Author Topic: Tests and other Media topics  (Read 579550 times)

0 Members and 2 Guests are viewing this topic.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: Tests and other Media topics
« Reply #945 on: November 19, 2021, 07:42:45 PM »
Another disadvantage of using extensions in the developer console is that it is not suited for webpage scanning,
as a website could be potentially malicious. Then an online third party scan could be the only secure option left
or using a special browser like Bobby's Malzilla for instance with a specific VM.

Malware should be studied on a stand alone offline device, one not being connected to the Internet.

So there are a couple of online scanners left.
For instance, this one: https://www.web-malware-removal.com/website-malware-virus-scanner/

Checked a site and is OK, but has some server related issue:
Quote
Server Details:

apache

Google and Web-Browser Content different! (an issue known as so-called "cloaking" (pol).
Google: 64539 bytes       Firefox: 64743 bytes,    Diff:   204 bytes

l" class="rss_link">rss</a> <a href="-https://twitter.com/securitynl" target="_blank" class="twitter_link">twitter</a> </div> </div> </div> </div> </body> </html> ...

Suspicious links found
-https://www.certifiedsecure.com --> ''
-https://www.certifiedsecure.com/live?q=secnl20211116 --> ' '

HTML Source: View -> -https://www.websicherheit.at/_d/hilite.php?url=https://www.security.nl
<snip>
polonus


Thanks for the link, I will check it out soon no doubt.
« Last Edit: November 19, 2021, 07:46:53 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: Tests and other Media topics
« Reply #946 on: November 19, 2021, 10:42:03 PM »
But before you start, study a particular subject - like for instance the ins and outs of DOM-XSS sinks and sources.
Also read from stackoverflow and other resources. A researcher/error-hunter should read-inform-read-inform
to get familiar with all the aspects of what he or she is doing.

Whenever you are into a form of particular specific scanning,
be ready to make yourself familiar with resources, for instance by using spreadsheets.

For DOM-XSS sinks and sources like these examples:
https://docs.google.com/spreadsheets/d/1Mnuqkbs9L-s3QpQtUrOkPx6t5dR3QyQo24kCVYQy7YY/edit#gid=0

Above particular spreadsheet is meant to work on a specific native jQuery version.

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: Tests and other Media topics
« Reply #947 on: November 19, 2021, 11:14:46 PM »
Next to a website address (URL or uri) one should also always check the corresponding IP (could be several) for that particular website.

IP could be on a banlist, check: https://www.dnsqueries.com/en/check_banned_ip.php
Also check here: http://www.brightcloud.com/tools/url-ip-lookup.php
or here: https://www.threatcrowd.org/ip.php?ip=216.58.208.33 (random example)
or here: https://hetrixtools.com/  or  http://webyzer.net/ip/181.224.138.136 (random example)
or here: https://www.abuseipdb.com/check/46.126.113.90 (random example)
or here: https://www.ip-tracker.org/lookup.php?ip=102.66.223.235 (random example)

Also at VT we could find a lot of information just giving in and query for a particular IP.
And where I also regularly report: https://ip-46.com/  IP v4 v6 Intelligence, (fine resources  ;) ),

Good hunt,

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
« Last Edit: November 19, 2021, 11:33:44 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: Tests and other Media topics
« Reply #948 on: November 23, 2021, 10:40:25 PM »
Before visiting a Magento wenshop website, it is a good idea to scan it at magereport.com.

Maybe some webshops might have been splendidly deveoped at first, but weren't updated in time:
random example: https://www.magereport.com/scan/?s=https://hoegl.com/  (outdated Magento version)

There are always threats around the corner: https://www.ncsc.gov.uk/news/guidance-for-retailers-to-prevent-websites-becoming-black-friday-cyber-traps

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: Tests and other Media topics
« Reply #949 on: December 05, 2021, 12:06:37 PM »
We all may have used these well-known free online website malware scanners at some moment in time:
Re: https://geekflare.com/online-scan-website-security-vulnerabilities

This is a not so well-known website privacy scanner: https://themarkup.org/blacklight?url=

For those on tor looking for "bad relays": https://metrics.torproject.org/  also: https://intelx.io/ (blocked to be used inside tor)

Enjoy, my good friends, enjoy,

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: Tests and other Media topics
« Reply #950 on: December 07, 2021, 01:19:36 PM »
To eventually detect traces of a Pegasus snoopware compromittal,
now MVT (Mobile Verification Toolkit) has been developed for android.
Re: http://github.com/mvt-project/mvt

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: Tests and other Media topics
« Reply #951 on: December 11, 2021, 01:19:20 PM »
Check your Word Press plug-ins for vulnerability and latest updates.

55,9% of Word Press CMS websites are being hacked through vulnerable plugins.

Hackers can run all sorts of malicious activities like stealing data, run unwanted ads, defacing websites etc.
Furthermore this may redirect visitors, leads to injected spam and content, installed malcreations (malware),
creation of roque admin accounts, all wreaking havoc on website revenues and your online reputation.

Also various bad may happen with bad configuration seen after install, that means
'user enumeration' not set as disabled, and also 'directory listing' not set as disabled.

There are over 50.000 Word Press plugins and new ones created every day,
and also some left by their developers (left vulnerable code).

Those attacked recently Duplicator, ThemeGrill Demo Importer,  Profile Builder, various WooCommerce plugins, ThemeREX,
Async JS, Modern Events Calendar, Google Maps plug-in. (info source - malware dot com dot blog).

Do a quick and dirty at https://hackertarget.com and perform a free Word Press security scan there.
Do a passive scan: https://hackertarget.com/wordpress-security-scan/

Another low-impact scanner: http://wprecon.com/

polonus (volunteer 3rd party cold recon website security analyst and website error--hunter)
« Last Edit: December 11, 2021, 04:50:01 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Tests and other Media topics
« Reply #952 on: December 11, 2021, 02:42:33 PM »
No desktop no add-ons
adds up to



Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: Tests and other Media topics
« Reply #953 on: December 12, 2021, 05:59:57 PM »
Go on testing and analyzing with a robots.txt tester and validator:
https://www.websiteplanet.com/webtools/robots-txt/?url=forum.avast.com

No results for this one, because the forum is not indexable; only links to be followed.

But here 1 error and 8 warnings: https://www.websiteplanet.com/webtools/robots-txt/?url=wordpress.com

Good informative info for website developers,

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: Tests and other Media topics
« Reply #954 on: December 21, 2021, 06:15:25 PM »
The following test page should give you an error inside the browser:
https://pinning-test.badssl.com/

This site is preloaded with a bad HPKP pin.
Checks your https-security is OK. No guv-snooping certs implemented?

Excellent test: https://www.ssllabs.com/ssltest/analyze.html?d=pinning-test.badssl.com

And for other online scanners: https://geekflare.com/ssl-test-certificate/

OK inside your browser? Re: https://www.howsmyssl.com/

pol



« Last Edit: December 21, 2021, 06:29:26 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: Tests and other Media topics
« Reply #955 on: December 24, 2021, 01:16:30 AM »
Many fine tools grouped here: https://dnschecker.org/website-server-software.php

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: Tests and other Media topics
« Reply #956 on: December 24, 2021, 01:00:37 PM »
CSP not implemented according to best policies:
Even on a site like:
https://transparencyreport.google.com/safe-browsing/search?url=forum.avast.com
Quote
Result
CSP Protection Active
CSP Reporting Full
CSP Validity Valid

XSS Strong CSP Protection
Clickjacking No CSP Protection
Formjacking Weak CSP Protection

General
Weak CSP Protection
Summary
6 Fatal Errors
10 Warnings
6 Info
4 Valid
Content Security Policy (CSP)
Edit CSP
script-src
  'nonce-aPfse2kvXXXXXXBu8VkzKA'
  'report-sample'
  'unsafe-inline';
object-src
  'none';
base-uri
  'self';
worker-src
  'self';
report-uri
  /cspreport;
General
CSP
report-uri
Add another 'report-uri' to get better violation reports.
form-action
This directive does not fallback to 'default-src'. Can you restrict 'form-action' to 'none' or 'self'?
Necessary Directives
CSP
default-src
'default-src' is missing. Add it for more fine-grained control and reporting.
CSP
base-uri
CSP
frame-ancestors
In order to add Clickjacking protection, either 'frame-ancestors', 'frame-src' or 'child-src' should be strictly defined.
'frame-ancestors' directive, is more powerful and flexible than the X-Frame-Options, and considered necessary in order to properly prevent Clickjacking attacks. Can you restrict 'frame-ancestors' to 'none' or 'self'?
As strict as 'frame-ancestors', 'frame-src' and 'child-src' will be ('self', 'none' or strict path allowlist), Clickjacking protection will be strongest.
CSP
upgrade-insecure-requests
Add 'upgrade-insecure-requests' to protect from ManInMiddle attacks. Another (more strict) option is to use 'block-all-mixed-content' to block mixed content resources (rather than updgrade to secure).
Scripting Directives
CSP
script-src
CSP
style-src
'style-src' is missing and recommended to increase general protection. Can you set 'none' or a specific file/path?
CSP
object-src
CSP
worker-src
Frames Directives
CSP
child-src
In order to add Clickjacking protection, either 'frame-ancestors', 'frame-src' or 'child-src' should be strictly defined.
As strict as 'frame-ancestors', 'frame-src' and 'child-src' will be ('self', 'none' or strict path allowlist), Clickjacking protection will be strongest.
For backward compatability, both 'child-src' and 'frame-src' should exist in order to protect Clickjacking, Formjacking, Data Exfiltration and more.
CSP
frame-src
In order to add Clickjacking protection, either 'frame-ancestors', 'frame-src' or 'child-src' should be strictly defined.
As strict as 'frame-ancestors', 'frame-src' and 'child-src' will be ('self', 'none' or strict path allowlist), Clickjacking protection will be strongest.
For backward compatability, both 'child-src' and 'frame-src' should exist in order to protect Clickjacking, Formjacking, Data Exfiltration and more.
Content Directives
CSP
img-src
In order to add general protection, either 'img-src' or 'connect-src' should be strictly defined.
'img-src' is missing. Add it for more fine-grained control and reporting.
CSP
connect-src
In order to add general protection, either 'img-src' or 'connect-src' should be strictly defined.
'connect-src' is missing. Add it for more fine-grained control and reporting.
CSP
font-src
'font-src' is missing. Add it for more fine-grained control and reporting.
CSP
manifest-src
'manifest-src' is missing. Add it for more fine-grained control and reporting.
CSP
media-src
'media-src' is missing. Add it for more fine-grained control and reporting.
CSP
prefetch-src
'prefetch-src' is missing. Add it for more fine-grained control and reporting.
resulting in a B-Grade protection.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: Tests and other Media topics
« Reply #957 on: December 27, 2021, 06:36:45 PM »
Website security analysis - Snyk: https://snyk.io/test/website-scanner/?test=
Best result = A, bad result = F.

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: Tests and other Media topics
« Reply #958 on: December 29, 2021, 11:35:27 PM »
Hi folks on the avast support forums. From me best wishes for the coming New Year 2022.
May you stay free of any mishap both offline as well as online.

This time my question was: ""Who is behind CloudFlare?".

Whenever you do an IP look-up at a CloudFlare protected website, like for instance shodan.io,
CloudFlare may block you as a visitor. This is whenever they cannot fully identify you.
You cannot go there anonymously. No tor-users are allowed on their platform either,
even when you aren't into any mischief.
You are banned until you can give proof of who you really are as a human being (real IP).

In such cases it can be interesting to know who is behind a certain CloudFlare reversed proxy address.
You can look it up at: https://securitytrails.com/list/ip/104.18.12.238  (example for shodan.io) (random example by me, pol).

Mind to do your look-ups at securitytrails.com not from behind a proxy, else you also meet with their endless captcha,
even when you are not a bot and strictly a human anonymous. They also are CloudFlare driven.

It is a pity the extension to see whether one was safe from NSA spoofing on a particular website,
is now no longer available as a Google's or cromium extension.
Their new extension and api restricting settings will make blocking etc. much harder.
Coming to a browser near you in the forecoming months, I think May 2022.

A couple of extension developers have already thrown the towel into the developer's ring.
Well the going gets narrow, as some clamps seem to be coming down.

It is a pity really and actually a shame for the last bit of end-user-autonomy.
I use a London-based in-browser proxy by Digital Ocean in the browser
and have experienced above scenario various times.

polonus
« Last Edit: December 29, 2021, 11:42:16 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: Tests and other Media topics
« Reply #959 on: January 07, 2022, 01:10:45 AM »
Learn more device info via your browser of choice here:
https://www.deviceinfo.me/

Scan, scroll down and enjoy.

An ip-scan for malicious and suspicious IP and percentages on ranges:
https://maltiverse.com/ip/161.35.53.213  (random example)

polonus
« Last Edit: January 07, 2022, 04:44:31 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!