Tests and other Media topics

Test if your IP address does not form part of Pobelka botnet: http://check.botnet.nu/infected.php
Check your IP for botnet-blacklists: http://www.robtex.com/ip/xxx.xxx.xxx.xxx.html#blacklists
Check also here: https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS

polonus

note that the third link to the fbi asks for your IP address which is conveniently provided by the first link
cheers

Test whether your dns is good: http://www.provos.org/dns_test.js?site=yoursite
and then go here: http://www.provos.org/index.php?/archives/42-DNS-and-Randomness.html

polonus

A test for X-Frame-options (clickjacking) → http://int21.de/frametest/ (courtesy/credits to Hanno Böck)
No red boxes on the left for me, all green!

polonus

Not for the client site, but if you wanna scan a website, see: This one comes with a clickjacking warning: https://asafaweb.com/Scan?Url=www.ad.nl
vulnerable for clickjacking and a cookie warning (brought to us by AppHarbor making use of simple http requests…no pentesting whatsoever…)

enjoy,

polonus

Not a test bit another topic of interest…

See: http://techblog.netflix.com/2013/06/html5-video-in-ie-11-on-windows-81.html
FEE is against: https://www.fsf.org/blogs/community/cancel-netflix-if-you-value-freedom
Should DRM come to HTML5 and will other browser makers being urged to follow these standards.
Netflix, Google and Microsoft are pro DRM in HTML5.
Will this mean the end of the open web we know today?
The proposal: https://dvcs.w3.org/hg/html-media/raw-file/tip/encrypted-media/encrypted-media.html

polonus

It means not needing to depend on Flash any more which has more holes than swiss cheese.
It means they’ll now need to find the insecurities in HTML5. I’m sure it will not take long. :cry:

Hi bob3160,

That is already happening, while you start to discuss this: http://deadliestwebattacks.com/2012/05/25/html5-unbound-part-2-of-4/ (link author = Mike)
With the new features come new insecurities and again the culprit is spelled like js, right javascript. Example see here: http://stackoverflow.com/questions/12480892/framebuffer-html5-canvas-audio-api-insecure-operation-error → audio and web page must be same origin
so you’d have to go to about:config in firefox and disable the security.fileuri.strict_origin_policy. (credits David Humphrey).

polonus

So test how your bowser performs in the HTML5 test: http://html5test.com/index.html
Google Chrome has issues with Microdata. 459 points + 13 bonus points for me…
A non-html5 browser would score 78 points, but will render web applications.

polonus

See: http://www.appremover.com/
downloadable free version http://www.appremover.com/download
AppRemover enables you to thoroughly uninstall many antivirus and antispyware products from your computer. It removes traces that are often left behind by the standard uninstaller, including registry keys, folders and files. AppRemover offers support for many popular antivirus/antispyware products.
Is it better as RevoUninstaller? Can it be used on an emergency USB?

Damian

Insecure Spy Extension amazon-1-button!

Read: http://blog.kotowicz.net/2013/07/jealous-of-prism-use-amazon-1-button.html
1-button extension in Chrome Amazon to listen in on all encrypoted SSL traffic… and they still are…
link article author = @kkotowicz
This story was confirmed here: http://www.heise.de/newsticker/meldung/Amazons-Einkaufshilfe-spioniert-Nutzer-aus-1916578.html
translate using Google Translate…

polonus

Also using Chrome:

http://www.screencast-o-matic.com/screenshots/u/Lh/1374011219028-34387.png

Have you already forgotten ???
http://forum.avast.com/index.php?topic=102237.msg851908#msg851908

Hi bob3160,

Credits go where they should.
You win. No Competition. ;D
I just have to check the browser test results for Chrome on my new Win8 machine. :stuck_out_tongue:
The test was done on Vista.

Damian

Only for advanced users that know what they do!

Users with firefox that wanna go on without Java,
will find that Oracle will not uninstall everything firefox related and leaves debri behind
Whenever everything in combination with Java has been uninstalled,
just open up regedit, go to key HKEY_LOCAL_MACHINE\Software\MozillaPlugins
delete all subkeys there starting with @java.com.
Also delete the subkey HKEY_CLASSES_ROOT\CLSID{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}.
Moreover also delete file: C:\WINDOWS\system32\npDeployJava1.dll.
Before doing this make a copy of your registry in case anything goes wrong,

polonus

Marketeers want Firefox to block ad-blockers: http://www.iab.net/iablog/2013/07/has-mozilla-lost-its-values.html
Profiling can still be done, but using third party cookies made this quite easy for ad-launchers.

By the way: tracking protection in IE9 and IE 10 could also be done, use
\ EasyPrivacy (tracking protection)
\ EasyList Standard (adblock) en/of Dutch etc. EasyList (adblock)

The reason we do not want ad-blockers to leave our browsers, is that adblockers also protect us from malicious cybercriminal marketeers.
The method adfree has already been blocked in the Google Play market, because most ads do not come locally but from big sites.

polonus

I only returned to IE in Windows after I discovered how to use tracking protection to block ads.

If firefox disables adblocking I will find a different linux browser (if I can’t find a workaround).

Another botnet IP check. Are you in a database? https://www.check-and-secure.com/ipcheck/_en/solution/clean.php
Good I am not, and also here on Webbot/Spider check: http://bot.myip.ms/

polonus

Neither am I. :slight_smile:

Like the online tests from Steve Gibson.

Do this DNS Nameserver Spoofability Test here: https://www.grc.com/dns/dns.htm

I have two different nameservers that is good,
and my results were “excellent”

For best results, you should have all green in-
External ping should be not/less visible,
External query should be ignored,
DNSSEC Security should be supported,
Alphabetic Case should be mixed,
Extra Anti-spoofing should be present.

What were your results?

polonus