Author Topic: Tests and other Media topics  (Read 232814 times)

0 Members and 2 Guests are viewing this topic.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 81900
  • No support PMs thanks
Re: Tests and other Media topics
« Reply #555 on: January 12, 2018, 11:16:00 AM »
Another way could be to set it to

Quote
MachinePolicy        Undefined
UserPolicy             Undefined
Process                 Undefined
CurrentUser          Undefined
LocalMachine        Undefined

pol

How do you set it to "Undefined"? Using "Default" sets it to "Restricted"...

If you check bob3160's earlier post, it has some images and there is a link in one of the images that may help. 
https://forum.avast.com/index.php?topic=129271.msg1441045#msg1441045

I don't know if you have tried the ? after the command to see if it gives much help.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.7.2388 (build: 19.7.4674.526)/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31659
  • malware fighter
Re: Tests and other Media topics
« Reply #556 on: January 12, 2018, 03:10:57 PM »
Hi DavidR,

A better way to check is: https://www.howtogeek.com/338801/how-to-check-if-your-pc-is-protected-against-meltdown-and-spectre/

undefined in this sense equals restricted - from this article
Quote
https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-5.1
names under "Windows PowerShell Execution Policies", "Undefined",
If the execution policy in all scopes is Undefined, the effective execution policy is Restricted, which is the default execution policy.

So I am fine, on AMD I am also not vulnerable to meltdown where Intel users are  ;) ;D

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 81900
  • No support PMs thanks
Re: Tests and other Media topics
« Reply #557 on: January 12, 2018, 05:28:59 PM »
Hi DavidR,

A better way to check is: https://www.howtogeek.com/338801/how-to-check-if-your-pc-is-protected-against-meltdown-and-spectre/

undefined in this sense equals restricted - from this article
Quote
https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-5.1
names under "Windows PowerShell Execution Policies", "Undefined",
If the execution policy in all scopes is Undefined, the effective execution policy is Restricted, which is the default execution policy.

So I am fine, on AMD I am also not vulnerable to meltdown where Intel users are  ;) ;D

polonus

My post was a direct response to RejZoR, he may well find this useful.

I'm on an old Core2Duo and as far as I can tell that too isn't vulnerable. 

The only thing you are vulnerable to is MS screwing up your system with a windows update for AMD chips, but they have now pulled windows updates for AMD chips.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.7.2388 (build: 19.7.4674.526)/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31659
  • malware fighter
Re: Tests and other Media topics
« Reply #558 on: February 05, 2018, 01:03:39 PM »
Full list of Symantec-dertificates that will become untrusted:
https://raw.githubusercontent.com/arkadiyt/symantec-certificate-checker/master/bad_hosts.txt

Read: https://arkadiyt.com/2018/02/04/quantifying-untrusted-symantec-certificates/

Checked with Symantec's: https://observatory.mozilla.org/analyze.html?host=easyredmine.com#tls
Quote
SSL certificate is not installed. Click here to get a certificate.

Many systems are configured with firewalls that block SSH access. To successfully scan with the SSH Observatory,
access must be granted to Mozilla's scanning system.
But a A- status here? -> https://www.ssllabs.com/ssltest/analyze?d=easyredmine.com
DNS CAA No - Chain issues - 5 DNS issues -> https://mxtoolbox.com/domain/www.easyredmine.com/

Also consider info here: https://toolbar.netcraft.com/site_report?url=%09https%3A%2F%2Fwww.easyredmine.com

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31659
  • malware fighter
Re: Tests and other Media topics
« Reply #559 on: February 09, 2018, 12:11:31 AM »
From June 2018 henceon Google Chrome browser will start to label all http websites as insecure,
this in order to come to a https only Internet, which will also better protect connections for their core business
and all data that they will be sending to their chocolate factory (including your private data) via non-public CDN,
so who will check their tracking and profiling and to whom they stand responsible?

To better be able to check your https website functionality and code use:
https://developers.google.com/web/tools/chrome-devtools/#open

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31659
  • malware fighter
Re: Tests and other Media topics
« Reply #560 on: February 11, 2018, 06:17:46 PM »
Checking backupspider.com.html on Zonemaster creates critical errors, this scan however is fine:
https://zonemaster.iis.se/?resultid=a9edfa238f0b5f9b

Results supported by these results: https://intodns.com/backupspider.com

3 issues here: https://mxtoolbox.com/domain/backupspider.com/

Risk rating 1 red out of 10: https://toolbar.netcraft.com/site_report?url=backupspider.com

polonus (volunteer website security analyst & website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31659
  • malware fighter
Re: Tests and other Media topics
« Reply #561 on: February 20, 2018, 08:31:30 PM »
One knows polonus checks for retirable jquery libraries, including node js,  using online retire js scanner,
There is also a way to check node.js for insecurety: snyk open source .
One can do a test for azure (azure@2.2.1-preview) and test e.g. "tunnel agent" in for instance Brave browser on android and we will get 9 issues, "do not use callbacks"  for one.
Install -> npm install -g snyk d -/projects/myproj/
snyk test

Enjoy,
polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31659
  • malware fighter
Re: Tests and other Media topics
« Reply #562 on: February 24, 2018, 11:15:28 PM »
Hi security minded friends,

Polonus was away for the week to central Poland, temp now minus 8 Celsius.

While not much online here last week on these here forums,
polonus is as always continuously on the look-out for script-security improvement of any sort.

I and a younger IT friend of mine stumbled onto this super script from the renowed resource engineer
& open source security researcher, zx2c4, from Paris, France.

His is the innovative secure.js script. To enjpoy this script, go to this link,
and see this javascript to prevent HTTPS leaks:  https://git.zx2c4.com/secure.js/tree/secure.js

As we find in his to do list inside the code there is still some work to be done on detecting async scripts,
and through going over StackOverflow's solutions,  and thnx to Cookie_Monster there, we stumbled upon:

Code: [Select]
document.querySelectorAll ( 'script') ;
< script async src= "jquery.js"onload = "jqueryloaded ( )"
var script = document.  create Element ("script") ; script.src = jquery.js' ;
script.onload = jqueryloaded ;
document.body.appendChild(script) ;
head.load ("jQuery.js)" ,
function ( ) {
console.log
}) ; 
 

Could there be a possibility secure.js could be adopted & enhanced in such a way?
Still waiting from a response from Jason Donenfeld (aka zx2c4) accordingly,

polonus (volunteer website security analyst and website error-hunter)

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31659
  • malware fighter
Re: Tests and other Media topics
« Reply #563 on: February 27, 2018, 05:43:09 PM »

Get a universally unique identifier to protect your geekie code
from here: http://onlineuuidgenerator.com/  (also time-based version).

Unique identifiers can protect you and also can give you away when you violate online laws.

Think of Verizon's Precison ID? (re: http://www2.ca3.uscourts.gov/opinarch/163588p.pdf )
and re: https://readwrite.com/2015/01/31/verizon-tracking-perma-cookies-supercookies-uidh-precisionid-opt-out/
also perma-cookies while on tor and afterwards can identify you.

Tor will not anonymize you, in combination with tails also not fully anonymize ye, recorded is the size of your browser window open for instance, and other unique identifiers like typing habits/speed/anomalities, websites visited etc.

Using tails in combination with a VM is a bad idea, it can unveil your OS identification. Using tot and tails and a vpn a la default is always a bad idea for hackers and cybercriminals alike. You get caught period.

Also be aware of correlation attacks, targeted malware injection, and time-based attacks.Also never share privacy related data online or break your online habits. These mistakes has caused many a perpetrator quite some jailtime.
So better do not do the crime, if you cannot do the time.

polonus (volunteer website security analyst and website error-hunter)
« Last Edit: February 27, 2018, 05:46:56 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31659
  • malware fighter
Re: Tests and other Media topics
« Reply #564 on: March 05, 2018, 06:03:30 PM »
A fine AI-driven PHISHing-IP checker:
(example IP): https://checkphish.ai/ip/94.23.220.38

Enjoy, my good friends, enjoy,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31659
  • malware fighter
Re: Tests and other Media topics
« Reply #565 on: March 05, 2018, 06:25:58 PM »
An example of what we can detect starting to use this service:
https://checkphish.ai/ip/94.23.220.38  and then checked: https://checkphish.ai/domain/poufmarocain.com
and then https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=poufmarocain.com&ref_sel=GSP2&ua_sel=ff&fs=1
and also two detections here: https://retire.insecurity.today/#!/scan/8daed221f8bde319f1f93ab73c4d2578663ae7ee4fdd039823c1c35b578c47bf
moreover this:
Quote
poufmarocain.com/js/jquery/jquery-migrate-1.2.1.min.js benign
     info: [decodingLevel=0] found JavaScript
     error: undefined variable jQuery
     error: undefined function e
Also http://www.domxssscanner.com/scan?url=https%3A%2F%2Fpoufmarocain.com%2F
leading us here: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=www.comservice-online.de%2Findex.php%3Fmod%3Dusers%26action%3Dview%26id%3D121198%2F&ref_sel=GSP2&ua_sel=ff&fs=1

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31659
  • malware fighter
Re: Tests and other Media topics
« Reply #566 on: March 06, 2018, 01:52:36 PM »
To keep everything tested and secure: http://seclist.us/category/security-tools

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31659
  • malware fighter
Re: Tests and other Media topics
« Reply #567 on: March 16, 2018, 02:15:55 PM »
Are you out on a spoofable AS?
Test and help fight against InfoSpoofing:

https://www.infospoofing.com/

polonus

Info credits also: https://www.caida.org/projects/spoofer/
« Last Edit: March 16, 2018, 05:35:00 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31659
  • malware fighter
Re: Tests and other Media topics
« Reply #568 on: March 17, 2018, 01:25:13 PM »
Important as an anti-spoof protection for sub-domains etc is to have a dmarc record,

Read background info: https://fraudwatchinternational.com/expert-explanations/dmarc-protecting-domains/

test here (free trial 14 days): https://dmarcian.com/dmarc-inspector/rug.nl
Or check here: https://mxtoolbox.com/dmarc.aspx

Free check tool: https://www.dmarcanalyzer.com/dmarc/dmarc-record-check/

Example - -https://app.dmarcanalyzer.com/dns/dmarc_validator?domain=yahoo.com&g-recaptcha-response=03ANcjospioYln4U73s09y5mmYq3HTT0IWNbAdz78uQ0oIrCBEQ2WO1BHfSQIpFpdHxyVPGyKpgSu1o32MqXIsZ4oqWbW_bcRGuKmcB_UFpvR4IDgCKaadO87tU42mQhzFKqGKQBcP3dy4VEUDC-HXLUDvN23gnyP5twFdOJbZ9I41IrorzPm38kI4_wJlWXE9_3pwTwy9qLM8x1eg-P8RBrSb_jyYgvhB-Y0RNB1_dio1RWg39d-HUpS7VGyAcewNwVvUXQ-RuzlYSF0cRLJvwBEv6ED2J1dKlozAWbRNXqx5G6fvY-vj8SMe9g8DeMjxA914b0gQ5D5S&_token=d6VBx3OrOvqoZE8tUwj5AAh7Id6u7tlneivRvAIH

polonus (volunteer website security analyst and website error-hunter)
« Last Edit: March 17, 2018, 01:31:26 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31659
  • malware fighter
Re: Tests and other Media topics
« Reply #569 on: March 30, 2018, 08:45:30 PM »
Proxies and VPN's may leak your IP-address through WebRTC.
This can be done via so-called stun-server logs.


Read about it here: https://voidsec.com/vpn-leak/
Protect against it with this extension: https://chrome.google.com/webstore/detail/webrtc-network-limiter/npeicpdbkakmehahjeeohfdhnlpdklia

Check your vulnerability: http://ip.voidsec.com/

Quote
How to disable WebRTC in Firefox?

In short: Set "media.peerconnection.enabled" to "false" in "about:config".

Explained:

Enter "about:config" in the firefox address bar and press enter.
Press the button "I'll be careful, I promise!"
Search for "media.peerconnection.enabled"
Double click the entry, the column "Value" should now be "false"
Done. Do the WebRTC leak test again.

If you want to make sure every single WebRTC related setting is really disabled change these settings:

media.peerconnection.turn.disable = true
media.peerconnection.use_document_iceservers = false
media.peerconnection.video.enabled = false
media.peerconnection.identity.timeout = 1

Now you can be 100% sure WebRTC is disabled.
Quiote source: : https://www.privacytools.io/#webrtc

You will be astounded when you check here: https://www.dnsleaktest.com/
and for further tests: https://www.grc.com/dns/dns.htm

No more leaks via a IPVanish with this extension:
https://addons.mozilla.org/nl/firefox/addon/happy-bonobo-disable-webrtc/

In privacy badger you can set prevent WebRTC to leak the internal IP address.
This could cause some slowness on Google Hangout.

Palemoon browser blocks this leaking as per default.

Info credits go to posters here: -https://www.security.nl/posting/555923

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!