Author Topic: Checking your browser  (Read 1269 times)

0 Members and 1 Guest are viewing this topic.

Offline Turnip

  • Jr. Member
  • **
  • Posts: 44
Checking your browser
« on: January 30, 2020, 10:27:21 AM »
Yesterday and today after booting up computer and going to https://blog.avast.com/ I get this before the site loads. See Attachment:
After clicking web site, go back and re click site no more warning etc. 

This happens on Avast secure browser,  Chrome,  Firefox,  Edge chromium. and only on Avast Blog Web Site .

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 65912
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Checking your browser
« Reply #1 on: January 30, 2020, 10:31:55 AM »
Confirmed, same here.
Win 8.1 [x64] - Avast PremSec 20.6.2420.BUC [UI.542] - CC 5.68 - EEK - FF ESR 68.11 [NS/AOS/uBO/PB] - TB 68.11 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Turnip

  • Jr. Member
  • **
  • Posts: 44
Re: Checking your browser
« Reply #2 on: January 30, 2020, 10:35:24 AM »
Confirmed, same here.

Cheers Asyn :)

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 65912
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Checking your browser
« Reply #3 on: January 30, 2020, 11:43:00 AM »
You're welcome.
Win 8.1 [x64] - Avast PremSec 20.6.2420.BUC [UI.542] - CC 5.68 - EEK - FF ESR 68.11 [NS/AOS/uBO/PB] - TB 68.11 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Turnip

  • Jr. Member
  • **
  • Posts: 44
Re: Checking your browser
« Reply #4 on: January 30, 2020, 12:56:46 PM »
It just came up again with "Checking your browser before accessing blog .avast.com".

Must come up after a certain amount of time has elapsed,not like I thought only after a reboot.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83511
  • No support PMs thanks
Re: Checking your browser
« Reply #5 on: January 30, 2020, 01:56:10 PM »
It just came up again with "Checking your browser before accessing blog .avast.com".

Must come up after a certain amount of time has elapsed,not like I thought only after a reboot.

I see many such delays on other sites, usually it is related to checking it is a browser rather than a bot trying to access the site.

One that comes to mind, if I visit Stop Forum Spam to check on a suspect. Whilst it is a slightly different initial page, but the same check, once it has confirmed it is a browser connection it loads as normal. 
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.541/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline Turnip

  • Jr. Member
  • **
  • Posts: 44
Re: Checking your browser
« Reply #6 on: January 30, 2020, 03:37:54 PM »
It just came up again with "Checking your browser before accessing blog .avast.com".

Must come up after a certain amount of time has elapsed,not like I thought only after a reboot.

I see many such delays on other sites, usually it is related to checking it is a browser rather than a bot trying to access the site.

One that comes to mind, if I visit Stop Forum Spam to check on a suspect. Whilst it is a slightly different initial page, but the same check, once it has confirmed it is a browser connection it loads as normal.

Thanks DavidR

This is the first time I have ever seen this.

At least I have learnt something new.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9343
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Checking your browser
« Reply #7 on: January 30, 2020, 03:39:32 PM »
I'm guessing it's similar to Cloudflare's DoS protection system that does a similar thing.
Visit my webpage Angry Sheep Blog

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83511
  • No support PMs thanks
Re: Checking your browser
« Reply #8 on: January 30, 2020, 07:51:16 PM »
<snip quotes>

Thanks DavidR

This is the first time I have ever seen this.

At least I have learnt something new.

You're welcome.
RejZoR also gives an example that could be a (Distributed) Denial of Service prevention method.
« Last Edit: January 30, 2020, 07:53:32 PM by DavidR »
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.541/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32605
  • malware fighter
Re: Checking your browser
« Reply #9 on: January 30, 2020, 11:31:26 PM »
L.S.

Nothing out of the ordinairy. But there are still code glitches, where libraries should be retired on the avast blog website.
to make it a tad more secure  :P ->
Quote
jquery   1.11.2   Found in -https://blog.avast.com/hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js
Vulnerability info:
Medium   2432 3rd party CORS request may execute CVE-2015-9251   
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers   
Low   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution   
jquery   1.11.2   Found in -https://blog.avast.com/hs-fs/hub/486579/hub_generated/template_assets/4971048709/1571307960770/Coded_files/Custom/page/responsive/jquery.1.2.min.js
Vulnerability info:
Medium   2432 3rd party CORS request may execute CVE-2015-9251   
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers   
Low   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution   123
jquery   3.2.1   Found in -https://blog.avast.com/hs-fs/hub/486579/hub_generated/template_assets/7330550809/1569824219439/Coded_files/Custom/blog/js/jquery-tooltip-2019-january.js
Vulnerability info:
Low   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution

High severity findings here for CSP: Evaluated CSP as seen by a browser supporting CSP Version 3
expand/collapse all
checkupgrade-insecure-requests

errorscript-src [missing]
script-src directive is missing.

errorobject-src [missing]
Missing object-src allows the injection of plugins which can execute JavaScript. Can you set it to 'none'?

But this is not the only site with not optimal settings for best CSP policies.  ;)

There is CloudFlare protection: xpect-CT: max-age=604800, report-uri="-https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
The Expect-CT header allows sites to opt in to reporting and/or enforcement of Certificate Transparency requirements, which prevents the use of misissued certificates for that site from going unnoticed. When a site enables the Expect-CT header, they are requesting that the browser check that any certificate for that site appears in public CT logs.

See: https://webcookies.org/cookies/blog.avast.com/28916849?312212  (B and F-grade scan status)...

Clickjacking protection is enabled

+2
Instructs the browser if the current website can be embedded in HTML frame by another website. Since this allows the parent website to control the framed page, this creates a potential for data theft attacks ("clickjacking") and most sensitive websites won't allow them to be framed at all (deny) or just allow parts of them to be embedded in frames created by themselves only (samesite).

In the browser console I see:
Quote
SprocketMenu.js:65 GET -https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=486579&callback=jsonpHandler net::ERR_BLOCKED_BY_CLIENT (via uBlock Origin)
value @ SprocketMenu.js:65
value @ SprocketMenu.js:118
(anonymous) @ index.js:18
content.js:2 [VULNERS] Init
content.js:5 [VULNERS] Rules (292) [{…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, …]
content.js:15 [VULNERS] Match Slick /slick.js undefined
(anonymous) @ content.js:15
content.js:15 [VULNERS] Match cpe:/a:jquery:jquery jquery-libs/static-1.4/jquery/jquery-1.11.2.js undefined
(anonymous) @ content.js:15

Babel Quest Client - HubSpot offers a full platform of marketing, sales, customer service, and CRM software — plus the methodology, resources, and support — to help businesses grow better. Get started with free tools, and upgrade as you grow. (Timeframe retention of data = 300 days max.).

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
« Last Edit: January 30, 2020, 11:33:24 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Turnip

  • Jr. Member
  • **
  • Posts: 44
Re: Checking your browser
« Reply #10 on: January 31, 2020, 09:56:53 AM »
Thanks to RejZoR,  DavidR  and polonus  very much appreciated.

Cheers :)

Offline sava22

  • Newbie
  • *
  • Posts: 3
Re: Checking your browser
« Reply #11 on: January 31, 2020, 01:08:22 PM »
L.S.

Nothing out of the ordinairy. But there are still code glitches, where libraries should be retired on the avast blog website.
to make it a tad more secure  :P ->
Quote
jquery   1.11.2   Found in -https://blog.avast.com/hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js
Vulnerability info:

What did you use to get the first listing? (jquery 1.11.2 Found in...)
.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 43847
  • 60 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Checking your browser
« Reply #12 on: February 04, 2020, 01:28:12 PM »
No such delay when I go to my blog hosted at the same place
https://bob3160.blogspot.com/ or any of the other blogs hosted at blogspot.
The delay and popup only comes up on the Avast blog
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1909 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.3.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 65912
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Checking your browser
« Reply #13 on: February 05, 2020, 11:25:04 AM »
Hi guys, seems it's gone. I can access the blog without any delay again.
Win 8.1 [x64] - Avast PremSec 20.6.2420.BUC [UI.542] - CC 5.68 - EEK - FF ESR 68.11 [NS/AOS/uBO/PB] - TB 68.11 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Turnip

  • Jr. Member
  • **
  • Posts: 44
Re: Checking your browser
« Reply #14 on: February 06, 2020, 10:59:11 AM »
Hi guys, seems it's gone. I can access the blog without any delay again.

Same here