ie-sitemode is there because I use Windows Live Writer?
Hi bob3160,
Well it was my pleasure checking and going over the script code there and a reassuring all green for you is not bad at all.
Congratulations.
Well I think you did not expect anything else, really 
Damian
DNS Hijacks: What to Look For
“Your PC Is Infected” Round-up…
AVG releases transparent privacy policy: Yes, we will sell your data
http://www.zdnet.com/article/avg-releases-transparent-privacy-policy-yes-we-will-sell-your-data/
AVG will sell the data of its users to [b]third parties in order to keep basic antivirus software free[/b]
It’s interesting how AVG thinks of “copies of files or emails” as “non-personal data” just because they were “marked as potential malware”.
[i]We collect non-personal data to improve our products and services, including: data concerning potential malware threats to your device and the target of those threats, including copies of files or emails marked as potential malware, file names, cryptographic hash, vendor, size, date stamps, associated registry keys, etc.; ...snip... [/i]
http://www.avg.com/us-en/privacy-new#what-do-you-collect-that-cannot-identify-me
And,
“We collect non-personal data to make money from our free offerings so we can keep them free, including:
…snip…
Browsing and search history, including meta data;”
even though they also say
“Sometimes browsing history or search history contains terms that might identify you. If we become aware that part of your browsing history might identify you, we will treat that portion of your history as personal data, and will anonymize this information.…”
So, AVG users have to trust AVG that AVG can deem what parts of their browsing history or search history contain terms that might identify them! Good luck with that!
Besides, I never like when a privacy policy uses the word “including…”. That begs the question: and what else?
199 hacked routers SYNful Knock: http://blog.shadowserver.org/2015/09/21/synful-knock/
polonus
Nasty URL bug brings Google Chrome to a screeching halt
Simply add “%%30%30” to the end of any URL in chrome and watch it crash.
Hi bob3160,
This string abuse works because the browser actually wants this to execute as %25%2530%2530
When I give your string in following directly from “https://ad.nl/” the browser url bar shows: http://caja.appspot.com/#https://ad.nl/%25%2530%2530
and this can be abused because my connection is no longer private, your bug code can be used as privacy error and for stealing credentials like passwords messages , creditcards details etc. Did you notice that, bob3160? :o
What you do with %%30%30 translated into %25%2530%2530 is a certificate hack and the server certificate no longer matches that URL or v.v. and the use of an older Cipher Suite is being flagged. Did you notice that, bob3160? :o
We stumbled upon something that could lead to indirect abuse on a large scale. Thank you very, very much for reporting this.
Trying this on the nameserver there: -http://ns1-25.akam.net/%25%2530%2530 and then condider this: 10 red out of 10 red Netcraft risk status. This certainly is an issue that goes beyond a mere Google Chrome browser bug, bob3160, you stumbled on something that needs to be analysed further, my good friend. Here the server just opens the main page: http://www.telegraaf.nl//%25%2530%2530
Damian
Not something I stumbled upon simply something I’m reporting.
Follow the link I supplied for more information. 
That link is empty, I get an about:blank
Can you provide us with a working link?
Was it reported 21 hours ago here?: http://www.pcworld.com/article/2984907/security/nasty-url-bug-brings-google-chrome-to-a-screeching-halt.html
And the one that detected it originally: http://andrisatteka.blogspot.com/2015/09/a-simple-string-to-crash-google-chrome.html
The %25%2530%2530 translation that actually could play havoc on some https servers was my experiment here ;D
polonus
OOPS, it’s been corrected.
Now when I give in this https://www.security.nl/%2525%252530%252530
- https://www.security.nl/%2525%252530%252530 Security.NL 57,992 bytes 641 ms
I get here: https://www.security.nl/?welcome
And there are sources and sinks to consider: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fwww.security.nl%2F%252525%25252530%25252530
Results from scanning URL: https://www.security.nl/js/dfp.js?1375741199
Number of sources found: 28
Number of sinks found: 11
Results from scanning URL: https://www.security.nl/js/dfp.js?1375741199
Number of sources found: 1
Number of sinks found: 1
Results from scanning URL: https://www.security.nl/js/dfp.js?1375741199
Number of sources found: 122
Number of sinks found: 60
Indeed equalling these results: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fwww.security.nl%2F%3Fwelcome
Interesting and the results on various servers should be established.
This server is further secured against this and I meet a neat 404 error. This is as it should be:
http://www.huffingtonpost.com/%2525%252530%252530
Oh, Noes! A 404! As I approached this locally.
Here the whole page disappears which kicks up a dev/null: http://www.nu.nl/%2525%252530%252530 :o
polonus
XcodeGhost malware infiltrates App Store
Unconventional Malvertising Attack Uses New Tricks
WordPress Malware – Active VisitorTracker Campaign
Symantec employees fired for issuing rogue HTTPS certificate for Google
http://arstechnica.com/security/2015/09/symantec-employees-fired-for-issuing-rogue-https-certificate-for-google/
Another reason to stick to your Adblocker: https://grahamcluley.com/2015/09/forbes-malvertising/
article author - Graham Cluley
"Malvertising continues to be an attack vector of choice for criminals making use of exploit kits. By abusing ad platforms – particularly ad platforms that enable Real Time Bidding – attackers can selectively target where the malicious content gets displayed."“When these ads are served by mainstream websites, the potential for mass infection increases significantly, leaving users and enterprises at risk.”
polonus
Again malvertising campaign: https://blog.malwarebytes.org/malvertising-2/2015/09/malvertising-attack-hits-realtor-com-visitors/
pol
.htaccess Tricks in Global.asa Files
GTA 5 Money Generator Scams: They’re Wheelie Bad
Press H to Hack: Unsolicited
https://blog.malwarebytes.org/privacy-2/2015/09/press-h-to-hack-unsolicited/
Imgur Abused in DDoS Attack Against 4Chan!
https://blog.malwarebytes.org/hacking-2/2015/09/imgur-abused-in-ddos-attack-against-4chan/
Ghostery: A Tool that Stops Trackers (This is one add-on most of us use) (FYI, I have disabled the pop-up bubble.)
https://blog.malwarebytes.org/privacy-2/2015/09/ghostery-a-tool-that-stop-trackers/
Kovter malware upgraded with Poweliks features
http://www.scmagazine.com/kovter-malware-upgraded-with-poweliks-features/article/440711/
Kovter malware learns from Poweliks with persistent fileless registry update
http://www.symantec.com/connect/blogs/kovter-malware-learns-poweliks-persistent-fileless-registry-update
Fake Online Avast Scanner
https://blog.malwarebytes.org/online-security/2015/09/fake-online-avast-scanner/
This is a bit misleading since you only get to this by mistyping the Malwarebytes website.
I highly doubt that this scanner gets much use.