Author Topic: Tests and other Media topics  (Read 579344 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Tests and other Media topics
« Reply #195 on: April 17, 2015, 01:26:52 PM »
Check and secure Browser and Plug-in check: http://www.check-and-secure.com/browsercheck/_en/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Tests and other Media topics
« Reply #196 on: April 17, 2015, 04:55:26 PM »
A nice companion for Google Chrome's ScriptSafe and uMatrix and uBlock extensions is
Webpage behavior report tool known as Browser JSGuard -
Supported by DeitY & CERT-In, Govt. of India

An Addon for Detecting Malicious and Suspicious Webpages.
Features:
Content/Heuristic based web malware protection.
Alerts the user on malicious web pages.
Provides detailed analysis of a webpage(by clicking on the icon present in Addon bar).

It checks for Hidden iFrame(s) Redirections.
UnAuthorized Redirections
Encoded Javascript
External Domain Requests
Trackers

Download: https://chrome.google.com/webstore/detail/browserjsguard/ncpkigeklafkopcelcegambndlhkcbhb

I tested it and rather like this extension.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Tests and other Media topics
« Reply #197 on: April 17, 2015, 10:27:32 PM »
Real tracking is more extensive than extensions show you.....
See real results via txt file attached
Bitdefender blocks Comscore Beacon and OneStat Tracker, ScriptSafe blocks <WEBBUG> (1)
Ghostery blocks TradeDesk, Avast Online Security does not block any.
Disconnect blocks Google Analytics. uMatrix blocks screencast-o-matic.com. *
http://screencast-o-matic.com links to the following External Domains:
==>twitter-badges.s3.amazonaws.com
==>platform.twitter.com
==>facebook.com  & facebook tracker found.

So there is much more tracking going on under the browser hood than we learn from Bitdefender, DrWeb's, Avast,
Ghostery, Disconnect and the others. The following sites know that you have visited this page:
The following sites know that you visited this page. Click on a site to find out what more it knows about you.
-adsrvr.org
-bing.com
-bkrtx.com
-idg.nl
-leadboxer.com
-plista.com
-stepstone.nl

polonus

P.S. -sync.search.spotxchange.com and others blocked by μMatrix
« Last Edit: April 17, 2015, 10:36:57 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Tests and other Media topics
« Reply #198 on: April 22, 2015, 11:04:39 PM »
Syntax validator online: http://esprima.org/demo/validate.html

enjoy
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Tests and other Media topics
« Reply #199 on: April 23, 2015, 07:16:08 PM »
Check your internet connection in three steps: http://www.check-and-secure.com/ipcheck/_en/solution/clean.php

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Tests and other Media topics
« Reply #200 on: April 23, 2015, 09:52:11 PM »
Real tracking is more extensive than extensions show you.....
See real results via txt file attached
Bitdefender blocks Comscore Beacon and OneStat Tracker, ScriptSafe blocks <WEBBUG> (1)
Ghostery blocks TradeDesk, Avast Online Security does not block any.
Disconnect blocks Google Analytics. uMatrix blocks screencast-o-matic.com. *
http://screencast-o-matic.com links to the following External Domains:
==>twitter-badges.s3.amazonaws.com
==>platform.twitter.com
==>facebook.com  & facebook tracker found.

So there is much more tracking going on under the browser hood than we learn from Bitdefender, DrWeb's, Avast,
Ghostery, Disconnect and the others. The following sites know that you have visited this page:
The following sites know that you visited this page. Click on a site to find out what more it knows about you.
-adsrvr.org
-bing.com
-bkrtx.com
-idg.nl
-leadboxer.com
-plista.com
-stepstone.nl

polonus

P.S. -sync.search.spotxchange.com and others blocked by μMatrix
I've used and recommended Screencast-O-Matic for a few years.
It's my main program for creating instructional and other Video's.
I also use it to create screenshots which you'll find on many of the posts in this forum.
There is blocking and then there's getting a little out of hand.
Why not simply stop using any of the modern browsers and stop going to any of the websites ???
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Tests and other Media topics
« Reply #201 on: April 23, 2015, 11:08:13 PM »
Hi bob3160,

Well me demonstrating this is just for educational purposes and just to show how one-sided the whole story has become.
It seems the user is just being tolerated for what known reasons, but does not play any role. The users are just generating clicks in a pay per click model.

And it is gonna get much worse when TTP arrives - companies and investors would be empowered to challenge regulations, rules, government actions and court rulings — federal, state or local — before tribunals and the role of governments and end-users will be further minimalized, as lawyers like to have their piece of the cake with these big international corporations.

That is where we are heading in the near future on both sides of the Atlantic and there is not much we can do about it,
so I will happily browse on while I can and use Google as my global instrument with Avast inside.  ;D

Damian
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Tests and other Media topics
« Reply #202 on: April 24, 2015, 06:39:54 PM »
Example generated Javascript Alert Code
Copy and paste the code between the <head> </head> tags of your webpage. The alert will pop up on page load
Code: [Select]
<SCRIPT LANGUAGE="JavaScript">
<!-- Hide from older browsers
alert('You are getting this alert at this very moment');
// end hiding -->
</SCRIPT>

Handy code generators here: http://www.htmlbasix.com/

And to bring in some randomness go here: http://www.randomcodegenerator.com/

pol
« Last Edit: April 24, 2015, 06:50:29 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Tests and other Media topics
« Reply #203 on: April 25, 2015, 02:03:10 PM »
Is this a secure service?: https://www.dashlane.com/scan/11#/login

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Tests and other Media topics
« Reply #204 on: April 25, 2015, 04:08:32 PM »
Is this a secure service?: https://www.dashlane.com/scan/11#/login

polonus
A service of Dashlane the Password Manager program.
(if you trust them with your passwords, then this should be safe. :)

Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Tests and other Media topics
« Reply #205 on: April 26, 2015, 03:04:51 PM »
Mixed content still the easiest way to break SSL: http://blog.ivanristic.com/2014/03/https-mixed-content-still-the-easiest-way-to-break-ssl.html  (web article author = Ivan Ristić).
Check the insecure content on a website here: https://www.jitbit.com/sslcheck/
or here: https://www.whynopadlock.com/

Re: https://www.bram.us/2014/12/10/mixed-content-scan-scan-your-https-enabled-website-for-mixed-content/
Fix
The best strategy to avoid mixed content blocking is to serve all the content as HTTPS instead of HTTP.

For your own domain, serve all content as HTTPS and fix your links.  Often, the HTTPS version of the content already exists and this just requires adding an "s" to links - http:// to https://.

For other domains, use the site's HTTPS version if available. If HTTPS is not available, you can try contacting the domain and asking them if they can make the content available via HTTPS.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Tests and other Media topics
« Reply #206 on: April 26, 2015, 05:41:53 PM »
I often see a lot of site with insecure login flagged by saferChrome, like here:
SaferChrome: Insecure login: Password will be transmited in clear to http://www.dagelijksestandaard.nl/wp-login.php?redirect_to=%2F2015%2F04%2Fvijf-lekkere-snacks-die-je-koningsdag-nog-beter-maken%2F5%2F detected

Read: http://www.stealmylogin.com/ written by Alex Sirota
Exposing the dangers of insecure login forms *

The bookmarklet (from here *) used to test:
Code: [Select]
GET //data.stealmylogin.com/stealmylogin.js';document.getElementsByTagName('head')[0].appendChild(s);alert('StealMyLogin%20injected');})(); HTTP/1.1
Host: javascript:(function() {var s=document.createElement('script');s.src='http:

polonus

« Last Edit: April 26, 2015, 05:48:49 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Tests and other Media topics
« Reply #207 on: April 27, 2015, 12:27:32 AM »
Testing for SHA-1 online.
Unsecure, checked at: https://shaaaaaaaaaaaaa.com/check/www.tivo.com
results: Dang.
www.tivo.com is using SHA-1.
Which is too bad, because SHA-1 is becoming dangerously weak. It's time to upgrade to SHA-2.
Compare here:
http://toolbar.netcraft.com/site_report?url=https%3A%2F%2Fwww.tivo.com%2Ftivo-mma%2Flogin%2Fshow.do

Read on backgrounds: https://konklone.com/post/why-google-is-hurrying-the-web-to-kill-sha-1http://toolbar.netcraft.com/site_report?url=https%3A%2F%2Fwww.tivo.com%2Ftivo-mma%2Flogin%2Fshow.do

On that page as a bonus a converter: http://konklone.io/json/

polonus
« Last Edit: April 27, 2015, 12:34:53 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Tests and other Media topics
« Reply #208 on: May 01, 2015, 02:34:00 PM »
Test your PHP code online here:
http://www.icosaedro.it/phplint/phplint-on-line.html
Results for some code I gave in:
Code: [Select]
PHPLint report
PHPLint 2.1_20150305
Copyright 2015 by icosaedro.it di Umberto Salsi
This is free software; see the license for copying conditions.
More info: http://www.icosaedro.it/phplint

BEGIN parsing of /tmp/test-61ynKJ
1:      <?php
2
:      function rbl_lookup($ipv4) {

        function 
rbl_lookup($ipv4) {
                                  \
_ HERE
==== 2ERRORundefined type for argument $ipv4Hintyou may indicate an explicit type (example: `/*.int.*/ $ipv4') or assign a default value (example: `$ipv4=123') or add a DocBlock line tag (example: `@param int $ipv4').
3:          $ip explode("."$ipv4);
4:          $rbl_url ".rbl.blockedservers.com";
5:          $rbl_hostname $ip[3].".".$ip[2].".

            
$rbl_hostname = $ip[3].".".$ip[2].".
                                                \
_ HERE
==== 5Warningfound control character (carriage return, CR13in literal stringThis msg is reported only once for each string
6
:                        ".$ip[1].".".$ip[0]."". $rbl_url;
7:      
8:          
$rbl_lookup = gethostbyname($rbl_hostname);
9:      
10:         if(
$rbl_lookup == $rbl_hostname) {

            if(
$rbl_lookup == $rbl_hostname) {
                                           \_ HERE
==== 10: ERROR: comparing (string) == (string) - Hint: use strict comparison operator `===' instead.
11:             return 1;
12:         }
13:         else {
14:             return 0;
15:         }
16:     }
17:     ?>

END parsing of /tmp/test-61ynKJ
==== ?:?: notice: unused module mysql.php
==== ?:?: notice: unused module pcre.php
==== ?:?: notice: unused package stdlib/dummy.php
==== ?:?: notice: required module standard.php
Overall test results: 2 errors, 1 warnings.
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Tests and other Media topics
« Reply #209 on: May 05, 2015, 03:40:21 PM »
Test - Check the Revocation Lists (CRL) and the OCSP status of an (SSL) Certificate
online here: http://certificate.revocationcheck.com/
Test Created by Paul van Brouwershaven

In the days of HTTPS Everywhere we need such checks more than ever.
Nice to combine with a Netcraft Tool Results report.

We even have some risk here: http://toolbar.netcraft.com/site_report?url=http://certificate.revocationcheck.com
Bad zone = alex.ns.cloudflare.com -> http://www.dnsinspect.com/cloudflare.com/1430833139
Read: https://blog.cloudflare.com/whats-the-story-behind-the-names-of-cloudflares-name-servers/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!