Author Topic: Links! (for almost everything...)  (Read 347577 times)

0 Members and 1 Guest are viewing this topic.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67236
Re: Links! (for almost everything...)
« Reply #255 on: January 02, 2016, 09:23:57 PM »
Wow... A very old thread has resurrected  8)
The best things in life are free.

Online polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33669
  • malware fighter
Re: Links! (for almost everything...)
« Reply #256 on: January 02, 2016, 09:48:53 PM »
Hi Lisandro,

You deserve it to have it newly addressed. Means it is a good topic.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3649
Re: Links! (for almost everything...)
« Reply #257 on: January 02, 2016, 10:08:06 PM »
Nice photo editor..........

http://www.pickmonkey.com

Deemed as malicious by Avast Online Security.
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10

Offline -midnight

  • Massive Poster
  • ****
  • Posts: 2418
Re: Links! (for almost everything...)
« Reply #258 on: January 02, 2016, 10:11:11 PM »
I'm not seeing that.  Scanned with Dr. Web Link Checker and Avast.
« Last Edit: January 02, 2016, 10:15:06 PM by -midnight »

Online polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33669
  • malware fighter
Re: Links! (for almost everything...)
« Reply #259 on: January 02, 2016, 10:35:23 PM »
Hi -midnight,

No direct threat there, some code to be retired allthough. I give you a report of all insecurities and what should be retired and improved there.

-http://www.picmonkey.com/
Detected libraries:
jquery - 1.7.1 : -http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
swfobject - 2.2 : -http://www.fastly.picmonkey.com/_/static/js/index_module.4e7259b7e5be4791d6ca.js
1 vulnerable library detected

Canvas fingerprinting performed: Prevented a script on -http://www.fastly.picmonkey.com from capturing the point (0, 0) on the following 300px × 150px canvas:
Prevented a script on -http://www.fastly.picmonkey.com from capturing the following 300px × 150px canvas:

Checking for cloaking
There is a difference of 26532 bytes between the version of the page you serve to Chrome and the version you serve to GoogleBot. This probably means some code is running on your site that's trying to hide from browsers but make Google think there's something else on the page: Any links with funky anchor text? Yes there are. show.

<a href="#" id="email_suggestion" data-field="[[ field_selector ]]" data-from="[[ current_value ]]" data-to="[[ suggested_value ]]" data-validation_method="[[ validation_method ]]">[[ suggested_value ]]</a>

iframes
Any iframes? Yes there are. show.

<iframe src="//-4411460.fls.doubleclick.net/activityi;src=4411460;type=PicMo0;cat=PicMo0;ord=14214278109625" width="1" height="1" frameborder="0" style="display:none"></iframe>
<iframe src="dialog/no_javascript"></iframe>
<iframe src="//-4411460.fls.doubleclick.net/activityi;src=4411460;type=PicMo0;cat=PicMo0;ord=81188917115439" width="1" height="1" frameborder="0" style="display:none"></iframe>
Just a note, social media buttons often show up here. They are probably OK.

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline -midnight

  • Massive Poster
  • ****
  • Posts: 2418
Re: Links! (for almost everything...)
« Reply #260 on: January 02, 2016, 10:42:34 PM »
Hi polonus,

As you can see I deleted the link.

-midnight

Online polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33669
  • malware fighter
Re: Links! (for almost everything...)
« Reply #261 on: January 02, 2016, 10:57:14 PM »
Hi -midnight,

Thank you for taking that precaution. I just scanned this link because young Steven Winderlich alerted to it.
Did not find it malicious per se, but it had some jQuery library  code on there that the web admin there or the hoster of the website has to retire, that means they better zip file it for later reference and then take it off. Often jQuery versions are not updated and left on a website from the day they were downloading that particular code onto the website. As some code has been left by the designer/developer, you can imagine that leaving it there will only produce further vulnerabilities and exploits to be used against it. Also often we find that coonfigurations on a site do not follow best practices or are wrong even. Yes, dear -midnight, there is still a lot of incompetence reigning on the Interwebs. That is why I do here what I do and a lot of interested forum friends help me with it (!Donovan, Pondus, Para-Noid, Eddy, etc. etc.).
Fingerprinting is a form of stealth tracking, CanvasFingerprintBlock extension 1.0.1 will set these instances out inside the browser.

Be safe and secure during all of 2016,

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!