Tests and other Media topics

[polonus]

Working the Cipscis - Fallout - Scriptvalidator for errors that not always come up with other methods:

Example code taken from

line 39 towards line 45 here: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=www.paperkrane.com&ref_sel=GSP2&ua_sel=ff&fs=1

Working out this standard with function tooltips

  < / sc​ript >
40:  < !-- /all in one seo pack -->
41:  < link rel='stylesheet' id='contact-form-7-css' href='-http://www.paperkrane.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=4.0.3' type='text/css' media='all' />
42:  < link rel='stylesheet' id='cpsh-shortcodes-css' href='-http://www.paperkrane.com/wp-content/plugins/column-shortcodes/assets/css/shortcodes.css?ver=0.6.6' type='text/css' media='all' />
43:  < link rel='stylesheet' id='blahlab-theme-grid-css' href='-http://www.paperkrane.com/wp-content/themes/paperkrane/assets/stylesheets/standalone/grid.css?ver=4.1.20' type='text/css' media='all' />
44:  < link rel='stylesheet' id='blahlab-external-googlefonts-css' href='-http://fonts.googleapis.com/css?family=Droid+Serif%3A400%2C400italic%7CDroid+Sans&ver=4.1.20' type='text/css' media='all' />
45:  < link rel='stylesheet' id='blahlab-theme-style-css' href='-http://www.paperkrane.com/wp-content/themes/paperkrane/assets/stylesheets/standalone/style.css?ver=4.1.20' type='text/css' media='all' />

  all links inside the validation broken, because of:
https://urlquery.net/report/6380f772-ee76-42f8-99ff-34728fc03f6f  (suspicious code detected).

Always into this because of (in)security aspects of code, because of polonus's interest in voluntarily website security analysis and website error-hunting, and always looking for new angles to come up with,

Damian

P.S.

A parser-blocking, cross site (i.e. different eTLD+1) script, htxp://www.google-analytics.com/ga.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://wXw.chromestatus.com/feature/5718547946799104 for more details.

Courtesy Google Chrome's developer console.
on my Greasemonkey json script - reported

Uncaught SyntaxError: Unexpected end of JSON input
    at JSON.parse (<anonymous>)
    at XMLHttpRequest.xhr.onreadystatechange

pol

[polonus]

You could check here whether your browser is vulnerable:  https://mineblock.org/
I get:

If the miner doesn't start, your browser is safe!
Can't start miner. Your browser is safe!

The baddies are listed here: http://www.badbitcoin.org/thebadlist/

Bad Bitcoin i.m.o.  is a big ponzi-like blockchain scam scheme, like the Black Tulip hype in the days of our Dutch painter Rembrandt, moreover the bitcoin value now halves every three years and over a few decades all present bitcoins will be mined.

When you wanna block mal-ads, you certainly wanna block bad-bitcoin-mining as well,
a good adblocker and scriptblocker combination will keep you safe from bitcoin mining scripts-
uBlockOrigin together with uMatrix.

polonus

[polonus]

Check how privacy (un)friendly is a webproxy:

Beta-testing: https://privacyscore.org/site/34967/

Here we see issues: https://threatintelligenceplatform.com/report/proxy-de1.toolur.com/sCpTixZZn6

Here we found 3 problems: https://mxtoolbox.com/domain/proxy-de1.toolur.com/

F-grade status and recommendations: https://observatory.mozilla.org/analyze.html?host=proxy-de1.toolur.com

polonus (volunteer website security analyst and website error-hunter)

P.S. What strikes us in the results of this proxy website example as insecure, is that the webproxy site does offer https, but does not automatically defaults to it from http!
Secondly it serves up sub-secure ciphers and furthermore the server is vulnerable to Poodle, while also  the nameserver has version info proliferation: 9.9.4-RedHat-9.9.4-51.el7 (so one could check for vuln. and exploits, which attackers could do).
Also a warning goes for undesired redirects!

Damian

[polonus]

Interesting resources on BGP Security and Routing: http://moo.cmcl.cs.cmu.edu/~dwendlan/routing/

Check site example: https://ip.rst.im/dig/internal.akamaistream.net.

Later we found via another check: as21342/moas
Rate - 4.0 ;  2 Router Leaks ; 54 MOAS ; 532 dDos amplifiers

Now that sitevet dot com also as AS bad history resource has disappeared, we have to look out servers not overreach quotes and sources thus disappear for researchers. 

Linkrot is the worst enemy of a volunteer website security analyst and website error-hunter like little old me,

polonus

[polonus]

Because of recent and present threats to BGP security and the cold cyber-war,
Russia is planning to eventually set up it's own Internet only in BRICS countries.

Read here: https://www.theregister.co.uk/2017/12/01/russia_own_internet/

Here a map of the Root Server Technical Operations Assn: http://www.root-servers.org/

Then the root files: https://www.iana.org/domains/root/files

But there also new innovative solutions like blockstack coming: https://github.com/blockstack/atlas

polonus (volunteer website security analyst and website error-hunter)

[polonus]

New Panopticlick scan launched:

 https://www.eff.org/deeplinks/2017/11/panopticlick-30

See: https://panopticlick.eff.org/

Is your browser blocking tracking ads?   ✓ yes
Is your browser blocking invisible trackers?   ✓ yes
Does your blocker stop trackers that are included in the so-called “acceptable ads” whitelist?   ✓ yes
I just changed my profile using the canvas fingerprint extension.

Current canvas noise hash
#14afxxxxxxxxxxxxxxx3244bxx0271
Last changed: December 4 00:01

polonus

[REDACTED]

is your browser block tracking ads? partial protection. Considering my ad blocker is adblock plus, it might be true
is your browser blocking invisible trackers? partial protection. So firefox built in tracking protection is not enough.
Firefox uses disconnect.me tracking list, @_@ i really need a plugin/addon for this huh.
Does your browser stop trackers....acceptable ads. ? no. same answer with my previous one.
Does your browser unblock third parties....Do not track? no. I set my browser to always block third party trackers.
Does your browser protect you from fingerprinting? your browser has a unique fingerprint.

Full result of browser fingerprinting:
screen size is wrong.
no timezone, undefined plugin details
system fonts is wrong, there are fonts missing on the list
user agent: firefox 52, no im using firefox 57

[polonus]

Nice new scanner outlay for Cymon - Search Threats.

Example of a randowm IP search result:
https://app.cymon.io/search/ip/209.202.252.95

Enjoy my good friends, enjoy

P.S. Missed completely here: https://www.virustotal.com/#/url/4f5f0accd4fc42fcd4c51851d77c980eaa6f0016aea08de65e3cf3cbb0da9853/detection

Can be combined with these results: https://ransomwaretracker.abuse.ch/ip/209.202.252.95/
and these: https://www.scumware.org/report/209.202.252.95.html

polonus (volunteer website security analyst and website error-hunter)

[polonus]

Some signs of computer compromise:

Your AV is disabled and you did not do this yourself.

You get a ransom message and it does not go away after restarting your computer.

You get frequent pop-ups at a time.

Your online passwords do not work anymore and you did not change them.

An unapproved software starts to download suddenly, and you did not allow it to do so.

Your websearches in your browser are redirected.

Your browser suddenly has a new toolbar added.

You are sending spam to friends on social media for instance , and you did not do that yourself.

Your mouse suddenly starts to move all by itself.

Conclusion all could be signs of an infested computer or someone hacking into it.

polonus

[polonus]

Is your server secure against a 19 year old revived crypto attack threat, called by the name of ROBOT?
Background read (facebook has been patched): https://www.theregister.co.uk/2017/12/13/robot_tls_rsa_flaw/

Read: https://robotattack.org/

Check: https://robotattack.org/check/?h=   (h give domain name with www and without).

Test also added here now: https://testssl.sh/

Here: https://github.com/RUB-NDS/TLS-Attacker

Here: https://github.com/tomato42/tlsfuzzer

and here: https://dev.ssllabs.com/

Vulnerable server admins are advised to install available updates or whenever possible disable TLS RSA encryption functionality.

How this could have been kept under the detection radar for that long (19 years) is so far unknown,
but again makes the infrastructure an even more insecure theater.

polonus (volunteer website security analyst and website error-hunter)

[polonus]

Checked here: https://www.detectadblock.com/

It said that I am allowing ads, good for me.

I have an anti-adblock-solution of sorts running under my Tampermonkey user-script extension,
called Anti-Adblock Killer | Reek and it does a great job for me.

When I meet an adblocker blocker I can choose to block their ads and visit the site via a webproxy anyway.

Else the risk of getting any (3rd party) mal-ad-code is too great a risk in my opinion to even considering lifting my adblocker.

polonus (volunteer website security analyst and website error-hunter)

[polonus]

Test your browser against password manager leak:
https://senglehardt.com/demo/no_boundaries/loginmanager/
this as webtrackers follow internet-users via password managers.

polonus

[polonus]

Tested IP here: https://www.perfect-privacy.com/check-ip/

Results OK for

HTTP metadata does not contain any suspicious information
HTTP_VIA   - empty -
HTTP_CLIENT_IP   - empty -
HTTP_CLIENT_IP (DNS)   - empty -
HTTP_FROM   - empty -
HTTP_X_REAL_IP   - empty -
HTTP_X_FORWARDED   - empty -
HTTP_X_FORWARDED_FOR   - empty -
Java disabled
Flash diabled

polonus

[polonus]

Check here your Spectre CPU vulnerability

http://xlab.tencent.com/special/spectre/spectre_check.html

Enjoy, my friends, enjoy,

polonus

[DavidR]

Check here your Spectre CPU vulnerability

http://xlab.tencent.com/special/spectre/spectre_check.html

Enjoy, my friends, enjoy,

polonus

I had thought this would actually be a CPU check for vulnerability, as per the 'bold text.'

However, this would be browser check and not a CPU check.