Tests and other Media topics

[polonus]

Another report for this site flagged at urlquery dot net:
https://urlquery.net/report/4ea473d5-765f-4c09-9ac8-a805504606a8

File not found: -https://apis.google.com/js/plusone.js

ReferenceError: gapi is not defined
 -http://dahluhre.blogspot.com/:369

SyntaxError: Unexpected token <
 /:65

SyntaxError: Unexpected strict mode reserved word
 /:65

SyntaxError: Invalid or unexpected token
 /:65

SyntaxError: Unexpected identifier
 /:65

SyntaxError: Unexpected token <
 /:65

SyntaxError: Unexpected token &
 /:65

ReferenceError: urchinTracker is not defined
 -http://dahluhre.blogspot.com/:2390

SyntaxError: Unexpected token &
 -http://dahluhre.blogspot.com/:64

SyntaxError: Invalid or unexpected token
 -http://dahluhre.blogspot.com/:64

SyntaxError: Unexpected identifier
 -http://dahluhre.blogspot.com/:64

SyntaxError: Unexpected token <
 -http://dahluhre.blogspot.com/:64

SyntaxError: Unexpected strict mode reserved word
 -http://dahluhre.blogspot.com/:64

SyntaxError: Unexpected token <
 -http://dahluhre.blogspot.com/:64

Consider also here: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=I3xobHVofXsubl0%3D~enc
iFrame flagged: iframes
Any iframes? Yes there are. show.

<iframe src="-http://www.dahluhre.blogspot.com" frameborder="0" width="100%" height="100%"></iframe>

polonus

[polonus]

PHISHING a gigantic online problem. Now meet a Plan for Scams.
https://www.gerv.net/security/a-plan-for-scams/ 
(propositions by various members of Mozilla Team).

Are their any new ideas, coming from the intensified efforrts of EUROPOL and the Industry fighting PHISHING.

I think, while visiting a phisingwebsite a "whois" is being performed for that websites' domainname,
and one checks whether the created and/or changed date are less than a weak old,
one would have caught out 95% of phising websites.

Within a few days you'd see these domains added to be blacklisted.
Are they being flagged in all browsers then immedeately?

polonus

[polonus]

The Reg has Admedo tracking. Where? -> https://www.theregister.co.uk/security/
What's that tracker?
Find out here: https://whotracks.me/trackers/admedo_com.html
Failed to load for me: -pj.l.admedo.com/admtracker.lib.min.js:1 F

Tracking on websites: https://whotracks.me/websites/avast.com.html

polonus

[polonus]

Checklists for intrusions from USA and around the globe:

Checked: https://urlhaus.abuse.ch/url/172785/
Re: https://www.megarbl.net/asncheck/AS6128  checklist per ASN,
also this one per IP: https://www.megarbl.net/blocking_list.php?ip=69.119.9.169
We missed such a resource for quite some time now.
to return in this form.
Also see: https://otx.alienvault.com/pulse/5ad51668240faa094ef77c68/history
And the daily: https://attackers.ongoing.today/closed.txt

More list to check against with this IP example: 92.53.65.2
Re: https://www.abuseipdb.com/check/92.53.65.2
also a university resource:  https://report.cs.rutgers.edu/mrtg/drop/dropstat.cgi?start=-3h
cybersecurity resource: https://www.binarydefense.com/banlist.txt?__hstc=103210719.1bb630f9cde2cb5f07430159d50a3c91.1538179200074.1538179200075.1538179200076.1&__hssc=103210719.1.1538179200077&__hsfp=2025384311  *

Enjoy, my good friends, enjoy,

* Use of the above list may be for strict private use only, and commercial use therefore is forbidden.

polonus

[polonus]

AMP Page Validator: https://technicalseo.com/seo-tools/amp/

polonus

[polonus]

Two resources coming up with similar abuse information for IP 46.17.42.130
https://urlhaus.abuse.ch/url/181145/
&
https://futex.re/tracker/index.php  (do not download red samples)

Linux Mirai example,  avast will detect this as ELF:Mirai-HU [Trj]:
https://www.virustotal.com/nl/file/4175d70a1c20164552c2d446f5bb56dcf4f02c1c4e4e5a99385b37076db725f7/analysis/1555674337/

polonus

[polonus]

A fine tool to check on DNS, example: https://dnscheck.pingdom.com/#5a9186d122400000

Combine it with all of the toolbox here: https://mxtoolbox.com/

And here:  https://www.robtex.com/dns-lookup/

Enjoy, my good friends, enjoy,

polonus

[polonus]

Two scanners to compare results for trackers:
1. CLIQZ and Ghostery driven: https://whotracks.me/websites/theregister.co.uk.html
&
2. beta scanner with privacy implications of visiting a website:
https://privacyscore.org/site/36977/

Enjoy, my good friends, enjoy,

polonus

[polonus]

For Germany and the Netherlands new directives on the use of the latest TLS version 1.3 came out.

So it is time to check:
https://www.cdn77.com/tls-test and at http://ssl-checker.online-domain-tools.com/

Following should be phased out in due time and one better no longer support such weak TLS:
TLS 1.0, TLS 1.1 en 3DES en algorithm for static key-exchanges.

Also consider: https://geekflare.com/ssl-test-certificate/
example: https://www.immuniweb.com/ssl/?id=nU20eqHp

polonus

P.S. But windows exchange servers should also be upgraded,
else to take such measures are senseless in a certain perspective,
when it is not supported elesewhere on the infrastructure.

[polonus]

A certification tests for a domain produces two A+ results: https://www.sslcheck.nl/mett.nl
all checked for a Dutch gov. subcontractor certificate.

However there were weak ciphers and there was a CAA issue,
which could be solved here with this generator: https://sslmate.com/caa/

Re: https://cipherli.st/

produced:

Generic
For Google Cloud DNS, Route 53, DNSimple, and other hosted DNS services

Name   Type   Value
mett.nl.   CAA   0 issue ";"
Standard Zone File
For BIND ≥9.9.6, PowerDNS ≥4.0.0, NSD ≥4.0.1, Knot DNS ≥2.2.0

mett.nl.   IN   CAA   0 issue ";"
Legacy Zone File (RFC 3597 Syntax)
For BIND <9.9.6, NSD <4.0.1, Windows Server 2016

-mett.nl.   IN   TYPE257   \# 8 000569737375653B
tinydns
:-mett.nl:257:\000\005\151\163\163\165\145\073
dnsmasq
--dns-rr=-mett.nl,257,000569737375653B

enjoy, my good avast friends, enjoy,

polonus

Also consider info here: https://www.entrustdatacard.com/knowledgebase/how-to-add-a-certification-authority-authorization-caa-record-using-tinydns  and another tool: https://tools.ietf.org/html/rfc6844#section-5

[polonus]

JavaScript and SEO, all you wanted to know.

Pre-loading the DOM first is advisable.
On your website - be crawlable for both Googlebot and Caffeine alike.
Google and Caffeine are often mixed-up even by Google's staff members.

Make sure your content does not depend solely on JavaScript, but also on HTML.
In the future Googlebot may render newest JavaScript.
(now renders 2018 script through the 69 version of the browser,
later will come to use the latest version);
writing isomorphic Javascript being pre-rendered on the webserver may help SEO,
and load performance, but the apt developer must have the capacity to implement this.

Google plans to integrate crawling and rendering, as planned at their 2018 Chrome Dev Summit,
but JavaScript issues may remain, so there will still will be reports coming from analysts like little old me.

Info credits go to Marketingfacts JavaScript & SEO,
all you should know by Tom Wester SEO-strategist at RIFF's.

Test your performance on the client and webserver here,
-> https://gtmetrix.com/reports/

Enjoy, my good avast friends, enjoy,

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)

[polonus]

Linting JavaScript code with JSHint at https://jshint.com/

What script was checked:  https://www.security.nl/js/core.js?13757912339  DOM-XSS 39 sources and 16 sinks detected.
beautifying and code improvement results:

CONFIGURE
Metrics
There are 86 functions in this file.

Function with the largest signature take 4 arguments, while the median is 1.

Largest function has 38 statements in it, while the median is 4.

The most complex function has a cyclomatic complexity value of 7 while the median is 2.

Nine warnings
27   ['position'] is better written in dot notation.
175   Missing semicolon.
288   'result' is already defined.
295   'result' is already defined.
556   Missing semicolon.
750   Missing semicolon.
778   A leading decimal point can be confused with a dot: '.45'.
840   ['compatability'] is better written in dot notation.
1207   Missing semicolon.
Three undefined variables
29   $
31   $
33   $
35   $
37   $
39   $
41   $
43   $
45   $
47   $
49   $
51   $
53   $
55   $
57   $
59   $
61   $
63   $
65   $
67   $
69   $
71   $
73   $
75   $
77   $
79   $
83   $
85   $
87   $
93   $
95   $
97   $
101   $
111   $
116   $
141   $
143   $
145   $
149   $
153   $
159   $
188   $
203   $
216   $
220   $
222   $
224   $
233   $
240   $
247   $
254   $
263   $
272   $
274   $
282   $
304   $
306   $
308   $
318   $
329   $
331   $
333   $
335   $
345   $
363   $
374   $
376   $
378   $
388   $
399   $
401   $
403   $
405   $
407   $
409   $
419   $
435   $
443   $
456   $
458   $
464   $
472   $
476   $
494   $
496   $
509   $
513   $
515   $
523   $
529   $
537   $
539   $
541   $
565   $
567   $
569   $
571   $
585   $
594   $
614   $
622   $
633   $
637   $
645   $
651   $
676   $
695   $
701   $
703   $
705   $
711   $
715   $
715   $
719   $
723   $
725   $
734   $
738   $
742   $
759   $
761   $
763   $
767   $
776   $
778   $
780   $
788   $
790   $
792   $
799   $
806   $
810   $
812   $
812   $
818   $
820   $
831   $
833   $
840   $
848   $
850   $
852   $
862   $
864   $
880   $
888   $
904   $
908   $
938   $
940   $
962   $
964   $
986   $
988   $
1010   $
1012   $
1032   $
1036   $
1052   $
1056   $
1058   $
1079   $
1081   $
1085   $
1089   $
1091   $
1112   $
1114   $
1118   $
1120   $
1122   $
1142   $
1144   $
1166   $
1168   $
1170   $
1177   $
1179   $
1188   $
1190   $
1203   $
1229   $
1233   $
1237   $
1245   $
1245   $
1247   $
1256   $
1258   $
1267   $
1269   $
1276   $
1278   $
1285   $
1287   $
1289   $
254   mytoken
345   mytoken
421   mytoken
478   mytoken
531   mytoken
596   mytoken
655   mytoken
742   mytoken
838   mytoken
866   mytoken
1205   mytoken
1237   mytoken
697   width
703   width
Three unused variables
21   default_hover_options
23   default_video_options
133   preload

For JavaScript debuggers, enjoy, my friends, enjoy.

polonus

[polonus]

Everybody wants an honest webshop experience, don't they?

Check here it can be trusted?
Re: https://www.trustpilot.com/

Some things to check and go over:
1. Is the product genuine or is it a cheap and lousy imitation?
2. How does the webshop look, sloppy, bad presentation of consumer goods,
    Does it have bad grammar and misspellings?
3. Is there a under construction message to mask bad construction?
4. How did others qualify that webshop? Has it a bad online rep?
5. Check the registration of the site online. Is it a scam or a known fraud?
6. Do you have a secure connection to it? Green lock - https & tls right version?
7. What category webshop gives a major chance this could mean scam or fraud?
8. When paying credit card, claim damage in time when goods do not arrive,
9. Report to authorities even when there is small chance the owners will get nailed.
(source credits go to Dutch AD.nl newspaper's article)

polonus

[polonus]

Performance reports can also indicate possible security implications:
See: https://gtmetrix.com/reports/www.hotline40.com.au/Gux43WX9

Combine with: https://securityheaders.com/
an F-grade result here: https://securityheaders.com/?q=https%3A%2F%2Fwww.hotline40.com.au%2F&followRedirects=on

enjoy,

polonus

[polonus]

Various websites have issues with jQuery libraries, that should be retired because of vulnerabilities,
some issues can be abused e.g. bootstrap.js

An example: hint #1: 'Bootstrap@3.3.5' has 5 known vulnerabilities (5 medium). See 'https://snyk.io/vuln/npm:bootstrap' for more information: https://webhint.io/scanner/a3b2b998-0045-489b-934f-155784c7bfcd#hint-no-vulnerable-javascript-libraries-1

We can have that info via an extension

Retire.js
bootstrap   3.3.5   Found in http://dk-advertising.com/wp-content/plugins/content-views-query-and-display-post-page/public/assets/js/cv.js?ver=2.1.3.3
Vulnerability info:
High   28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331   1
Medium   20184 XSS in data-target property of scrollspy CVE-2018-14041   1
Medium   20184 XSS in collapse data-parent attribute CVE-2018-14040   1
Medium   20184 XSS in data-container property of tooltip CVE-2018-14042   1
jquery   1.7.0   Found in https://ajax.googleapis.com/ajax/libs/jquery/1.7.0/jquery.min.js?ver=5.2
Vulnerability info:
Medium   CVE-2012-6708 11290 Selector interpreted as HTML   123
Medium   2432 3rd party CORS request may execute CVE-2015-9251   1234
Medium   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution

or here online: https://retire.insecurity.today/#!/scan/531a6fa7af013314295e06229fcae3e27022551843a80ca3d0aeaaea484ed5cd

complicating vuln. :  Directory Indexing
In the test an attempt was made to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is a common information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

/wp-content/uploads/      enabled  (insecure)
/wp-content/plugins/      disabled

polonus