Author Topic: Tests and other Media topics  (Read 302113 times)

0 Members and 2 Guests are viewing this topic.

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6712
  • Trust only what you test yourself!
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32691
  • malware fighter
Re: Tests and other Media topics
« Reply #286 on: August 05, 2015, 12:11:16 PM »
A question to the forum users,
Who uses the wonderful protection of uMatrix extension inside Google Chrome or inside Firefox?

It keeps you in full control of where your browser is allowed to connect for all domains, the present domain, and for all third party domains (some domains are blocked as by default like google.analytics etc. etc.) You can toggle for blocking/unblocking per cookie, css, image, plug-in, script, XHR, frame, others. Red is blocked and green is allowed to connect. You can turn the filtering off per website. You can save all temp. changes for a website or delete such temp. settings. Renew the page from inside uMatrix. Visit the logger.
You can set spoofing for agent (on/off), referer spoofing (on/off)and strict HTTPS (on/off). You can delete all temp. changes to the default settings under + or g to the dashboard. You can change settings for visibility, use block lists, use your own permanent and temp. filters. I think it is so versatile anyone can learn to use it and even as per default it gives loads of protection.

Like to hear your reactions,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67274
Re: Tests and other Media topics
« Reply #287 on: August 05, 2015, 01:10:00 PM »
A question to the forum users,
Who uses the wonderful protection of uMatrix extension inside Google Chrome or inside Firefox?
I use.
The best things in life are free.

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6712
  • Trust only what you test yourself!
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32691
  • malware fighter
Re: Tests and other Media topics
« Reply #289 on: August 08, 2015, 01:39:32 AM »
HTML5 Canvas Fingerprinting test: https://www.browserleaks.com/canvas
On the project: https://github.com/Valve/fingerprintjs
See how it is supported in the browser: http://caniuse.com/#search=canvas
Test: http://www.html5accessibility.com/tests/canvas.html
Protection: http://fingerprint.pet-portal.eu/?menu=6  and now also via Privacy Badger extension.

Quite annother form of Figerprinting: https://www.grc.com/fingerprints.htmDomain Name   Certificate Name   EV   Security Certificate's Authentic Fingerprint   Click to view complete certificate chain
forum.avast.com   *.avast.com   —   DF:57:EC:1C:3A:4D:EE:B2:55:46:5F:26:08:0B:8E:92:74:4A:D8:00

Test the uniqueness of your browser and what it revealse: https://panopticlick.eff.org/index.php?action=log&js=yes
See Content Filtering and Proxy Detection in my browser attached.

polonus
« Last Edit: August 08, 2015, 01:56:58 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32691
  • malware fighter
Re: Tests and other Media topics
« Reply #290 on: August 08, 2015, 01:38:04 PM »
Hi folks,
Quote taken from browserleaks
Quote
Disable WebRTC in Chrome
WebRTC in Google Chorme is supported and enabled by default since Chorme version 23 (and based on it, ex. Opera, Vivaldi).

Bad news:

You CAN'T turn off WebRTC on desktop version of Google Chrome, Disable WebRTC flag is available only on Android.

Good news:

There is a Chrome Extension: WebRTC Block.

Extension hides your public IP when you're behind VPN. It will leak only VPN's public IP, but not your real provider IP address! Extension also hides your Local/NAT IP addresses.

Unfortunately, if you're behind proxy but not VPN, WebRTC Block will not help you.

I can't do anything, and no one can. This piece of the periodic table is ****ed by design. So PLEASE stop insulting me on mail and webstore that it's "NOT WORKING !!!" :)

Just use FF. There is no drama.
This is further proof for me that the Google Chrome browser  is one giant tracking machine by default -
Looking at the extension the developer of it states:
Quote
Disable WebRTC in Your Web Browser!
At the moment, there is no way to completely  Block WebRTC in Google Chrome.

I should say sorry, but I cant just rename the extension.


Google Chrome is putting some individuals at risk here, read: https://productforums.google.com/forum/#!topic/chrome/QN7jleWJawY

But this works, alas not on Android, go to address bar and type chrome://flags/#disable-webrtc

polonus
« Last Edit: August 08, 2015, 01:45:06 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 44120
  • 60 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Tests and other Media topics
« Reply #291 on: August 08, 2015, 04:04:04 PM »
Hi folks,

(Snip)

polonus
More information and a discussion on this topic at:
https://code.google.com/p/chromium/issues/detail?id=333752
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1909 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.7.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32691
  • malware fighter
Re: Tests and other Media topics
« Reply #292 on: August 08, 2015, 04:11:34 PM »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32691
  • malware fighter
Re: Tests and other Media topics
« Reply #293 on: August 09, 2015, 11:42:58 PM »
When you detect website malware every day all of the day, like I do, I'd also like to test a domainn for SSL Protocol Support.
We can test here: https://foundeo.com/products/iis-weak-ssl-ciphers/test.cfm?test_domain=m-pathy.com
Nice candidates for weaknesses are to be found here: https://www.eff.org/https-everywhere/atlas/domains/m-pathy.com.html
That is why I haven't set hhtps as per default.
Browser JSGuard is an extension that will alert you when your log-in data go in plain txt over the wire.
For instance what is wrong here: https://www.m-pathy.com/
Well let us start here and that is not encouraging:
HTTP Server: Apache HTTP Server 2.4.10
PHP Version: 5.3.26 (Outdated)

The protocol settings:
Protocol   Status   Recommendation
SSLv2   SSLv2 is Disabled   SSLv2 is weak and should be disabled. More information.
SSLv3   SSLv3 is Disabled   Consider disabling SSLv3 to mitigate the POODLE attack. Should be disabled for PCI DSS 3.1 Compliance
TLSv1   TLSv1 is Enabled   TLSv1 may be enabled for existing implementations, however PCI DSS 3.1 § 2.2.3 states that: SSL and early TLS are not considered strong cryptography and cannot be used as a security control after June 30, 2016. Prior to this date, existing implementations that use SSL and/or early TLS must have a formal Risk Mitigation and Migration Plan in place. Effective immediately, new implementations must not use SSL or early TLS
TLSv1.1   TLSv1.1 is Enabled   TLSv1.1 may be enabled for existing implementations, however PCI DSS 3.1 § 2.2.3 states that: SSL and early TLS are not considered strong cryptography and cannot be used as a security control after June 30, 2016. Prior to this date, existing implementations that use SSL and/or early TLS must have a formal Risk Mitigation and Migration Plan in place. Effective immediately, new implementations must not use SSL or early TLS. Some assert that the term early TLS includes both TLS 1.0 and 1.1, check with your PCI QSA.
TLSv1.2   TLSv1.2 is Enabled   TLS 1
Certicate problem for one IP: https://www.ssllabs.com/ssltest/analyze.html?d=m-pathy.com
E-commerce Safety Information
Transaction Protection
Certified SSL is used to encrypt transactions
SSL Issuer: AlphaSSL CA - SHA256 - G2
SSL Expires: 2018-02-19 01:26:54 UTC
See also: http://toolbar.netcraft.com/site_report?url=https://www.m-pathy.com

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 44120
  • 60 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Tests and other Media topics
« Reply #294 on: August 09, 2015, 11:46:53 PM »
Most people, unless like you they are looking for malware, hardly ever "run into it" provided the are reasonably protected.
I haven't received a warning about running into a malicious website or an infection in a very, very long time. :)


Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1909 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.7.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32691
  • malware fighter
Re: Tests and other Media topics
« Reply #295 on: August 10, 2015, 12:17:26 AM »
Hi bob3160,

When you are surfing with Google Chrome you often run into SSL sites that do not have the full green padlock.
You´d never click the yellow triangle showing there is also insecure content on a site that does not go via ssl.  :o
I often still see a lot of sites like this for instance : IEEE Xplore Abstract - Browser JS Guard: Detect... padlock icon
ieeexplore.ieee.org
Alerts (1)
Insecure login (1)
Password will be transmited in clear to http://ieeexplore.ieee.org/servlet/LoginModalController

When the green padlock is missing and I see such red alerts and I investigate and other users should also hesitate and check what they are going to do there and whether their info is safe going to that site or log-in.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 44120
  • 60 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Tests and other Media topics
« Reply #296 on: August 10, 2015, 12:21:23 AM »

It isn't green but I still visit the site. As you know, I don't put my system through all the hoops you do.

Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1909 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.7.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32691
  • malware fighter
Re: Tests and other Media topics
« Reply #297 on: August 10, 2015, 12:49:48 AM »
Hi bob3160,

It is not about going through hoops, I do all this as a volunteer forum member to detect insecurities and report them to Avast so the Avast team may protect all of their users better and I found quite something up over the last few years.

I am far from expecting the average user to do similar things. This thread is meant for people that are in website scanning, website owners, security analysts, hosters, and a couple of other enthusiasts here on the forums.

I do not say you have to go to sites like I do and with the suspicion and the experience I have stashed at the back of your mind, no-way, that is just for website analysts and other forum users here that like the subject.

But I should like it a lot for the average user to become just a little tad more aware and concerned. Do not just trust all you were being told, because all you are being told is not always the truth where website security is concerned. Our forum member, Para-Noid, would say: `It is secure only what you have tested to be secure!´.

Damian
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32691
  • malware fighter
Re: Tests and other Media topics
« Reply #298 on: August 10, 2015, 11:02:25 PM »
"There is another obscure way of tracking users without using cookies or even Javascript."
Read about this and test here:
"http://lucb1e.com/rp/cookielesscookies/"
This is stopping "this 'phorming": https://www.dephormation.org.uk/index.php?page=81

polonus

P.S. The main reason for this test was to promote self-desrructing cookies like with Crunch etc.

D
« Last Edit: August 10, 2015, 11:05:10 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6712
  • Trust only what you test yourself!
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.