Author Topic: Tests and other Media topics  (Read 242818 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31856
  • malware fighter
Re: Tests and other Media topics
« Reply #540 on: January 08, 2018, 11:04:25 PM »
Hi DavidR,

Probably you did not grasp the workings of the Spectre bug.
Explained in layman's terms, sort of going like this to get info out of a box (browser cache in this case, where it should not leave your system, they question the CPU cache and this could cheat on confidential info you don't wanna share, but your chip will anyways.

Above is a check how your browser is vulnerable about this pre-cache CPU info cheating bug thingie, without overhyping it.
So we have to see connections now are being more secure, encryption more solid etc. until a new range of new non-vulnerable chips come into production.

Your chip is cheating inside the browser, wherever. it should because it was a stupid way of enhancing the speed with pre-guessing to make it faster.  If they check say for G and get a fractional glimpse of G and then later the cache protection says Y, they still could have a good guess inside the CPU a fraction earlier it was indeed G they were after. Capito?

So it is definitely Spectre CPU related.

Damian
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31856
  • malware fighter
Re: Tests and other Media topics
« Reply #541 on: January 08, 2018, 11:17:55 PM »
Maybe browsers should come up with a cache flush button.

What your browser does not (re)collect, it cannot spread.

So guys and gals flush that browser cache.

Two more spectre tests: https://github.com/wearefriday/spectre tool
Info credits go to vgrigorik & nickdunn

Testing on Windows via a Powershell command, read:
https://www.bleepingcomputer.com/news/microsoft/how-to-check-and-update-windows-systems-for-the-meltdown-and-spectre-cpu-flaws/ info credits go out to Catalin Cimpanu

polonus
« Last Edit: January 08, 2018, 11:22:14 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 82189
  • No support PMs thanks
Re: Tests and other Media topics
« Reply #542 on: January 09, 2018, 12:12:02 AM »
Hi DavidR,

Probably you did not grasp the workings of the Spectre bug.
Explained in layman's terms, sort of going like this to get info out of a box (browser cache in this case, where it should not leave your system, they question the CPU cache and this could cheat on confidential info you don't wanna share, but your chip will anyways.
<snip>
So it is definitely Spectre CPU related.

Damian

It is just that the bold headline is somewhat misleading when it only talks of CPU vulnerability but the test is only browser related.

So it was surprising when it is only checking your browser in isolation.  For instance if your CPU isn't vulnerable why check the browser.  On this win10 system with the latest firefox version 57.0.4 (64-bit), it reports the browser isn't vulnerable.

Though if I ran this test on my XP system with the ESR version of Firefox it may be different, but the major thing on my XP system is by all accounts my 'old not modern' CPU isn't vulnerable.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.8.2393 (build 19.8.4793.541) UI-1.0.415/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31856
  • malware fighter
Re: Tests and other Media topics
« Reply #543 on: January 09, 2018, 12:54:11 AM »
Firefox and Google browser already patched to this as with most patching this will be only in a software manner,
as the Intel hardware design flaw/hole can only be patched with a new secure upcoming production line,
and this will not be with us until 2020.

As we know the flaw can be again abused through javascript played out within very tiny tiny time frames.

As we both have known now for a long time, blocking javascript to run inside a browser,
is the best security measurement one could take under all circumstances and for all kind of threats.

Over to a completely other subject:

I am always on the look-out to combine non-likely related results to get at a better overall verdict, like
the malware presented from here: http://urlquery.net/report/0e68bab7-835a-4ca5-b9bb-2f075f1a6188
combined with results like here: http://sun-adv.com.dnstree.com/

Damian
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31856
  • malware fighter
Re: Tests and other Media topics
« Reply #544 on: January 10, 2018, 12:10:17 AM »
Just like the new service from VT for registered users, this is also new:
https://urlscan.io/result/9b5e14d3-7ce4-49b0-a26f-b8adccb8046d/related/

Related from: https://urlscan.io/result/9b5e14d3-7ce4-49b0-a26f-b8adccb8046d/#summary

Just as it was discussed in the virus and worms makes it the more relevant on Webzilla abuse,
a Dutch hosting AS. Spamhaus just asked cloudproviders to give a bigger effort to fight off spam botnets.

Reported: https://www.spamhaus.org/news/article/772/spamhaus-botnet-threat-report-2017

We also have to do our bit as end users report botnet abuse on the Interwebs here and else-where.

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31856
  • malware fighter
Re: Tests and other Media topics
« Reply #545 on: January 10, 2018, 04:57:30 PM »
Check whether your Windows cpu is vulnerable to Meltdown and Spectre:

https://www.ashampoo.com/en/usd/pin/1304/security-software/spectre-meltdown-cpu-checker

polonus

Anyone found results for AMD E1 chips? Scan results may not materrialize...

D
« Last Edit: January 10, 2018, 10:53:03 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 41881
  • 59 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Tests and other Media topics
« Reply #546 on: January 10, 2018, 06:15:43 PM »
Check whether your Windows cpu is vulnerable to Meltdown and Spectre:

https://www.ashampoo.com/en/usd/pin/1304/security-software/spectre-meltdown-cpu-checker

polonus

A bit strange since this system is totally updated ???
Free avast! Security Seminar: https://goo.gl/kh3cqR  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1903 64bit, 8 Gig Ram, AvastFree 19.6.xxxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31856
  • malware fighter
Re: Tests and other Media topics
« Reply #547 on: January 10, 2018, 09:23:34 PM »
Hi bob3160,

Probably has to do with not all vendors gave you the necessary firmware updates.
Reason probably is through your video-card that still is vulnerable to Spectre.

Spectre should be mitigated only via a firmware hardware update,
and these will be finally due in at the end of this month.

The real definite mitigation of the Intel debacle needs a new hardware chip and that may,
taking a bit of debugging and the necessary testing scheduled for another two years  ::)

So this means a lot of new laptops, computers, smartphones and all sort of IoT devices to buy,
or in need maintanance and a new "total recall" to speak with Schwartzenegger.

This Spectre/Meltdown debacle gonna cost us all.
The only laughing third party is commerce, they gonna get extra revenue big time.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31856
  • malware fighter
Re: Tests and other Media topics
« Reply #548 on: January 11, 2018, 01:30:26 PM »
Those that tested with this tool be extra careful,
your settings may have been changed by the test tool.
  :o

Nota Bene!
The use of the Ashampoo Spectre Meltdown CPU Checker will result that in Windows PowerShell the ExecutionPolicy for CurrenttUser is being set as, and will remain set as "Bypass".
This while the standard setting should be "Undefined" or "Restricted" and not "Bypass".

To check your  PowerShell ExecutionPolicies and correct the settings,
open Windows PowerShell, through clicking right, Ëxecute as Admininstrator".

Inside Windows PowerShell, give in the following command:
Get-ExecutionPolicy -list

When for  CurrentUser weergegeven is listed that ExecutionPolicy has been set as "Bypass",
restore the default settings by giving in the followingt command:
Set-ExecutionPolicy -ExecutionPolicy Default -Scope CurrentUser

Or just not set this for CurrentUser but for all Scopes at a time:
Set-ExecutionPolicy -ExecutionPolicy Default

Documentated here:
https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-5.1

Info credits go to itman, re:
https://www.wilderssecurity.com/threads/kernel-memory-leaking-intel-processor-design-flaw-forces-linux-windows-redesign.399338/page-16#post-2730623
https://www.wilderssecurity.com/threads/kernel-memory-leaking-intel-processor-design-flaw-forces-linux-windows-redesign.399338/page-16#post-2730646

Info credits for the above message go to Spiff (security dot nl).

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 41881
  • 59 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Tests and other Media topics
« Reply #549 on: January 11, 2018, 02:20:27 PM »



After a reboot, I'll check to see if I have updates waiting for me.
Free avast! Security Seminar: https://goo.gl/kh3cqR  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1903 64bit, 8 Gig Ram, AvastFree 19.6.xxxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31856
  • malware fighter
Re: Tests and other Media topics
« Reply #550 on: January 11, 2018, 02:48:45 PM »
Another way could be to set it to

Quote
MachinePolicy        Undefined
UserPolicy             Undefined
Process                 Undefined
CurrentUser          Undefined
LocalMachine        Undefined

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31856
  • malware fighter
Re: Tests and other Media topics
« Reply #551 on: January 11, 2018, 02:56:54 PM »
Adopt Chromium OS settings:

Quote
Chrome Site Isolation -> https://support.google.com/chrome/answer/7623121

If you are using Google Chrome or Chromium, please follow the steps below:

Type chrome://flags in the address bar and press Enter.
Scroll down the page and find “Strict site isolation” and press the Enable button.
Restart the Chrome browser.
https://www.chromium.org/Home/chromium-security/ssca

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31856
  • malware fighter
Re: Tests and other Media topics
« Reply #552 on: January 11, 2018, 03:10:37 PM »
Checking on domain configuration and certificate installed...

For this PHISHING domain: -guru.cr

Re: https://toolbar.netcraft.com/site_report?url=guru.cr
Re: https://cryptoreport.websecurity.symantec.com/checker/
Results:
Quote
Certificate is installed correctly
Common name:
 guru.cr
SAN:
 guru.cr, cpanel.guru.cr, gurucr.com, mail.guru.cr, mail.gurucr.com, webdisk.guru.cr, webmail.guru.cr, whm.guru.cr, www.guru.cr, www.gurucr.com
Valid from:
 2017-Dec-29 00:00:00 GMT
Valid to:
 2018-Mar-29 23:59:59 GMT
Certificate status:
 Valid
Revocation check method:
 OCSP
Organization:
 
Organizational unit:
 
City/locality:
 
State/province:
 
Country:
 
Certificate Transparency:
 Not embedded in certificate
Serial number:
 f549d40077ef9ca14b21b7a669b991f1
Algorithm type:
 SHA256withRSA
Key size:
 2048
Certificate chainShow details
COMODO RSA Certification AuthorityIntermediate certificate
cPanel, Inc. Certification AuthorityIntermediate certificate
guru.crTested certificate
Server configuration
Host name:
 198.23.60.248
Server type:
 Apache
IP address:
 198.23.60.248
Port number:
 443
Protocols enabled:
TLS1.2
TLS1.1
TLS1.0
Protocols not enabled:
SSLv3
SSLv2
Secure Renegotiation:
 Enabled
Downgrade attack prevention:
 Enabled
Next Protocol Negotiation:
 Not Enabled
Session resumption (caching):
 Enabled
Session resumption (tickets):
 Enabled
Strict Transport Security (HSTS):
 Not Enabled
SSL/TLS compression:
 Not Enabled
Heartbeat (extension):
 Enabled
RC4:
 Not Enabled
OCSP stapling:
 Not Enabled

Vulnerabilities checked:
Heartbleed
Poodle (TLS)
Poodle (SSLv3)
FREAK
BEAST
CRIME
Cipher suites enabled:
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000A)
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
TLS_RSA_WITH_AES_128_CBC_SHA (0x002F)
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003C)
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003D)
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006B)
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009C)
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009D)
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009E)
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009F)
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xC012)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xC013)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xC014)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xC027)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xC028)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xC02F)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xC030)

11 issues here: https://mxtoolbox.com/domain/guru.cr/

F-grade status and recommendation and further scans: https://observatory.mozilla.org/analyze.html?host=guru.cr

Flagged: http://urlquery.net/report/80affa33-f2af-40e6-b824-6888dd8fb762

Also consider: https://urlscan.io/domain/guru.cr  -> -> https://urlscan.io/result/32d9da5e-c460-4f4e-8857-0f10341263f2/#summary

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9267
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Tests and other Media topics
« Reply #553 on: January 12, 2018, 09:31:58 AM »
Thx for the headsup Polonus! That's a bit stupid on the Ashampoo's side...
Visit my webpage RejZoR's Flock of Sheep

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9267
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Tests and other Media topics
« Reply #554 on: January 12, 2018, 10:02:45 AM »
Another way could be to set it to

Quote
MachinePolicy        Undefined
UserPolicy             Undefined
Process                 Undefined
CurrentUser          Undefined
LocalMachine        Undefined

pol

How do you set it to "Undefined"? Using "Default" sets it to "Restricted"...
Visit my webpage RejZoR's Flock of Sheep