Author Topic: Tests and other Media topics  (Read 579329 times)

0 Members and 2 Guests are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Tests and other Media topics
« Reply #165 on: February 22, 2015, 05:18:49 PM »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Tests and other Media topics
« Reply #166 on: February 22, 2015, 06:11:50 PM »
Test for the Superfish Komodia problem on your machine!
Test is here: https://filippo.io/Badfish/

No badfish for me, probably not intercepting my connections!

I generally never bother with these tests as for the most part I have to actually let the test through NoScript and RequestPolicy. But a bigger consideration is that you have to trust the test site and you all know what a trusting sort I am NOT.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Tests and other Media topics
« Reply #167 on: February 22, 2015, 10:26:24 PM »
The test link appeared on several renowned security forums, so I very much doubt there is something fishy about it.
Else you have to dig deep down into the register to get to traces of this.
There are 5 native scripts on that test site, none of which blocked and only google analytics dot com.
Nothing out of the ordinairy here as well: http://www.dnsinspect.com/filippo.io/1424639646 - hosted by CloudFlare.
I tested this site before I passed it on: http://fetch.scritch.org/%2Bfetch/?url=https%3A%2F%2Ffilippo.io%2FBadfish%2F&useragent=Fetch+useragent&accept_encoding=

In the case of Yes, the connection is not private: htxps://san.filippo.io/yes.js?cachekill=
and htxps://selfsigned.filippo.io/yes.js?cachekill=  &  htxps://badfish.filippo.io/yes.js?cachekill=
Could not get domain's name servers from parent servers, because it is self-signed naturally  ;D
html5shiv.js was implemented by the researchers to get results from earlier IE versions.

Security Header Status for test site - https://www.uploady.com/download/l0pdXoxI5Pi/7jjn923f6vpne2jP
Warnings on: The secure flag on cookies instructs the browser to only submit the cookie as part of requests over secure (HTTPS) connections. This prevents the cookie from being observed as plain text in transit over the network.
The HttpOnly flag instructs the browser that this cookie can only be accessed when sending an HTTP request. This prevents scripts running as part of a page from retrieving the value and is a defense against XSS attacks.
Major Warning: Data returned in web responses can be cached by user's browsers as well as by intermediate proxies. This directive instructs them not to retain the page content in order to prevent others from accessing sensitive content from these caches. But we have to trust the researcher expert's good intentions.

Again the proverb goes""You can take a horse to the water, but tou cannot make it drink!".

Damian

Manual removal of that Superfish: https://filippo.io/Badfish/removing.html
« Last Edit: February 22, 2015, 10:55:00 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2219
    • The WAR Against Malware
Re: Tests and other Media topics
« Reply #168 on: February 23, 2015, 03:37:28 AM »
Time to clean the crap and junk from your computer: http://www.pcworld.com/article/2141881/beat-it-bloatware-how-to-clean-the-crap-off-your-pc.html

polonus
Another reason why to choose Chrome OS over traditional OSes :D

Greets
~!Donovan
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Tests and other Media topics
« Reply #169 on: February 23, 2015, 01:41:31 PM »
For one aspect DavidR is right, the SuperFish test site is vulnerable to POODLE: http://toolbar.netcraft.com/site_report/?url=https%3A%2F%2Ffilippo.io%2FBadfish
One big question as end-user - "What parties are left that we really can trust with our connections and data". From the days of the famous NSA revelations we know that we cannot put any trust anymore in Big Government and now it is shown that we cannot trust Big Commerce either. What more proof do we need - bad certificates, degraded and backdoored protocols, bad security implimentations and all of this more or less done on purpose to turn the Interwebs into one enormous big monitoring and surveillance machine that dragnets all your data for whoever benefits. Anyone who wants to color another picture there is wrong or keeping up the big lie especially to themselves - the Internet, my best friends, is pn*wned big time and has been so since the turn of this century.

Damian
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Tests and other Media topics
« Reply #170 on: February 23, 2015, 02:30:00 PM »
Firefox now considers blacklisting: https://bugzilla.mozilla.org/show_bug.cgi?id=1134506

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Tests and other Media topics
« Reply #171 on: February 23, 2015, 03:29:12 PM »
For one aspect DavidR is right, the SuperFish test site is vulnerable to POODLE: http://toolbar.netcraft.com/site_report/?url=https%3A%2F%2Ffilippo.io%2FBadfish
One big question as end-user - "What parties are left that we really can trust with our connections and data". From the days of the famous NSA revelations we know that we cannot put any trust anymore in Big Government and now it is shown that we cannot trust Big Commerce either. What more proof do we need - bad certificates, degraded and backdoored protocols, bad security implimentations and all of this more or less done on purpose to turn the Interwebs into one enormous big monitoring and surveillance machine that dragnets all your data for whoever benefits. Anyone who wants to color another picture there is wrong or keeping up the big lie especially to themselves - the Internet, my best friends, is pn*wned big time and has been so since the turn of this century.

Damian
There are always smoke signals but they can also be intercepted.
2 cans connected by a string might be better.
There is an old saying that states:
"In God we trust, all others pay cash." It simply means there isn't any one in this world that can really be trusted.
Any time you share with anyone, you are taking a chance on having your information shared with an unexpected party.
I go back to the days when a handshake was your bond. Now, a handshake is simply another way of spreading germs.
This world has come a long way and there have been many technological improvements.
For somethings however we've also taken a giant stride backwards.





Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Tests and other Media topics
« Reply #172 on: February 23, 2015, 03:54:18 PM »
Hi bob3160,

I saw that all coming when I wrote this thread: https://forum.avast.com/index.php?topic=165018.0 re-read it and start to shiver, it brought us SuperFish and PrivDog and more corruption for that matter.
Just go here: http://cyh.herokuapp.com/cyh and check
Test here against POODLE: https://www.poodlescan.com/
Test here: http://toolbar.netcraft.com/site_report/
Now you will find that there is an enormous amount of https servers that are not following best policy configuration - have missing security headers - are forwarding excessive info to script kiddies and attackers or are just into shady ad-ware schemes and deals.
All that should really be trustworthy is backdoord, officially being downgraded, pn8wed grand time and no-one is stirring a finger - like the Wild West in 1871 where the sheriff was chased off by the criminals. Who is gonna speak up for the end-user?

And I have been addressing these insecurities time and time again with my website scanning in the virus and worms. If it only could convince one websmaster or hosting party to do a better job for the security of all.

Damian
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Tests and other Media topics
« Reply #173 on: February 26, 2015, 01:38:12 PM »
A browser can check a certificate from a webserver whether it is actual and not revoked.
Is this a trusted CA? DANE helps you.
Test here: http://www.dnssec-failed.org/
and here: https://bad-sig.dane.verisignlabs.com/

Read: http://www.thesafemac.com/avasts-man-in-the-middle/
Anyone to comment to this story. Is it trustworthy info or a rant, as it pretty much required behavior for antivirus software when they want to scan https://
Likewise settings are found with ESET and Kaspersky;s but not in a standard way.

We trust in Avast, unless we test.

Also test here: https://www.had-pilot.com/dane/danelaw.html

polonus
« Last Edit: February 26, 2015, 01:46:09 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Tests and other Media topics
« Reply #174 on: February 26, 2015, 07:08:42 PM »
In the light of the spreading Super Fish Scandal, test DNSSEC: http://dnssec-debugger.verisignlabs.com/

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Tests and other Media topics
« Reply #175 on: February 26, 2015, 07:12:58 PM »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Tests and other Media topics
« Reply #176 on: March 04, 2015, 01:00:08 AM »
Do this test to see whether your web client is vulnerable to the Freak Attack Threat:
https://www.freakattack.com/clienttest.html
My results Good News! Your browser appears to be safe from the FREAK Attack!
If you're curious, your client currently offers the following cipher suites:

But read: https://community.qualys.com/thread/12169
Checked OK here: https://www.ssllabs.com/ssltest/viewMyClient.html

polonus
« Last Edit: March 04, 2015, 01:02:45 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Tests and other Media topics
« Reply #177 on: March 05, 2015, 05:40:28 PM »
As Open DNS now brought Nlp checking for domains - so checking the domain name comes with the same ASN and resembling domains  like -g00gle.com will get 2 minus points.
But we can also test websites here for Nlp: http://nlp-system.com.statstool.com/
and combine with this scan: http://www.dnsinspect.com/
Enjoy, my friends, enjoy.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Tests and other Media topics
« Reply #178 on: March 05, 2015, 08:39:51 PM »
As Open DNS now brought Nlp checking for domains - so checking the domain name comes with the same ASN and resembling domains  like -g00gle.com will get 2 minus points.
But we can also test websites here for Nlp: http://nlp-system.com.statstool.com/
and combine with this scan: http://www.dnsinspect.com/
Enjoy, my friends, enjoy.

polonus
We can also use Avast's Online Security module and make sure the Site Correct function is checked:

This will prevent you form getting to that bad site in the first place. :)
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Tests and other Media topics
« Reply #179 on: March 05, 2015, 08:50:59 PM »
Hi bob3160,

I always have an eye out on the green circle there.
See my settings now: https://www.uploady.com/download/MYNvUuPtuYV/iL9cBzhb2kcEbfJy

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!