Tests and other Media topics

[polonus]

Test your ssl connection in your browser here: https://badssl.com/
Also test here: https://testsafebrowsing.appspot.com/
Tested for a phish and got it right: http://testsafebrowsing.appspot.com/s/phishing.html
or http://testsafebrowsing.appspot.com/s/notif_pageload.html
Connection insecure: https://subdomain.preloaded-hsts.badssl.com/
Example: -http://www.degoudsbloem.nl/
Finally tested here: https://www.htbridge.com/ssl/?id=f00c790aaf4381d4ad23234e3f70e9768f10fe8b003aee51b3980ed88043b72d

polonus

[polonus]

@ the browser users here...

Test your browser's SSL-configuration.

Here: https://www.ssllabs.com/ssltest/viewMyClient.html
and
https://badssl.com/dashboard/  part of https://badssl.com/
and'
https://www.howsmyssl.com/
and
https://geekflare.com/ssl-test-certificate/  (with ten various SSL testing tools).

enjoy, my good avast friends, enjoy,

polonus

P.S. How the code is being maintained and updated (upgraded): https://github.com/chromium/badssl.com

[REDACTED]

Hi there!
I'm a developer and we are having some issues with avast and karspersky at www.langademy.com
We use webrtc to make video calls. Many users are having issues when they make webrtc calls because the AV blocks the webrtc resources on the navigator( at least in Chrome). Any idea of why is this happening? 

[Asyn]

Hi there!
I'm a developer and we are having some issues with avast and karspersky at www.langademy.com
We use webrtc to make video calls. Many users are having issues when they make webrtc calls because the AV blocks the webrtc resources on the navigator( at least in Chrome). Any idea of why is this happening? 

Start a new topic in V&W: https://forum.avast.com/index.php?action=post;board=4

[mchain]

https://www.quttera.com/detailed_report/www.langademy.com

[polonus]

Advertised as Circumventing the Ghost Ban problem with this Uncensored Anonymous Search Page.
Takes you to a page that cannot be opened in https! Is not this any longer serviced by GoDaddy
and could it be this http searchsite keep track of those that search for alternative content and just adding to the Ghost Ban/Alternative News/FakeNews/Mainline News Controversy???

Re: -http://gibiru.com/

I would shun such a site nor bookmark it. Do we have similar problems here?: http://www.hongkiat.com/blog/private-search-engines/

polonus

[polonus]

In the light of the thousands of hacked WordPress websites, scan if your router is vulnerable here:

https://www.wordfence.com/blog/2017/04/check-your-router/#

Background read: https://www.wordfence.com/blog/2017/04/home-routers-attacking-wordpress/

polonus (volunteer website security analyst and website errror-hunter)

[polonus]

Now when you tested and found it to be open, when your ISP provider does that, it is also their responsibility when you get hacked by Mirai botnet for example. Such IT spooks have all sorts of excuses.

Re: https://arstechnica.com/security/2016/11/notorious-iot-botnets-weaponize-new-flaw-found-in-millions-of-home-routers/ 

They know about this hole since 2014 and if they continue to leave it open it could be both sloppy IT managment and also gross negligence when the flaw is being abused.

The port is used for remote management by the provider. Test again here: https://www.grc.com/x/ne.dll?bh0bkyd2

Read: https://arstechnica.com/security/2016/11/notorious-iot-botnets-weaponize-new-flaw-found-in-millions-of-home-routers/

So when your provider leaves it open they want to remotely mess with your router settings. That is nasty. It is you that should do the router settings, at least that is what we think in Europe, it may be quite another story in the U.S. of A.

polonus

[polonus]

Following Breaking News.

How to protect your firefox browser against  Unicode Phishing Attack?

With the firefox browser one could use the following work-around:

Open Firefox:

1. Enter the following txt into the address bar of firefox about:config
2. Read the alert and then proceed further.
3. Enter this txt  in into the address bar: punycode
4. You will now see this apear: network.IDN_show_punycode
5. Double click this item will make false change into true.
6. Close the tab page.   

Info credits go to:  Dongel

polonus

[DavidR]

Following Breaking News.

How to protect your firefox browser against  Unicode Phishing Attack?

With the firefox browser one could use the following work-around:

Open Firefox:

1. Enter the following txt into the address bar of firefox about:config
2. Read the alert and then proceed further.
3. Enter this txt  in into the address bar: punycode
4. You will now see this apear: network.IDN_show_punycode
5. Double click this item will make false change into true.
6. Close the tab page.   

Info credits go to:  Dongel

polonus

For me, having to edit the about:config for most people is a step to far as you would have to edit for individual issues.

Phishing in itself has to be covered through security based add-ons (or the browser itself), the likes of NoScript, RequestPolicy, etc. Not to mention Avast or other anti-virus.

[polonus]

Take the browser can identify you by the adblocker you use test.

Do it here: https://extensions.inrialpes.fr/

Detected extensions were trafficlight and adguard adblocker.

polonus

[mchain]

Take the browser can identify you by the adblocker you use test.

Do it here: https://extensions.inrialpes.fr/

Detected extensions were trafficlight and adguard adblocker.

polonus

Thanks Pol,

You got me testing a few setups and one in particular seemed to work well:  Opera in VPN Private mode.

[polonus]

Privacy-OS Tails 2.0 script with an excellent regular expression

: new RegExp('^(http|https):\/\/[a-z0-9\-_]+(\.[a-z0-9\-_]+)+([a-z0-9\-_\.,@\?^=%&;:/~\+#]*[a-z0-9\-\_#@\?^=%&;/~\+])?$', 'i');

Almost  perfect Rubular regular expression - emails are secure that way. Excellent, 99,9% secure.

Where in the code we detect this one: https://tails.boum.org/lib/js/mirror-dispatcher.js

Online tester here: https://regex101.com/

polonus

[polonus]

How to stop this spy inside your browser.

Read about how font tracking with fonts.googleapis.com for instance is spying on you from inside the browser: http://fontfeed.com/archives/google-webfonts-the-spy-inside/

A great extension for those with relevant knowledge as to know how to toggle it, e.g. what to block and what to allow or add is:
Negotiator: https://chrome.google.com/webstore/detail/negotiator/lfopjlendebbnfddpgpoaahmpbgmffii

Just clicking and you see what's tracking you from where to where and how to block it eventually.
Consider what third party tracking you wanna block (somewhat like with Ghostery or Disconnect) or what you wanna allow,
considering the amount of functionality needed to do on the webpage what you plan to do, and whether you trust that
connection. So this is for advanced user, that knows what goes on beneath the hood of their browser of choice.

It reminds me much of Request Policy add-on for/in firefox and it is a great companion alongside uBlock and uMatrix extensions.
I'am quite charmed about the outlay, rather versatile little extension, folks.

polonus (volunteer website security analyst and website error hunter)

[DavidR]

How to stop this spy inside your browser.

Read about how font tracking with fonts.googleapis.com for instance is spying on you from inside the browser: http://fontfeed.com/archives/google-webfonts-the-spy-inside/

A great extension for those with relevant knowledge as to know how to toggle it, e.g. what to block and what to allow or add is:
Negotiator: https://chrome.google.com/webstore/detail/negotiator/lfopjlendebbnfddpgpoaahmpbgmffii
<snip>
polonus (volunteer website security analyst and website error hunter)

That is somewhat devious, what most would consider innocuous 'fonts.googleapis.com' like it was just using a font repository for a better range of founts on the website, very sneaky.