Author Topic: Tests and other Media topics  (Read 424605 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33577
  • malware fighter
Re: Tests and other Media topics
« Reply #495 on: August 26, 2017, 11:53:07 AM »
Titan security goes deep. While it even goes deeper than TPM and secure boot.
Doing somewhat more than standard iLO/Drac/BMC are capable of.
So it is additional or rather better.

Reverse engineering this is possible but comes at a price, as Google is google.
Reverse engineering chips can be done and is not outside the capabilities of NSA for instance.
Read: https://www.blackhat.com/docs/us-15/materials/us-15-Thomas-Advanced-IC-Reverse-Engineering-Techniques-In-Depth-Analysis-Of-A-Modern-Smart-Card.pdf
But it certainly is easier when you know all of the masterset and know the design as the innerlining of your pocket,
than when you have to start from scratch with functions of a to that time unknown chip.

So even Google staff with access would have a hard time doing this and it is outside the scope of the normal user/hacker/entity.

Now we can come to understand why Mainland China ousted Google from their infrastructure.
On the other hand we come to understand that for getting some form of high trust security, the going gets narrow and narrower still.
We also have to reckon the larger developer community that does not know about proper security. It is just an inner circle of specially trained TEchnical IT, that knows all the ins and outs or are specially trained for a particular security aspect.

Anyway the coming of the Titan chip tells us that security on the common infrastructure cannot be (fully) trusted.
So when it just says "google" on a container of hardware, it just cannot be trusted,
while the mobo of Johnny's weblike shop could be.

This is one side of the fascistoid Big Big Commerce times we live in, it is Alice in Wonderland revamped over and over,
and while you think you are secure and inside a trusted environment, it asks you to think hard again.

polonus (volunteer website security analyst and website error-hunter)


« Last Edit: August 26, 2017, 11:55:06 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33577
  • malware fighter
Re: Tests and other Media topics
« Reply #496 on: August 27, 2017, 03:34:22 PM »
Adblocking basically do not exist on android.
Read: https://www.theregister.co.uk/2017/08/25/ad_blocking_doesnt_exist_on_mobile/

I use Brave and Disconnect Search and Avast Mobile solutions a great trio.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33577
  • malware fighter
Re: Tests and other Media topics
« Reply #497 on: August 31, 2017, 05:15:51 PM »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33577
  • malware fighter
Re: Tests and other Media topics
« Reply #498 on: September 02, 2017, 08:27:01 PM »
Some website security scan proposals:

Test your website whether it has last best policy website security.
Score in procents.  Scan here example : https://en.internet.nl/domain/www.minbermedia.kz/91228/   
a low grade staus 35% website.

Additional DNS scans: https://frag.co.uk/tools/?page=source&host=www2.eu
and http://dnscheck.pingdom.com/?domain=

Word Press resources -> PHP Cross Reference of WordPress Trunk
-> https://wpseek.com/source/wp/latest/nav.html?wp-content/themes/twentyfourteen/functions.php.source.html

then check at: https://hackertarget.com/wordpress-security-scan/

and check later for retirable jQuery code with http://retire.insecurity.today/

finally here: https://observatory.mozilla.org/

polonus (volunteer website security analyst and website error-hunter)
« Last Edit: September 02, 2017, 08:28:41 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33577
  • malware fighter
Re: Tests and other Media topics
« Reply #499 on: September 04, 2017, 12:25:43 PM »
WODC of the Technical University Delft in The Netherlands comes up with
a new methodology to classify threat actors,
based on the motives of such cyberacors.

Cyber researchers are also classified, but as non-actors, not posing a threat.

See added typology...

polonus (volunteer website security analyst and website error-hunter)  (no-actor)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33577
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33577
  • malware fighter
« Last Edit: September 06, 2017, 11:26:53 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33577
  • malware fighter
Re: Tests and other Media topics
« Reply #502 on: September 17, 2017, 02:13:40 PM »
Various best known URL Scan Resources:

Google Safe Browsing Diagnostic   See malware diagnostics: https://transparencyreport.google.com/safe-browsing/search#url=
McAfee Threat Intelligence   Instant lookup http://www.mcafee.com/threat-intelligence/domain/?domain=
McAfee SiteAdvisor   Instant lookup http://www.siteadvisor.com/sites/
Norton Safe Web   Instant lookup https://safeweb.norton.com/report/show?url=
AVG ThreatLabs   Instant lookup http://www.avgthreatlabs.com/sitereports/domain/
SpamHaus Domain Block List   Instant lookup https://www.spamhaus.org/query/dbl?domain=
Web of Trust (WOT)   Instant reputation lookup https://www.mywot.com/en/scorecard/freeflightoffers.com 
(WOT scan resource lost trust once)
Alexa   Website ranking/statistics http://www.alexa.com/siteinfo/
DomainTools   Review domain Whois data http://whois.domaintools.com/ (validation required)
Recommended SecureBrain Gred   Real-time URL/links scan http://check.gred.jp/?url=
Unmask Parasites   Real-time URL quick scan http://www.unmaskparasites.com/security-report/?page=
VirusTotal   Lookup website risk https://www.virustotal.com/en/#url
F-Secure Browsing Protection Lookup website risk    https://www.f-secure.com/pl_PL/welcome
Trend Micro Site Safety Lookup website risk   https://global.sitesafety.trendmicro.com/
URL Void    Lookup website risk http://www.urlvoid.com/
PhishTank   Search website/URL phishing reports http://www.phishtank.com/
ScumWare.org   Search website/URL malware reports http://www.scumware.org/search.scumware
StopBadware.org Clearinghouse   Search website malware reports https://www.stopbadware.org/clearinghouse/search
MalwareURL   Search website malware reports http://www.malwareurl.com/listing-urls.php
urlQuery   Run a real-time scan of a specific URL http://urlquery.net/
Sucuri SiteCheck   Run a real-time scan of a specific URL http://sitecheck.sucuri.net/
Comodo Site Inspector   Run a real-time scan of a specific URL http://siteinspector.comodo.com/
Zscaler Zulu URL Risk Analyzer   Run a real-time scan of a specific URL https://zulu.zscaler.com/
Quttera   Run a real-time scan of a specific URL or website https://www.quttera.com/#online url malware scanner

Enjoy, my good friends, enjoy...
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33577
  • malware fighter
Re: Tests and other Media topics
« Reply #503 on: September 17, 2017, 08:22:35 PM »
A specific Scientology critical resource: https://umbraxenu.no-ip.biz/mediawiki/index.php/Anonymous_and_critic_sites

A good (re)searcher can beat any hacker any time all of the time.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33577
  • malware fighter
Re: Tests and other Media topics
« Reply #504 on: September 22, 2017, 12:42:34 PM »
How to track url recirects in the browser: https://superuser.com/questions/242138/how-to-track-url-redirects-in-the-browser

and to see where they end up: http://redirectdetective.com/

Enjoy, my good avast friends, enjoy,

polonus (volunteer website security analyst and website error-hunter)

Oh, Firebug Light, nice extension...
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33577
  • malware fighter
Re: Tests and other Media topics
« Reply #505 on: September 24, 2017, 03:56:44 PM »
JQuery is a sink!

Read: http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html
and https://ttmm.io/tech/jquery-xss/

Understand while polonus continously scans here: http://retire.insecurity.today/  and here: http://www.domxssscanner.com/

A function or method that can be sonsidered as insecure, when one of its arguments comes from untrusted input

(check at https://observatory.mozilla.org/  whether content is being protected properly CORS
- same origine - SRI hashes generated)

and is not correctly being validated according to the layer the function is communicating to.

jQuery.html is a sink and no one so far complains.

jQuery is also designed to perform different operations based on argument type and content.

Using the same interface for query and executing is a "bad idea".

jQuery as selector?

Never use jQuery() or $() with an unvalidated argument. No matter what version is being used. Read the code!

jQuery developers retire old version (zip all for reference). What one acquires, one also should retire!
Change and lock jQuery do-everything behaviour.

Not allow client side into Http encode URI Component. Do not use $.html() with untrusted input.
Check they work as expected <.*\?>
Test your RegExps.
Client Request Proxy is Frameable by design!
unfriendly header added
x-Ms-Origin: http://cyber.at.track.er
XMLHttpRequest.attr=val
IE sees some code as valid JSON you can still be left with an unvalidated object!
Be shy using 3rd party services that produces 3rd party surprises.
HTML Injection Vuln.
Test an' Audit all 3rd party code (jsunpack)
Angular.JS has interesting injections.

Info credits go to stafano di paola of minded security dot com.

jQuery methods that directly update the DOM

.after() same with append, before, htm,l insert After, insert Before, prepend, prependTo, replaceAl,l replaceWith, unWrap, wrap, wrapAll, wrapInner, all like .method() text() updates DOM but is safe.

Do not send unvalidated data to these methods or properly escape before doing so.

More danger from or $danger immedeately evaluates the input e.g. $("<img src =x  onerror = alert(1)>")

jQuery.globalEval()

All event handlers: bind(events), bind (type, [,data], handlers ()], .0n(), add(html).

More research is needed to identify all the safe versus unsafe methods.

polonus (volunteer website security analyst and website error-hunter)

P.S. Interesting interesting read on the dangers of 3rd party scripts:
https://css-tricks.com/potential-dangers-of-third-party-javascript/

and https://hackcabin.com/post/managing-async-dependencies-javascript/

Damian
« Last Edit: September 25, 2017, 10:18:31 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33577
  • malware fighter
Re: Tests and other Media topics
« Reply #506 on: September 26, 2017, 10:44:20 PM »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33577
  • malware fighter
Re: Tests and other Media topics
« Reply #507 on: October 04, 2017, 09:25:31 PM »
Checking on PHP code -> http://evuln.com/tools/php-security/

Example see attached txt... (this for security reasons, as the security savvy will understand why code as txt file)

polonus

P.S. consider exploits like these: https://www.exploit-db.com/exploits/35743/
Then you like to get such a reaction of the server: "Not Acceptable!

An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security.".

D
« Last Edit: October 04, 2017, 09:37:41 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33577
  • malware fighter
Re: Tests and other Media topics
« Reply #508 on: October 08, 2017, 08:23:33 PM »
How to check on blocklist - added this one to uBlock 0 - http://sanyalnet-cloud-vps.freeddns.org/mirai-ips.txt
Checked this IP 1.180.235.36 -> https://www.abuseipdb.com/check/1.180.235.36
reported there 23 times -> also here: https://cleantalk.org/blacklists/1.180.235.36

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33577
  • malware fighter
Re: Tests and other Media topics
« Reply #509 on: October 09, 2017, 08:39:11 PM »
uBlock Origin found a way against this, but initially this malvertising campaign overcame adblockers:

https://www.technibble.com/forums/threads/malvertising-campaign-finds-a-way-around-ad-blockers.75220/

N.B. Disable "Non Proxied UDP (WebRTC) in your browser!
How to in various browsers: https://whoer.net/blog/article/how-to-disable-webrtc-in-various-browsers/

Check your browser: https://panopticlick.eff.org/

Remember every added extension makes it easier to uniquely make your browser stand out for profiling,
but there actually is no (easy nor hard) way to escape Big Brother to-day...

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!