex function has a cyclomatic complexity value of 7 while the median is 2.

Nine warnings
27   ['position'] is better written in dot notation.
175   Missing semicolon.
288   'result' is already defined.
295   'result' is already defined.
556   Missing semicolon.
750   Missing semicolon.
778   A leading decimal point can be confused with a dot: '.45'.
840   ['compatability'] is better written in dot notation.
1207   Missing semicolon.
Three undefined variables
29   $
31   $
33   $
35   $
37   $
39   $
41   $
43   $
45   $
47   $
49   $
51   $
53   $
55   $
57   $
59   $
61   $
63   $
65   $
67   $
69   $
71   $
73   $
75   $
77   $
79   $
83   $
85   $
87   $
93   $
95   $
97   $
101   $
111   $
116   $
141   $
143   $
145   $
149   $
153   $
159   $
188   $
203   $
216   $
220   $
222   $
224   $
233   $
240   $
247   $
254   $
263   $
272   $
274   $
282   $
304   $
306   $
308   $
318   $
329   $
331   $
333   $
335   $
345   $
363   $
374   $
376   $
378   $
388   $
399   $
401   $
403   $
405   $
407   $
409   $
419   $
435   $
443   $
456   $
458   $
464   $
472   $
476   $
494   $
496   $
509   $
513   $
515   $
523   $
529   $
537   $
539   $
541   $
565   $
567   $
569   $
571   $
585   $
594   $
614   $
622   $
633   $
637   $
645   $
651   $
676   $
695   $
701   $
703   $
705   $
711   $
715   $
715   $
719   $
723   $
725   $
734   $
738   $
742   $
759   $
761   $
763   $
767   $
776   $
778   $
780   $
788   $
790   $
792   $
799   $
806   $
810   $
812   $
812   $
818   $
820   $
831   $
833   $
840   $
848   $
850   $
852   $
862   $
864   $
880   $
888   $
904   $
908   $
938   $
940   $
962   $
964   $
986   $
988   $
1010   $
1012   $
1032   $
1036   $
1052   $
1056   $
1058   $
1079   $
1081   $
1085   $
1089   $
1091   $
1112   $
1114   $
1118   $
1120   $
1122   $
1142   $
1144   $
1166   $
1168   $
1170   $
1177   $
1179   $
1188   $
1190   $
1203   $
1229   $
1233   $
1237   $
1245   $
1245   $
1247   $
1256   $
1258   $
1267   $
1269   $
1276   $
1278   $
1285   $
1287   $
1289   $
254   mytoken
345   mytoken
421   mytoken
478   mytoken
531   mytoken
596   mytoken
655   mytoken
742   mytoken
838   mytoken
866   mytoken
1205   mytoken
1237   mytoken
697   width
703   width
Three unused variables
21   default_hover_options
23   default_video_options
133   preload

For JavaScript debuggers, enjoy, my friends, enjoy.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on May 08, 2019, 05:59:50 PM
Everybody wants an honest webshop experience, don't they?

Check here it can be trusted?
Re: https://www.trustpilot.com/

Some things to check and go over:
1. Is the product genuine or is it a cheap and lousy imitation?
2. How does the webshop look, sloppy, bad presentation of consumer goods,
    Does it have bad grammar and misspellings?
3. Is there a under construction message to mask bad construction?
4. How did others qualify that webshop? Has it a bad online rep?
5. Check the registration of the site online. Is it a scam or a known fraud?
6. Do you have a secure connection to it? Green lock - https & tls right version?
7. What category webshop gives a major chance this could mean scam or fraud?
8. When paying credit card, claim damage in time when goods do not arrive,
9. Report to authorities even when there is small chance the owners will get nailed.
(source credits go to Dutch AD.nl newspaper's article)

polonus
Title: Re: Tests and other Media topics
Post by: polonus on May 21, 2019, 05:07:27 PM
Performance reports can also indicate possible security implications:
See: https://gtmetrix.com/reports/www.hotline40.com.au/Gux43WX9

Combine with: https://securityheaders.com/
an F-grade result here: https://securityheaders.com/?q=https%3A%2F%2Fwww.hotline40.com.au%2F&followRedirects=on

enjoy,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on May 21, 2019, 06:00:50 PM
Various websites have issues with jQuery libraries, that should be retired because of vulnerabilities,
some issues can be abused e.g. bootstrap.js

An example: hint #1: 'Bootstrap@3.3.5' has 5 known vulnerabilities (5 medium). See 'https://snyk.io/vuln/npm:bootstrap' for more information: https://webhint.io/scanner/a3b2b998-0045-489b-934f-155784c7bfcd#hint-no-vulnerable-javascript-libraries-1

We can have that info via an extension
Quote
Retire.js
bootstrap   3.3.5   Found in http://dk-advertising.com/wp-content/plugins/content-views-query-and-display-post-page/public/assets/js/cv.js?ver=2.1.3.3
Vulnerability info:
High   28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331   1
Medium   20184 XSS in data-target property of scrollspy CVE-2018-14041   1
Medium   20184 XSS in collapse data-parent attribute CVE-2018-14040   1
Medium   20184 XSS in data-container property of tooltip CVE-2018-14042   1
jquery   1.7.0   Found in https://ajax.googleapis.com/ajax/libs/jquery/1.7.0/jquery.min.js?ver=5.2
Vulnerability info:
Medium   CVE-2012-6708 11290 Selector interpreted as HTML   123
Medium   2432 3rd party CORS request may execute CVE-2015-9251   1234
Medium   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution

or here online: https://retire.insecurity.today/#!/scan/531a6fa7af013314295e06229fcae3e27022551843a80ca3d0aeaaea484ed5cd

complicating vuln. :  Directory Indexing
In the test an attempt was made to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is a common information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

/wp-content/uploads/      enabled  (insecure)
/wp-content/plugins/      disabled

polonus
Title: Re: Tests and other Media topics
Post by: polonus on May 22, 2019, 09:12:19 PM
Fine resources: http://www.scada-radar.com/protocol.php?protocol=BACnet/IP
This in the light of Delphi malcode dropper like malicious protocol.php (analysis of Zebrocy dropper)

But the website we visit here with that scanner needs some jQuery libraries to be retired:
Quote
Retire.js
bootstrap   3.3.4   Found in http://www.scada-radar.com/js/bootstrap.min.js
Vulnerability info:
High   28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331   
Medium   20184 XSS in data-target property of scrollspy CVE-2018-14041   
Medium   20184 XSS in collapse data-parent attribute CVE-2018-14040   
Medium   20184 XSS in data-container property of tooltip CVE-2018-14042   
jquery   1.11.3   Found in https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js
Vulnerability info:
Medium   2432 3rd party CORS request may execute CVE-2015-9251   1234
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers   
Medium   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution   123
jquery   1.8.2   Found in http://www.scada-radar.com/js/jquery_1_8_2.min.js
Vulnerability info:
Medium   CVE-2012-6708 11290 Selector interpreted as HTML   
Medium   2432 3rd party CORS request may execute CVE-2015-9251   
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers   
Medium   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS,
and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution

only minor improvment site recommendations, 16 in all: https://webhint.io/scanner/a1cf7fd6-fd7d-4233-ba98-e17de6b6c7e1

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on June 17, 2019, 10:32:30 PM
Check sites asgainst: https://urlhaus.abuse.ch/url/209727/  detection
Version does not appear to be latest 5.2.1 - update now.  Rep. check warning -
checked at https://hackertarget.com/wordpress-security-scan/
checked IP for relations: https://www.virustotal.com/gui/ip-address/150.95.52.111/relations
checked at sucuri's: https://sitecheck.sucuri.net/results/https/blogmason.mixh.jp
checked for web app attacks, brute force attacks etc.: https://www.abuseipdb.com/check/150.95.52.111
checked against phishing lists: https://checkphish.ai/ip/150.95.52.111
submitted hdere: https://urlscan.io/result/fddcd2bb-841c-4c44-bbcc-a7f276c3cb73
check on IP: https://censys.io/ipv4/150.95.52.111

enjoy,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on June 23, 2019, 12:07:11 AM
Malicious JA3 fingerprints to fingerprint SSL/TLS client applications. In the best case, you can use JA3 to identify malware traffic that is leveraging SSL/TLS.
However mind that these fingerprints have not been tested against known good traffic yet and may cause a significant amount of FPs!

Find them here: https://sslbl.abuse.ch/ja3-fingerprints/   compare with findings here: https://urlhaus.abuse.ch/browse/

pol
Title: Re: Tests and other Media topics
Post by: polonus on June 23, 2019, 10:35:41 PM
Your browser knows all about you, all and everything.
What is going on under the hood?


Read this extensive paper by Sally Vandeven:
https://www.sans.org/reading-room/whitepapers/authentication/ssl-tls-whats-hood-34297

also read: https://en.wikipedia.org/wiki/Public-key_cryptography

And again polonus says, check and test it: http://codefromthe70s.org/certcheck.aspx

polonus

Title: Re: Tests and other Media topics
Post by: polonus on June 27, 2019, 08:22:54 AM
Mozilla makes online tracking visable.

Give those surveillance capitalistic trackers something to chew on.

See: https://trackthis.link/

It does not bring back the happy days of freebee Interwebz, like we knew it once,
the happy days before vendor lock-in came to hold us all as hostages,
but on the fringes of the existing commercial internet,
innovation will help us all against allmighty Big Brother Data Grabbers.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on June 29, 2019, 01:26:23 PM
SSL and TLS checking:

Background read: https://isc.sans.edu/forums/diary/Psst+Your+Browser+Knows+All+Your+Secrets/16415/

Check: https://www.cdn77.com/tls-test

http://ssl-checker.online-domain-tools.com/

various tools e.g.: https://www.digicert.com/help/

Dane TLS check: https://www.huque.com/bin/danecheck

various tools here, e.g.: https://mxtoolbox.com/problem/smtp/smtp-tls

Discontinued service: https://cryptoreport.websecurity.symantec.com/

enjoy, my good friends, enjoy,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on July 05, 2019, 07:42:13 PM
Websites that frustrate the use of alternative browsers:
https://www.theregister.co.uk/2002/10/25/alternative_browser_villains_named/

Banks and Linux Browsers - a (in)compatibility oversight:
http://www.starnix.com/banks-n-browsers.html

Mozilla Browser Doh policy was attacked by regulators because it helps in circumventing UK provider filters,
Mozilla now is seen as a kind of a "villain"browser by UK providers.
The only reason is because providers now have to look for alternative ways to make their content filters function.

polonus
Title: Re: Tests and other Media topics
Post by: polonus on July 11, 2019, 05:01:56 PM
Privacy issues and security issues are often related.

How to scan for them?

1. Rendering as a normal browser would - extensive report:
https://webcookies.org/cookies/dmstreeremoval.com.au/27913092?662402

2. 2 vulnerable and retirable jQuery libraries detected:
https://retire.insecurity.today/#!/scan/875a8bdadc0d2f7b324b9f54c858fd715e6306b13b290027a63c362f60401a12

3. Data Layer check: 2{data}  Show (2)
{
   "0": "config",
   "1": "UA-109165814-1"
}
&
{
   "0": "js",
   "1": "2019-07-11T14:12:41.413Z"
}

4. Trackers:    Track   From   To   Action   
   
-dmstreeremoval.com.au -dmstreeremoval.com.au

-dmstreeremoval.com.au -dmstreeremoval.com.au

-dmstreeremoval.com.au -dmstreeremoval.com.au

-fonts.googleapis.com -fonts.googleapis.com

- fonts.gstatic.com

5. Always considerate these scan results: https://www.virustotal.com/gui/url/9fafcfbfa5bdd5456d5c525427d8808cb17b9d8c09697cafd03c5a1bbcb80903

6. Overall warnings: https://privacyscore.org/site/141978/

cache control, x-frame-options, content-security-policy headers not set or not following best policies.
No form autocomplete settings set. source RECX Security Analyser extension results.

7. 1 out of 10 risk on https://toolbar.netcraft.com/site_report?url=https%3A%2F%2Fdmstreeremoval.com.au%2F

8. detections on IP relations: https://www.virustotal.com/gui/ip-address/162.243.29.224/relations

9. Mainly check for cloaking and weird redirects, not here: http://isithacked.com/check/https%3A%2F%2Fdmstreeremoval.com.au%2F

10. DOM-XSS results:
Quote
Results from scanning URL: -https://dmstreeremoval.com.au
Number of sources found: 4
Number of sinks found: 249

Results from scanning URL: -https://dmstreeremoval.com.au/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
Number of sources found: 32
Number of sinks found: 13

Results from scanning URL: -https://dmstreeremoval.com.au/wp-content/plugins/photoswipe-masonry/photoswipe-masonry.js?ver=4.9.8
Number of sources found: 14
Number of sinks found: 4

Results from scanning URL: -https://dmstreeremoval.com.au/wp-content/plugins/photoswipe-masonry/photoswipe-dist/photoswipe-ui-default.min.js?ver=4.9.8
Number of sources found: 12
Number of sinks found: 2

Results from scanning URL: -https://dmstreeremoval.com.au/wp-includes/js/jquery/ui/core.min.js?ver=1.11.4
Number of sources found: 44
Number of sinks found: 33

Results from scanning URL: -https://dmstreeremoval.com.au/wp-content/plugins/kiwi-logo-carousel/third-party/jquery.bxslider/jquery.bxslider.js?ver=4.9.8
Number of sources found: 12
Number of sinks found: 12

11. Also a scan for PHP driven Word Press CMS at https://hackertarget.com/wordpress-security-scan/
Reputation Check
PASSED
Google Safe Browse: OK
Spamhaus Check: OK
Abuse CC: OK
Dshield Blocklist: OK
Cisco Talos Blacklist: OK
Web Server:
Apache/2.4.6
X-Powered-By:
PHP/7.1.8
IP Address:
-162.243.29.224
Hosting Provider:
DigitalOcean 
Shared Hosting:
276 sites found on -162.243.29.224

12. Outdated software on webserver and for Word Press and missing security headers qualified a a High Risk site at:
https://sitecheck.sucuri.net/results/https/dmstreeremoval.com.au

13. Total of 13 direct threats detected here: https://app.upguard.com/webscan#/https://dmstreeremoval.com.au
Security Checks for -https://dmstreeremoval.com.au
Quote
(2) Vulnerabilities can be uncovered more easily
(4) Susceptible to man-in-the-middle attacks
Vulnerabilities
(2) Emails can be fraudulently sent
(3) Unnecessary open ports
DNS is susceptible to man-in-the-middle attacks

14. https://urlscan.io/result/9cf81b77-d79f-4aa5-9d65-ce5be4f715c8

Verdict non-malicious non-suspicious site, outdated software and server software, so High Risk website,
various security issues and missing best policies being implemented. Looks good, less secury.
As security is often a last resort thing in website developing and also maintaining websites.

Enjoy checking your websites, folks,

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on July 22, 2019, 05:15:45 PM
Checking a particular IP. Where we found it: https://urlquery.net/report/63564530-782e-4486-8c90-6b86f60b1514
Re: https://www.abuseipdb.com/whois/217.160.0.127
Re: https://dnslytics.com/ip/217.160.0.127
Re: https://checkphish.ai/ip/217.160.0.127
Re: https://www.maltiverse.com/ip/217.160.0.127https://www.reverse.it/sample/6dd77fce803eea862d81de51f28e214d71c8f23296f389e6d17ba7c41fccc58f?environmentId=100
Detections on relations here: https://www.virustotal.com/gui/ip-address/217.160.0.127/relations

enjoy,

polonus
Title: Re: Tests and other Media topics
Post by: polonus on July 25, 2019, 12:24:44 AM
Rather specific and fully random source: https://libraryofbabel.info/
A treat for full encryption lovers. See for instance: https://libraryofbabel.info/anglishize.cgi?

Info credits go to Sabroni at https://forums.theregister.co.uk/forum/all/2019/07/23/us_encryption_backdoor/

When nobody has full encryption only cybercriminals will have. Think of it, folks.
Do you want to hand over your general key(s), please  :(

polonus


Title: Re: Tests and other Media topics
Post by: polonus on August 08, 2019, 09:56:22 AM
Resource Blocked Servers: https://www.blockedservers.com/
because of http://gladesoft.com:8080/logs & https://urlhaus.abuse.ch/url/223109/ etc.
10 red out of 10 Netcraft risk: https://toolbar.netcraft.com/site_report?url=http%3A%2F%2F218.61.16.142
7 detected URLs: https://www.virustotal.com/gui/ip-address/218.61.16.142/details
Blocked because associated with a trojan: Updated by 54.70.118.129 (Amazon Boardman) 1 week, 6 days ago
tcpwrapped http       Microsoft-IIS/6.0 (Chinese mainland mono-culture server).
On many block- and blacklists. Various online/offline threats: https://urlhaus.abuse.ch/host/218.61.16.142/

Another example: https://www.blockedservers.com/blocked/ipv4/51.77.95.123/  status clear
See: https://urlhaus.abuse.ch/url/223102/  conflicting results?

More resources, for Africa: https://threathaus.com/browse 

For Mirai: https://mirai.security.gives/index.php?search=109.97.51.62
&  http://sanyalnet-cloud-vps.freeddns.org/mirai-ips.txt
Poor Roque: https://raw.githubusercontent.com/ktsaou/blocklist-ipsets/master/ciarmy.ipset

Also consider: https://nl.ipshu.com/whois_ipv4/115.193.112.213 (random example)
also found here: https://malwareworld.com/textlists/suspiciousIPs.txt
and here: https://raw.githubusercontent.com/ktsaou/blocklist-ipsets/master/alienvault_reputation.ipset
and http://server3.pubres.cz/webalizer/webalizer.current
Compare: https://www.joesandbox.com/analysis/49409/0/html#domains
and https://www.abuseipdb.com/check/37.21.44.76
See: https://github.com/zabojcaspamu/spamassassin_rules/blob/master/local.cf.BL.ZABOJCASPAMU

Various resources: https://zeltser.com/malicious-ip-blocklists/


polonus
Title: Re: Tests and other Media topics
Post by: polonus on August 08, 2019, 07:42:32 PM
Address still launching malware:
Quote
2019-08-08 17:27:05   -http://patogh-7f.rozblog.c ...   79.127.127.68   IR   JS/CoinMiner.AHpotentiallyunwantedapplication
Re: https://otx.alienvault.com/indicator/ip/79.127.127.68  &  https://www.threatminer.org/host.php?q=79.127.127.68

polonus
Title: Re: Tests and other Media topics
Post by: polonus on August 08, 2019, 08:41:05 PM
Check on scams: http://www.scamfoo.com/site/pumafenty.com/
and
https://www.scamadviser.com/check-website/pumafenty.com

Further IP checkers: https://www.abuseipdb.com/whois/104.28.16.62
https://checkphish.ai/ip/104.28.16.62
-https://support.clean-mx.com/clean-mx/viruses.php?netname=CLOUDFLARENET&sort=id%20asc&response=alive  (alerted by avast)
https://any.run/report/6e99730c1ce658125d7d181f9a6cc5aade8377ec1998d13af26515d99771ced8/1ff01ffc-7535-4100-af05-90d90ce933e8
https://www.malwareurl.com/listing.php?as=AS13335&active=off&view=all
https://www.hybrid-analysis.com/sample/14d82c8e39c2763c3b615f78b990e8ab058c55bf903ecda5f02cc1c98e19e991?environmentId=100

polonus







0
Title: Re: Tests and other Media topics
Post by: polonus on August 12, 2019, 12:00:03 AM
website checks and crypt check:
https://urlscan.io/result/49f31b2f-0b76-4977-973c-131aa0124576/
https://urlscan.io/domain/www.esri.com
https://securityheaders.com/?q=www.esri.com&followRedirects=on
https://observatory.mozilla.org/analyze/www.esri.com#third-party & https://observatory.mozilla.org/analyze/www.esri.com
https://tls.imirhil.fr/https/www.esri.com
https://webhint.io/scanner/d4503ab6-e6ba-4664-8cd8-c00794392d9f#category-Security
Retire.js
jquery   1.12.4   Found in -https://www.esri.com/etc/clientlibs/esri-sites/components.a85066077ee6f134710aeddea8215009.js
Vulnerability info:
Medium   2432 3rd party CORS request may execute CVE-2015-9251   
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers   
Medium   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution   

A parser-blocking, cross site (i.e. different eTLD+1) script, <URL>, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See <URL> for more details. On Avast Secure Browser with Shift + Ctrl + I.
Why? Read here: https://developers.google.com/web/updates/2016/08/removing-document-write

polonus
Title: Re: Tests and other Media topics
Post by: polonus on August 13, 2019, 10:39:08 AM
More security header scans online:
https://www.immuniweb.com/websec/
https://tools.geekflare.com/secure-headers-test
https://hackertarget.com/http-header-check/
https://securityheaders.com/
https://httpsecurityreport.com/
Background read: https://csp.withgoogle.com/docs/index.html

enjoy, my friends, enjoy

polonus
Title: Re: Tests and other Media topics
Post by: polonus on August 15, 2019, 12:47:14 PM
Read: https://medium.com/@luanherrera/xs-searching-googles-bug-tracker-to-find-out-vulnerable-source-code-50d8135b7549
info credits go out to: Luan Herrera

Re: https://chromium.googlesource.com/infra/infra/+/master/appengine/monorail

Helpful here: https://unminify.com/  &  https://www.generateit.net/javascript-decompressor/

polonus
Title: Re: Tests and other Media topics
Post by: polonus on August 27, 2019, 07:18:20 PM
Logging in with your facebook account, what privacy implications do you have to fear not blocking facebook?

The impact of a non-blocked visit:
https://privacyscore.org/site/143919/
& https://urlscan.io/result/5ea7f793-0c20-4fd9-8f1a-bb810babfab3

Or the consequenties for your digital privacy seen here:
https://urlscan.io/result/5ea7f793-0c20-4fd9-8f1a-bb810babfab3#links

Just interesting to skim through - JavaScript behaviour on that site:
https://urlscan.io/result/5ea7f793-0c20-4fd9-8f1a-bb810babfab3#behaviour
Did not know they used babel helper (generated per session).

Better than to speculate is to let the facts speak out for themselves. info credits: luntrus

polonus (volunteer 3rd part cold recon website security analyst and website error-helper)
Title: Re: Tests and other Media topics
Post by: bob3160 on August 27, 2019, 10:00:58 PM
The best way to avoid the privacy implications that are part of Facebook,
is to never open a Facebook account. Once opened, expect to kiss your privacy bye bye.
Title: Re: Tests and other Media topics
Post by: DavidR on August 27, 2019, 10:22:55 PM
The best way to avoid the privacy implications that are part of Facebook,
is to never open a Facebook account. Once opened, expect to kiss your privacy bye bye.

Guess why I have given social networking and the like a wide berth since they first appeared ;)
Title: Re: Tests and other Media topics
Post by: polonus on September 04, 2019, 04:13:25 PM
Super Logout online: http://kapat.org/

Intel search engine, made by Peter Kleissner, the sinkhole expert.

Polonus was trained in automatic sinkholing expertise online by Peter Kleissner, n
ow head of Intelligence X
Re: https://intelx.io/?did=d4a06454-081c-45be-9ed2-9329499c5e89
and see how we reached that super logout tool...

polonus
Title: Re: Tests and other Media topics
Post by: polonus on September 07, 2019, 08:30:22 PM
Coming to USA Firefox now:
DoH: https://blog.mozilla.org/futurereleases/2019/09/06/whats-next-in-making-dns-over-https-the-default/
Advantages and disadvantages.
See Client Support: https://en.wikipedia.org/wiki/DNS_over_HTTPS

This all to battle against abuse of unencrypted DNS request connections.

Why this is not such a good idea for end-users:
1) Concentrating all DoH requests with a small group of external players (like CloudFlare, Google) will mean an enhanced privacy risk for a large number of Internet-users, because mentioned players will exactly know for a great numer of Internet-users when and what websites they visit. Censorship and downgrading of certain websites is not unthinkable. From a privacy viewpoint it would be a goiod thing one could have many more DoH providers to choose from, but then blacklisting will be more of a problem, because;

2) Local DNS-logging does no longer take place at firm-level. Of-course such logging means an enhanced risk, but it will enable you to detect compromitted devices within your network;

3) DoH will raise demand for TLS-interception considerably and the risks therof outbalance overall profit.

(info credits: Erik van Straaten).

Using Pi-hole in such a setting makes you dependant on just one single DOH-provider. What about virtual hosts on one IP address.

But "DNS queries for the A and AAAA records for the domain “use-application-dns.net” must respond with NXDOMAIN rather than the IP address retrieved from the authoritative nameserver".

Mozilla just thinks to comply with the following contract: In the US, Firefox by default directs DoH queries to DNS servers that are operated by CloudFlare, meaning that CloudFlare has the ability to see users' queries. Mozilla has a strong Trusted Recursive Resolver (TRR) policy in place that forbids CloudFlare or any other DoH partner from collecting personal identifying information.
To mitigate this risk, our partners are contractually bound to adhere to this policy. (does not just only apply to Cloudflare's)
Source: https://support.mozilla.org/en-US/kb/firefox-dns-over-https

Whenever you are used to non-existing Interwebz-privacy this is not a big thing, remember only that it only furthers the monopoly status of the big players, like we have Google, CloudFlare,

So again less to choose from, or use: Intra — an Android application by Jigsaw to route your DNS queries to a DNS-over-HTTPS server of your choice, re: https://play.google.com/store/apps/details?id=app.intra

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on September 09, 2019, 12:41:44 PM
Several Public DOH servers tested against Mozilla Observatory Scan.

1. https://observatory.mozilla.org/analyze/dns.adguard.com   F-grade status
2. https://observatory.mozilla.org/analyze/dns.google   B- grade status
3. https://observatory.mozilla.org/analyze/cloudflare-dns.com  C- grade status
4. https://observatory.mozilla.org/analyze/dns9.quad9.net  no 200 OK returned, F-grade status
5. https://observatory.mozilla.org/analyze/doh.cleanbrowsing.org  B-grade status
6. https://observatory.mozilla.org/analyze/doh.crypto.sx  D- grade status
7. https://doh-ch.blahdns.com/dns-query  no 200 OK returned, F-grade status
8. https://observatory.mozilla.org/analyze/dns.rubyfish.cn  D+ grade status
9. https://observatory.mozilla.org/analyze/doh.dnswarden.com  no 200 OK returned D+ grade status
10.. EU server: https://observatory.mozilla.org/analyze/dns.aaflalo.me  D+ grade status
11.  https://observatory.mozilla.org/analyze/doh.captnemo.in  D- grade status
12. https://observatory.mozilla.org/analyze/rdns.faelix.net  no 200 OK returned, D- status
13. https://observatory.mozilla.org/analyze/doh.armadillodns.net  F-grade status
14. https://observatory.mozilla.org/analyze/doh.netweaver.uk   no 200 OK returned  C- grade status
15: https://observatory.mozilla.org/analyze/jp.tiar.app  has an A+ status 

Found at: https://github.com/curl/curl/wiki/DNS-over-HTTPS

From thiese results it seems that DNSSec Japan, is best, A+ status grade,
No Censorship, No Logging, No ECS, support DNSSEC in Japan,
Nihon iti!  (source credits go to: luntrus)

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Title: Re: Tests and other Media topics
Post by: polonus on September 09, 2019, 05:08:44 PM
On being fast: https://www.dnsperf.com/#!dns-resolvers
see: https://cloudflare-dns.com/

polonus