Author Topic: Tests and other Media topics  (Read 307676 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32774
  • malware fighter
Re: Tests and other Media topics
« Reply #330 on: December 08, 2015, 12:24:06 AM »
Interesting search site: -https://crt.sh/? Enter an Identity (Domain Name, Organization Name, etc),
a Certificate Fingerprint (SHA-1 or SHA-256) or a crt.sh ID:
(% = wildcard)
Check for phishers that use free let's encrypt certificates here: -https://crt.sh/? Identity Search
See the Google Safebrowsing alert here: -https://www.electronicfrontierfoundation.org/
Before "let's encrypt" came in, was such a thing possible? Consider this safe entry: https://www.eff.org/

polonus (volunteer website security analyst and website error-hunter)

P.S. Another good search site for such abuse: -https://exchange.xforce.ibmcloud.com/url/cpe-198-72-160-0.socal.res.rr.com
(to go there use the address without the preceding -)

D
« Last Edit: December 08, 2015, 01:19:54 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 44327
  • 60 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Tests and other Media topics
« Reply #331 on: December 08, 2015, 12:34:02 AM »

I even got a warning from Google in the email notification to this post:
« Last Edit: December 08, 2015, 01:38:07 AM by bob3160 »
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v20H2 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.7.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32774
  • malware fighter
Re: Tests and other Media topics
« Reply #332 on: December 08, 2015, 01:04:18 AM »
Hi bob3160,

Break your links in the quote, please, like I did and that Google warnings goes,

damian

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Gopher John

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2100
Re: Tests and other Media topics
« Reply #333 on: December 08, 2015, 07:54:08 PM »
https://isc.sans.edu/forums/diary/Patch+Tuesday+Warmup+Internet+Explorer+Sunset+and+Windows+XP+Embedded+End+of+Support/20459/

Patch Tuesday Warmup: Internet Explorer Sunset and Windows XP Embedded End of Support

As we are waiting for the Microsoft Santa to slide down our Data Center air conditioning duct later today to deliver a delicious package of patches (did you leave some floppy disks and a can of red bull out for him?), we got a couple other announcements from Microsoft that should not be overlooked:

- January will be the last month Microsoft will provide updates for any Internet Explorer version other than Internet Explorer 11! Even Internet Explorer 10 will no longer be supported after January patch Tuesday (January 12th, 2016).

- Support will also end for Windows XP Embedded. This will also make it more difficult for other Windows XP left-overs that tricked their version to use the Embedded updates. But nobody should be running XP anyway (right?).

- Still running Windows 7 or 8.1 (sure way to stay on MSFT Santa's "naughty" list)? Rumor has it that with today's patch Tuesday, Microsoft may re-enable the auto-upgrade to Windows 10. You may flip the switch back to not update, but it will set itself to "on" once a day.

[1] https://www.microsoft.com/en-us/WindowsForBusiness/End-of-IE-support
[2] https://support.microsoft.com/en-us/lifecycle/search/default.aspx?=&alpha=Windows%20XP
​[3] http://www.computerworld.com/article/3012278/microsoft-windows/microsoft-sets-stage-for-massive-windows-10-upgrade-strategy.html#tk.rss_all
AMD A6-5350M APU with Radeon HD Graphics, 8.0GB RAM, Win7 Pro SP1 64bit, IE11
i7-3610QM 2.3GHZ, 8.0GB Ram,  Nvidia GeForce GT 630M 2GB, Win7 Pro SP1 64bit, IE 11
Common to both: Avast Premium Security 19.7.2388, WinPatrol Plus, SpywareBlaster 5.5, Opera 12.18, Firefox 68.0.2, MBam Free, CCleaner

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32774
  • malware fighter
Re: Tests and other Media topics
« Reply #334 on: December 14, 2015, 02:05:07 PM »
Untraceable communication launched: http://news.mit.edu/2015/untraceable-anonymized-communication-guaranteed-1207
Code can be found here: https://github.com/davidlazar/vuvuzela  &  https://github.com/jlmart88/vuvuzela-web-client
With a network manager this cannot be safe. Just like the real Vuvuzela will produce, a lot of noise from hot air.....
The future is to go server-less: https://github.com/ricochet-im/ricochet
and another alternative for just the addressee: https://bitmessage.org/wiki/Main_Page

polonus
« Last Edit: December 14, 2015, 02:26:22 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32774
  • malware fighter
Re: Tests and other Media topics
« Reply #335 on: December 15, 2015, 01:46:48 AM »
Detecting what Ghostery does and abusing it for ad-tracking....http://blog.securitee.org/?p=277
Some of the code mentioned in the reports seems also to disable Adgueard protection,
I reported a beta test form to them..https://news.ycombinator.com/item?id=4907609

polonus
« Last Edit: December 15, 2015, 01:52:21 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32774
  • malware fighter
Re: Tests and other Media topics
« Reply #336 on: December 15, 2015, 02:16:59 PM »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32774
  • malware fighter
Re: Tests and other Media topics
« Reply #337 on: December 17, 2015, 04:45:40 PM »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32774
  • malware fighter
Re: Tests and other Media topics
« Reply #338 on: January 30, 2016, 01:28:54 AM »
Back to actuality and worth to test your server against TLS Logjam: https://tools.keycdn.com/logjam
OK and upgrade and patch whenever one could implement.
Another test there HTTP/2 Test - a simple test to verify your server: https://tools.keycdn.com/http2-test
Results:
HTTP/2 Test Result forum.avast.com

Negative! forum.avast.com does not support HTTP/2.0. Supported protocols: http/1.1
ALPN is not supported. (Confirmed here: http://www.webconfs.com/http-header-check.php )

For a SPDY check go here: https://spdycheck.org/
For the forums here: SPDY Protocol Not Enabled!
Seriously? This SSL/TLS server is using the NPN Entension to tell browsers it supports alternative protocols, but SPDY is not a protocol it supports. The server is not making SPDY an option. Since all the pieces are in place, hopefully it will be easy to enable SPDY support with this server.

polonus
« Last Edit: January 30, 2016, 01:44:28 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32774
  • malware fighter
Re: Tests and other Media topics
« Reply #339 on: January 31, 2016, 12:31:12 AM »
No more dead links thanks to open source Amber plug-in for custom CMS: http://amberlink.org/

see: http://www.youtube.com/embed/25Kz7PqapG4

By the way always keep your CMS up to date, disable user enumeration and directory listing for WordPress etc.,
retire old and left code (zip-file for later reference) for jQuery libraries; harden your server software and
let your server software not "talk that loud", for instance via excessive server header info proliferation.
Cookies not flagged as "HttpOnly" may be read by client side script. Websites are at risk of a clickjacking attack when they allow content to be embedded within a frame.....

So stay safe and secure, and that is the wish of,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32774
  • malware fighter
Re: Tests and other Media topics
« Reply #340 on: January 31, 2016, 11:34:41 PM »
Play these old dosgames in the browser from archives, like for instance: https://archive.org/details/msdos_Prince_of_Persia_1990
or Wolfenstein: https://archive.org/details/msdos_Wolfenstein_3D_1992
Sim City first code released: http://weblogs.asp.net/bsimser/simcity-source-code-released-to-the-wild-let-the-ports-begin
Stunts: https://archive.org/details/msdos_Stunts_1990   for the old style gamer.
etc. etc. Source article with more examples: Donovan Kerssenberg

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32774
  • malware fighter
Re: Tests and other Media topics
« Reply #341 on: February 10, 2016, 12:28:20 AM »
SRI Hash Website Scanner to to scan any website for Subresource Integrity (SRI) cryptographic hashes.
For what it is worth, read the commenting article here: http://www.theregister.co.uk/2016/01/15/china_github_attack_defence_test/
link article author = John Leiden
We are safe here:
Site
https://forum.avast.com/index.php?action=post;topic=129271.330;last_msg...
Scan Date
Today at 12:26 AM
Status Code
HTTP 302 Found (Redirect)
Scripts
Found 0 unsafe scripts out of 0 script tags
Stylesheets
Found 0 unsafe stylesheets out of 0 stylesheet tags
Also read: https://frederik-braun.com/using-subresource-integrity.html

Enjoy, my good friends, enjoy, example scan: https://sritest.io/#report/04fc4b00-34a8-4b60-9c79-4031cd0c65e5

A Word-Press plug-in to automatically insert Subresource Integrity attributes: https://wordpress.org/plugins/wp-sri/

polonus (volunteer website security scanner and website error-hunter)
« Last Edit: February 10, 2016, 01:13:51 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32774
  • malware fighter
Re: Tests and other Media topics
« Reply #342 on: February 11, 2016, 04:09:01 PM »
Website owners should seek to prevent their websites from getting attacked and compromised/abused/defaced etc.
Check here with Uptime Robot, it is for free: http://uptimerobot.com/#newUser

A few tips to prevent website hacks and defacements.

1. Always keep your server operation software and any other software that is running on your website up to date.
Know that attackers are know to abuse out of date or left software.

2. Hosting company managment solution should keep you secure. Go for dedicated hosting. Whenever on shared hosting,
get to know your neighbors, else ask to be moved out on a different server.
Cheap or free bulk hosting will give you two rewards you do not want - security issues or performance issues.
The choice of a good hosting provider is the most important choice you may come to make.

3. With CMS and forum software apply security updates. WordPress should notify you whenever you log in.
Disable user enumeration and directory listing. Update (free) plug-ins and retire left code.

4. Always use parameteriosed queries to avoid risks of Standard Transact SQL.

5. XSS. Always ensure you check om data that are being submitted and encode or strip out HTML.
Use SRI hashed attributes, the solution came out of beta now. There is a free WordPress plug-in for it.

6. Keep your server and CMS software silent, do not let it speak out loud, keep your error messages vague.

7. Use an appropriate complex password routine, store them encrypted and salted.

8. Prevent direct access to uploaded files alltogether, store them outside root or on a blob.

9. Have your database on a different server and your webserver as well, so it cannot be directly accessed.

10. SSL. It is a good idea to use it for personal data that could become corrupted.

11. Block automated script attacks. Use code scanning as an early warning system. We started this posting on that one.

12. Scan for typical exploit code.

13. Use DNS Blacklists.

14. Avoid PHP running as a module when allowing global write permission.
 
15.Critical websites should undergo penetration testing.

16. Protect sensitive data by putting them in separate files for config and data base.
Avoid client side checking with Javascript, it is insecure.

17. Implement automated backups for actual website and supporting databases.

18. Disable anonymous FTP on your server. Only allow access from outside via ports 80 and 443.

19. Avoid public PCs and Wifi Points to get access to your admin panel. Use a VPN.
Do not update your blog from the barber shop. It looks cool, however it is insecure practice.

20. Check your logs. Limit access to your resources. Use stronger passwords, and do not use default ones.

Info credits go out to authors from Decision Group and mafudge


polonus
« Last Edit: February 11, 2016, 10:49:57 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32774
  • malware fighter
Re: Tests and other Media topics
« Reply #343 on: March 01, 2016, 05:11:29 PM »
A new serious vulnerability has been found for the SSL protocol, named DROWN - Decrypting RSA using Obsolete and Weakened eNcryption - Read on it here: https://www.drownattack.com/
And test for it here online: https://test.drownattack.com/
So what attacks will await us next, we had POODLE, Heartbeat, HEARTBLEED, and now we have DROWN.
One-third of all HTTPS websites open to DROWN attack!

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3651
Re: Tests and other Media topics
« Reply #344 on: March 01, 2016, 05:13:29 PM »
A new serious vulnerability has been found for the SSL protocol, named DROWN - Decrypting RSA using Obsolete and Weakened eNcryption - Read on it here: https://www.drownattack.com/
And test for it here online: https://test.drownattack.com/
So what attacks will await us next, we had POODLE, Heartbeat, HEARTBLEED, and now we have DROWN.
One-third of all HTTPS websites open to DROWN attack!

polonus

Bad news for us: https://test.drownattack.com/?site=forum.avast.com
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10