Tests and other Media topics

[polonus]

Marketeers want Firefox to block ad-blockers: http://www.iab.net/iablog/2013/07/has-mozilla-lost-its-values.html
Profiling can still be done, but using third party cookies made this quite easy for ad-launchers.

By the way: tracking protection in IE9 and IE 10 could also be done, use
\ EasyPrivacy (tracking protection)
\ EasyList Standard (adblock) en/of Dutch etc. EasyList (adblock)

The reason we do not want ad-blockers to leave our browsers, is that adblockers also protect us from malicious cybercriminal marketeers.
The method adfree has already been blocked in the Google Play market, because most ads do not come locally but from big sites.

polonus

[MAG]

I only returned to IE in Windows after I discovered how to use tracking protection to block ads.

If firefox disables adblocking I will find a different linux browser (if I can't find a workaround).

[polonus]

Another botnet IP check. Are you in a database? https://www.check-and-secure.com/ipcheck/_en/solution/clean.php
Good I am not, and also here on Webbot/Spider check: http://bot.myip.ms/

polonus

[bob3160]

Another botnet IP check. Are you in a database? https://www.check-and-secure.com/ipcheck/_en/solution/clean.php
Good I am not, and also here on Webbot/Spider check: http://bot.myip.ms/

polonus

Neither am I.

[polonus]

Like the online tests from Steve Gibson.

Do this DNS Nameserver Spoofability Test here: https://www.grc.com/dns/dns.htm

I have two different nameservers that is good,
and my results were "excellent"

For best results, you should have all green in-
External ping should be not/less visible,
External query should be ignored,
DNSSEC Security should be supported,
Alphabetic Case should be mixed,
Extra Anti-spoofing should be present.

What were your results?

polonus

[polonus]

Another test to perform is a router crash test.
Hurrah, my router survived,
but my MalwareBytes Anti-Exploit Shield crashed on the test
and had to be closed. Well I have put that beta version up again.
For the test go here: https://www.grc.com/dns/crashtest.htm
And again, nice test from Steve Gibson.
Enjoy,

polonus

[polonus]

What HTTP server is that site running, online scan: http://andrew.hedges.name/experiments/what-server/

polonus

P.S. more from this site:  http://andrew.hedges.name/experiments/

This one is strange by andrew hedges: http://andrew.hedges.name/experiments/whatevernator/#31

polonus

[polonus]

Just look at the latest sandbox comparison test, Google and Adobe sandboxes more secure than Sandboxie.
Some tools were not considered like for instance Anubis iseclab, example: http://anubis.iseclab.org/?action=result&task_id=1976684dda45722241551da96229482f6
The Bromium Test results here: http://labs.bromium.com/2013/07/23/application-sandboxes-a-pen-testers-perspective/
Well you always have to consider the weaknesses of a sandbox.
Save someting and you are seen.
Condensed files won't run.
No driver access permitted,
So sandboxes for malware analysis certainly come with specific limitations.
Not clear what is the position of the avast sandbox here? 

Anyone to comment?

polonus

[JuninhoSlo]

Like the online tests from Steve Gibson.

Do this DNS Nameserver Spoofability Test here: https://www.grc.com/dns/dns.htm

I have two different nameservers that is good,
and my results were "excellent"

For best results, you should have all green in-
External ping should be not/less visible,
External query should be ignored,
DNSSEC Security should be supported,
Alphabetic Case should be mixed,
Extra Anti-spoofing should be present.

What were your results?

polonus

I ran Steve Gibson DNS Nameserver Spoofability Test and my results were "Bad" and I also have 2different nameservers,just like you Polonus.

[MAG]

Just look at the latest sandbox comparison test, Google and Adobe sandboxes more secure than Sandboxie.
Some tools were not considered like for instance Anubis iseclab, example: http://anubis.iseclab.org/?action=result&task_id=1976684dda45722241551da96229482f6
The Bromium Test results here: http://labs.bromium.com/2013/07/23/application-sandboxes-a-pen-testers-perspective/
Well you always have to consider the weaknesses of a sandbox.
Save someting and you are seen.
Condensed files won't run.
No driver access permitted,
So sandboxes for malware analysis certainly come with specific limitations.
Not clear what is the position of the avast sandbox here? 

Anyone to comment?

polonus

Would have been interested to hear what they thought of the Linux Chromium sandbox set-up with seccomp sandbox (plus  Mandatory Access Control enforced by Apparmor or SELinux).

[polonus]

You could also perform a test here: http://www.dnssy.com/report.php?q=
I got: Hostname looks good. Found 8 parent nameservers. Glue from root nameservers to parent nameservers is missing. This means that an extra lookup is required to find your parent nameservers. There is nothing you can do about this. No nameservers found at parent nameserver, as I have no domain nor website.

polonus

[polonus]

Performing an IP Reputation Scan.

I tested here for my IP Reputation: http://ipremoval.sms.symantec.com/lookup/#
result: -

does not have a negative reputation and therefore cannot be submitted for investigation.

And not blacklisted here: http://www.ipvoid.com/scan/
Check also here: http://labs.alienvault.com/own_ip_reputation.php -> IP not found
Also check here against honeypot resources: https://www.projecthoneypot.org/ip_
and here: http://www.botsvsbrowsers.com/ip/your ip/index.html
and here: http://www.linuxmagic.com/products/bms/lookup
O.K. Do not forget to check IP here: http://www.senderbase.org/lookup?search_string=your IP
and here: https://support.proofpoint.com/rbl-lookup.cgi?ip=your IP

result: Your IP address is not currently being blocked nor delayed....

D

[polonus]

Check the health of the DNS of your domain here: http://dnscheck.pingdom.com/?domain=avast.com
This check is part of a couple of characteristic-tests that will set out malicious URLs.
We may look for:

1 DNS anomalities, open resolvers, check against urlquery dot net scanner.
 Resolved IP count Integer
2 Name server count Integer
3 Name server IP count Integer
4 Malicious ASN ratio of resolved IPs Real
5 Malicious ASN ratio of name server IPs Real

DNS fluxinet features

URL token/path characteristics: (delimited by ‘.’, ‘/’, ‘?’, ‘=’, ‘-’, ‘ ’) check with firekeeper and IDS
1 Domain token count
2 Path token count
3 Average domain token length Real
4 Average path token length Real
5 Longest domain token length
6 Longest path token length
7-9 Spam, phishing and malware SLD hit ratio Real
10 Brand name presence Binary

Web content characteristics. etc. check against : http://scanurl.net/?u='+encodeURIComponent(location.href)+'&k#results');})();
Backlinks and link popularity etc. ->  http://smallseotools.com/backlink-checker/  etc.

Info from hyunsang choi. Delecting Malicious Weblinks etc.

polonus

[polonus]

Some tools to help you here: http://www.webtoolhub.com/tools.aspx
Online security tools -> example: http://evuln.com/labs/cooptraiss.com/
and example like:
http://www.iwebtool.com/google_banned?domain=www.toolshack.com
http://www.iwebtool.com/code_viewer?domain=www.toolshack.com  (10 requests allowed per hour)

polonus

[polonus]

Also check here for domain info: http://sitesentral.com/www.avast.com (last updated June 8, 2013)

polonus