Author Topic: Tests and other Media topics  (Read 302105 times)

0 Members and 2 Guests are viewing this topic.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 44120
  • 60 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Tests and other Media topics
« Reply #465 on: May 27, 2017, 07:27:34 PM »
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1909 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.7.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline Gopher John

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2100
Re: Tests and other Media topics
« Reply #466 on: May 27, 2017, 09:22:22 PM »
No problems here for that link.
AMD A6-5350M APU with Radeon HD Graphics, 8.0GB RAM, Win7 Pro SP1 64bit, IE11
i7-3610QM 2.3GHZ, 8.0GB Ram,  Nvidia GeForce GT 630M 2GB, Win7 Pro SP1 64bit, IE 11
Common to both: Avast Premium Security 19.7.2388, WinPatrol Plus, SpywareBlaster 5.5, Opera 12.18, Firefox 68.0.2, MBam Free, CCleaner

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32691
  • malware fighter
Re: Tests and other Media topics
« Reply #467 on: May 30, 2017, 11:05:39 AM »
Oh those poor amateur PHP programmers: https://cdn.sstatic.net/insights/Img/Survey/2017/SalaryAndExperienceByLanguage.svg

Get a boost from javascript and study ethical hacking (pen-testing).

Not for me as a volunteer, but I won't complain.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83780
  • No support PMs thanks
Re: Tests and other Media topics
« Reply #468 on: May 30, 2017, 11:24:40 AM »
Oh those poor amateur PHP programmers: https://cdn.sstatic.net/insights/Img/Survey/2017/SalaryAndExperienceByLanguage.svg
<snip>
polonus

Wow, that was a trip down memory lane, some languages that I would have thought would have died by now. Possibly an indication of the number of years experience of the respondents, old languages, old programmers ;D

SQL - Ahh, whilst my last 4.5 years in the services we were on a number of projects that were using Oracle Forms that used SQL within that. With some of those old languages, I was surprised not to see COBOL still listed. I had a hard time on my COBOL course (3 weeks) with tables.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.7.2425 (build 20.7.5568.598) UI-1.0.558/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32691
  • malware fighter
Re: Tests and other Media topics
« Reply #469 on: June 16, 2017, 07:36:09 PM »
Create a list for your AS with Filter List Generator: https://www.dan.me.uk/filtergen

enjoy, also the other tools on that website.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32691
  • malware fighter
Re: Tests and other Media topics
« Reply #470 on: June 17, 2017, 09:56:35 PM »
Do a IPv6 Leak Test: http://ipv6leak.com/
Also enjoy the other tests here: http://routersecurity.org/testrouter.php

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32691
  • malware fighter
Re: Tests and other Media topics
« Reply #471 on: June 21, 2017, 12:08:59 AM »
Last 10 internal IPs you used, do the ring familiarity, test here: http://www.auditmypc.com/internal-ip-address.asp

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline vamert

  • Newbie
  • *
  • Posts: 7
    • Directory
Re: Tests and other Media topics
« Reply #472 on: June 21, 2017, 10:21:00 AM »
Hi DavidR,

Agree with you and bob3160 here, https only or http nowhere are inferior solutions as we compare this to the combination of the no script and request policy extension, where we still have the complete avast! Shields protection against http malcoded content ((obfuscated) malscripts, malicious iFrames and various malicious redirects, backlinks to drive-by-malware). Additionally users have google safebrowsing, pre-scanning guidance, so in order to get infested you have to ignore warnings and this could be qualified as "unwise" user intervention. Https only and http nowhere extensions never helped against the PEBKAC problem as the main cause of malcode getting onto computers and peripherals,

polonus

I see some website they are both using https but some https having an exclamatory beside it and other https havent and green in color. What the different them, I read lots from internet that https is secure but why those two https are different.
« Last Edit: June 21, 2017, 10:29:38 AM by vamert »

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83780
  • No support PMs thanks
Re: Tests and other Media topics
« Reply #473 on: June 21, 2017, 11:01:59 AM »
Generally the exclamation point is indicating mixed content on what is an https connection, e.g. they import content from an http source. Green would be confirming the https connection is all secure content.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.7.2425 (build 20.7.5568.598) UI-1.0.558/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32691
  • malware fighter
Re: Tests and other Media topics
« Reply #474 on: June 21, 2017, 02:13:55 PM »
Hi Vamert,

Many people think that  http.. versus https... will say something about the actual security of a particular website.
That is an often found misconception. Http or https only say something about a more secure connection between client and (web)server.

So in that sense the https-everywhere mission led by Google and EFF are in a sense more of a cosmetic nature and a lot of folks therefore misinterprete what the green padlock stands for. It may just say your connection does not let your accountname and password go as plain txt over the wires. Often we need more like sri-hashes generated especially for external links for google analytics etc, so the same origin protocol is being upheld, protecting from code injection to make the actual website more secure, as with security headers, etc. etc.

There are still loads of websites with problems not directing to https-everywhere or the implementation of https-only.

polonus (volunteer website security analyst and website error-hunter)

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32691
  • malware fighter
Re: Tests and other Media topics
« Reply #475 on: July 01, 2017, 10:13:29 PM »
Mozilla on the success of the Https-Everywhere campaign: https://blog.mozilla.org/security/2017/06/28/analysis-alexa-top-1m-sites/

HTTPS:// of course an important security measure to be taken to safeguard a secure connection.

Still the https-everywhere project will be more of a cosmetical means to an end than anything else.
Also things may go drastically wrong, when automatic re-directs from http:/ to https:// fail.

Look where a lot of other issues are being found up to be insecure, despite https-everywhere: https://www.eff.org/https-everywhere/atlas/

Example for a site that comes "disabled by default": https://www.eff.org/https-everywhere/atlas/domains/openstreetmap.org.html

Secure and safe connections may be safeguarded, just like at home when the curtains are closed,
but what insecurity goes on behind closed curtains is a guess, and that insecurity should worry us to a greater extent.

A green padlock to rock us asleep. Behind that could come insecure cloud services,
a free account with a sub-domain soon no longer to be ours (afraid dot org for example).

And where website security is concerned we meet with quite some issues. The attached image speaks for itself.

We'd better educate those m- & p-developers to turn them into 'security savvy' coder pack,
and then all the other folks that work with website building and maintaining websites secure.

But one way or another these aims are always being grandly frustrated by those,
who have other importsant interests in keeping things as they are,
so the infrastructure stays insecure or becoming more insecure even so.

Excessive server info proliferatie for insecure nameservers. An immense problem in the linux infrastructure.
Some insecure servers lower down in the network could infest all of the rest, like with Poodle etc.

For aspx sites perform a scan an asafweb scan , do a little query on shodan or perform a dazzlepod ip scan.

What to do about malicious evil DNS? Re: https://www.theregister.co.uk/2016/02/16/glibc_linux_dns_vulernability/
Random example here: http://www.dnsinspect.com/ns1.com/10056192

What to do about insecure CMS like Joomla or WordPress like with this scanner? -
hackertarget.com/wordpress-security-scan/
with a random example: https://www.magereport.com/scan/?s=https://hacmint.com/

What to do about retirable jScript libraries? See: http://www.dnsinspect.com/ns1.com/10056192

What to do and how to generate when we find missing hashes here?: https://sritest.io/
or a bad status here: https://observatory.mozilla.org/

Also import the sources & sinks, we could stumble upon while scanning here: http://www.domxssscanner.com/

It seems it is overwhelming, that is why latest targeted cyberwar attacks were such a success or rather catastrophical.

When we gonna see a change for the better, will we ever live to see this?

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32691
  • malware fighter
Re: Tests and other Media topics
« Reply #476 on: July 02, 2017, 05:01:14 PM »
Well to explain the point it the previous posting: https://blog.sucuri.net/2017/06/sql-injection-vulnerability-wp-statistics.html

Word Press as a CMS stays a problem-factory, scan here: hackertarget.com/wordpress-security-scan/

For sgl injection vuln.: www.domxssscanner.com

greets,

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32691
  • malware fighter
Re: Tests and other Media topics
« Reply #477 on: July 04, 2017, 04:50:15 PM »
Into CSS and source mapping. Nice resources here for ye all:
https://www.thecssninja.com/demo/source_mapping/

Also nice to use: https://www.w3schools.com/tags/tryit.asp?filename=tryhtml5_input_type_hidden
Could lead to flags for cloaking in the is it hacked scan (alert cloaking is when Googlebot has a difference in bytes shown to Google's).

enjoy, my good friends, enjoy,

polonus
« Last Edit: July 04, 2017, 07:06:39 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32691
  • malware fighter
Re: Tests and other Media topics
« Reply #478 on: July 11, 2017, 10:05:32 AM »
New technology to restore trusting your documents:

https://proofofexistence.com/

Newest online bitcoin blockchain technology to handle your docs integrity,
amidst situations where your trust in certain services comes cheap,
where you have to find your way amidst Big Media Fake News and Social Media Censorship,
where you may not longer come to trust your own gubberment etc.

Now you have to fence for yourselves, folks, as you always had to.

Enjoy,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32691
  • malware fighter
Re: Tests and other Media topics
« Reply #479 on: August 11, 2017, 12:30:17 PM »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!