Tests and other Media topics

General Topics
201

I’ve used and recommended Screencast-O-Matic for a few years.
It’s my main program for creating instructional and other Video’s.
I also use it to create screenshots which you’ll find on many of the posts in this forum.
There is blocking and then there’s getting a little out of hand.
Why not simply stop using any of the modern browsers and stop going to any of the websites ???

202

Hi bob3160,

Well me demonstrating this is just for educational purposes and just to show how one-sided the whole story has become.
It seems the user is just being tolerated for what known reasons, but does not play any role. The users are just generating clicks in a pay per click model.

And it is gonna get much worse when TTP arrives - companies and investors would be empowered to challenge regulations, rules, government actions and court rulings — federal, state or local — before tribunals and the role of governments and end-users will be further minimalized, as lawyers like to have their piece of the cake with these big international corporations.

That is where we are heading in the near future on both sides of the Atlantic and there is not much we can do about it,
so I will happily browse on while I can and use Google as my global instrument with Avast inside. ;D

Damian

203

Example generated Javascript Alert Code
Copy and paste the code between the tags of your webpage. The alert will pop up on page load


<SCRIPT LANGUAGE="JavaScript">
<!-- Hide from older browsers
alert('You are getting this alert at this very moment');
// end hiding -->
</SCRIPT>

Handy code generators here: http://www.htmlbasix.com/

And to bring in some randomness go here: http://www.randomcodegenerator.com/

pol

204

Is this a secure service?: https://www.dashlane.com/scan/11#/login

polonus

205

A service of Dashlane the Password Manager program.
(if you trust them with your passwords, then this should be safe. :slight_smile:

206

Mixed content still the easiest way to break SSL: http://blog.ivanristic.com/2014/03/https-mixed-content-still-the-easiest-way-to-break-ssl.html (web article author = Ivan Ristić).
Check the insecure content on a website here: https://www.jitbit.com/sslcheck/
or here: https://www.whynopadlock.com/

Re: https://www.bram.us/2014/12/10/mixed-content-scan-scan-your-https-enabled-website-for-mixed-content/
Fix
The best strategy to avoid mixed content blocking is to serve all the content as HTTPS instead of HTTP.

For your own domain, serve all content as HTTPS and fix your links. Often, the HTTPS version of the content already exists and this just requires adding an “s” to links - http:// to https://.

For other domains, use the site’s HTTPS version if available. If HTTPS is not available, you can try contacting the domain and asking them if they can make the content available via HTTPS.

polonus

207

I often see a lot of site with insecure login flagged by saferChrome, like here:
SaferChrome: Insecure login: Password will be transmited in clear to http://www.dagelijksestandaard.nl/wp-login.php?redirect_to=%2F2015%2F04%2Fvijf-lekkere-snacks-die-je-koningsdag-nog-beter-maken%2F5%2F detected

Read: http://www.stealmylogin.com/ written by Alex Sirota
Exposing the dangers of insecure login forms *

The bookmarklet (from here *) used to test:

GET //data.stealmylogin.com/stealmylogin.js';document.getElementsByTagName('head')[0].appendChild(s);alert('StealMyLogin%20injected');})(); HTTP/1.1
Host: javascript:(function() {var s=document.createElement('script');s.src='http:

polonus

208

Testing for SHA-1 online.
Unsecure, checked at: https://shaaaaaaaaaaaaa.com/check/www.tivo.com
results: Dang.
www.tivo.com is using SHA-1.
Which is too bad, because SHA-1 is becoming dangerously weak. It’s time to upgrade to SHA-2.
Compare here:
http://toolbar.netcraft.com/site_report?url=https%3A%2F%2Fwww.tivo.com%2Ftivo-mma%2Flogin%2Fshow.do

Read on backgrounds: https://konklone.com/post/why-google-is-hurrying-the-web-to-kill-sha-1http://toolbar.netcraft.com/site_report?url=https%3A%2F%2Fwww.tivo.com%2Ftivo-mma%2Flogin%2Fshow.do

On that page as a bonus a converter: http://konklone.io/json/

polonus

209

Test your PHP code online here:
http://www.icosaedro.it/phplint/phplint-on-line.html
Results for some code I gave in:

PHPLint report
PHPLint 2.1_20150305
Copyright 2015 by icosaedro.it di Umberto Salsi
This is free software; see the license for copying conditions.
More info: http://www.icosaedro.it/phplint

BEGIN parsing of /tmp/test-61ynKJ
1:      <?php
2:      function rbl_lookup($ipv4) {

        function rbl_lookup($ipv4) {
                                  \_ HERE
==== 2: ERROR: undefined type for argument $ipv4. Hint: you may indicate an explicit type (example: `/*.int.*/ $ipv4') or assign a default value (example: `$ipv4=123') or add a DocBlock line tag (example: `@param int $ipv4').
3:          $ip = explode(".", $ipv4);
4:          $rbl_url = ".rbl.blockedservers.com";
5:          $rbl_hostname = $ip[3].".".$ip[2].".

            $rbl_hostname = $ip[3].".".$ip[2].".
                                                \_ HERE
==== 5: Warning: found control character (carriage return, CR, 13) in literal string. This msg is reported only once for each string
6:                        ".$ip[1].".".$ip[0]."". $rbl_url;
7:      
8:          $rbl_lookup = gethostbyname($rbl_hostname);
9:      
10:         if($rbl_lookup == $rbl_hostname) {

            if($rbl_lookup == $rbl_hostname) {
                                           \_ HERE
==== 10: ERROR: comparing (string) == (string) - Hint: use strict comparison operator `===' instead.
11:             return 1;
12:         }
13:         else {
14:             return 0;
15:         }
16:     }
17:     ?>
END parsing of /tmp/test-61ynKJ
==== ?:?: notice: unused module mysql.php
==== ?:?: notice: unused module pcre.php
==== ?:?: notice: unused package stdlib/dummy.php
==== ?:?: notice: required module standard.php
Overall test results: 2 errors, 1 warnings.
210

Test - Check the Revocation Lists (CRL) and the OCSP status of an (SSL) Certificate
online here: http://certificate.revocationcheck.com/
Test Created by Paul van Brouwershaven

In the days of HTTPS Everywhere we need such checks more than ever.
Nice to combine with a Netcraft Tool Results report.

We even have some risk here: http://toolbar.netcraft.com/site_report?url=http://certificate.revocationcheck.com
Bad zone = alex.ns.cloudflare.comhttp://www.dnsinspect.com/cloudflare.com/1430833139
Read: https://blog.cloudflare.com/whats-the-story-behind-the-names-of-cloudflares-name-servers/

polonus

211

I give an example of a problem site: solarlist.com Identity verified but with warnings
Encryption (HTTPS) (1)
Communication is encrypted
Site tries to load scripts from sources that weren’t verified - so-called mixed content.
Possible Frontend SPOF from:

maps.google.com - Whitelist
(75%) -
html5shiv.googlecode.com - Whitelist
(71%) -
fonts.googleapis.com - Whitelist
(69%) -
(69%) -
s3.amazonaws.com - Whitelist
(11%) -

See check: http://certificate.revocationcheck.com/solarlist.com

See: https://www.eff.org/https-everywhere/atlas/domains/solarlist.com.html

The following sites know that you visited this page. Click on a site to find out what more it knows about you.
-amazonaws.com
-google.com
-vimeo.com

Netcraft Website Risk Ranking 1 red out of 10: http://toolbar.netcraft.com/site_report?url=https://solarlist.com

Scanning target: 162.159.246.65 on port 443 …

Found 1 servers with port 443 open
Checking for SSLv3 POODLE vulnerability…

IP address Hostname Status Vulnerable ciphers
162.159.246.65 NOT Vulnerable
Where I sacnned this? Here: https://pentest-tools.com/vulnerability-scanning/ssl-poodle-scanner

polonus

212

Test for X-XSS-Protection: 1; mode=block: http://www.enhanceie.com/test/xss/BlockMode.asp

What is this? X-XSS-Protection is a HTTP header understood by Internet Explorer 8 (and newer versions). This header lets domains toggle on and off the “XSS Filter” of IE8, which prevents some categories of XSS attacks. IE8 has the filter activated by default, but servers can switch if off by setting.
As it seems to me (proof is hard to find) that it only protects against Reflected XSS (infosecisland.com/blogview/…), also because it does not have any mean to detect Stored XSS (also called Persistent XSS) info credits go to Luca Invernizzi at stackoverflow!

polonus

Netcraft extension and malware script detector will be flagging this and block it as well:

This page has been blocked by the Netcraft Extension for the following reason:

Suspected XSS Attack

Blocked URL: http://webdbg.com/test/xss/HelloBlockMode.asp?lotsoX=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx etc.

D

213

With voices heard to legalize mass surveillance at least until 2020, here is an insteresting website with projects to opt out (where and while still possible) → https://prism-break.org/en/

Disclaimer: Using the recommended projects on this site will not guarantee that 100% of your communications will be shielded against surveillance states. Please do your own research before trusting these projects with sensitive information.
Disclaimer quote taken from above website. Link source - Peng Zhong 2015.

polonus

P.S. A weird test result: https://en.wikipedia.org/wiki/Intelligence_Quotient_(IQ)_and_Browser_Usage

D

214

Open port check tool: http://www.yougetsignal.com/tools/open-ports/
The open port checker is a tool you can use to check your external IP address and detect open ports on your connection. This tool is useful for finding out if your port forwarding is setup correctly or if your server applications are being blocked by a firewall. This tool may also be used as a port scanner to scan your network for ports that are commonly forwarded. It is important to note that some ports, such as port 25, are often blocked at the ISP level in an attempt to prevent malicious activity.
Combine with a Dazzlepod IP check: https://dazzlepod.com/ip/

Mind that the results can only be for IPs you own and you cannot publish third party scan results.

polonus

215

A short survey of IP blocklists:

https://atlas.arbor.net/
http://support.clean-mx.de/clean-mx/viruses
http://www.cymru.com/Documents/bogon-dd.html
http://www.dshield.org/ipsascii.html
http://www.emergingthreats.net/index.php/rules-mainmenu-38.html
http://code.google.com/apis/safebrowsing/
http://hosts-file.net/
http://malc0de.com/database/
http://www.malwaredomains.com/wordpress/?page_id=66
http://www.malware-control.com/
http://malwared.ru/database.php?page=1
http://www.malwaredomainlist.com/hostslist/hosts.txt
http://www.malware.com.br/lists.shtml
http://www.malwareurl.com/
http://www.norse-corp.com/darklist.html
http://openphish.com/
http://mdl.paretologic.com/
http://www.phishtank.com/phish_archive.php
http://www.projecthoneypot.org/list_of_ips.php
http://www.scumware.org/
http://www.shadowserver.org/wiki/pmwiki.php?n=Services/Reports
http://labs.snort.org/iplists/
http://mtc.sri.com/
http://sucuri.net/?page=tools&title=blacklist
http://www.threatstop.com/
http://urlblacklist.com/
https://zeustracker.abuse.ch/blocklist.php
https://zeustracker.abuse.ch/monitor.php?browse=binaries
http://www.blade-defender.org/eval-lab/
https://malwr.com/
http://www.nictasoft.com/viruslib/

(link source credits go to CWZ)

polonus

216

Another good initiative with https being phased in: https://sslbl.abuse.ch/

Also some interesting SSL checking links given.
Like to add:
https://ssl.trustwave.com/support/support-certificate-analyzer.php?address=
https://www.whynopadlock.com/
https://certlogik.com/ssl-checker/www.reddit.com/
https://www.poodlescan.com/
https://shaaaaaaaaaaaaa.com/
https://www.trustworthyinternet.org/ssl-pulse/
https://pentest-tools.com/vulnerability-scanning/openssl-heartbleed-scanner

polonus

217

Real World Protection Test Results, download here: http://www.av-comparatives.org/wp-content/uploads/2015/05/avc_factsheet2015_04.pdf

polonus

218

Next to this DNS scanner: http://www.dnsinspect.com/stabletransit.com/1431899954
I stumbled upon this one: http://www.nabber.org/projects/dnscheck/?domain=stabletransit.com *
Both can be nicely combined when you dive into some DNS issue.
So tried to get scan results with stealth nameservers *.
Read: https://support.dnsmadeeasy.com/index.php?/Knowledgebase/Article/View/108/16/why-am-i-getting-these-stealth-name-server-errors-and-warnings link article author Jennifer Oles
Stealth name servers should never listed as authorative!

My good friends, enjoy,

polonus

219

Generate hashes online with this generator: http://www.sha1-online.com/
Example: $ echo -n `^-,;:!?.'"(){}\§@*/\&#%\±<=>|~$\€ | openssl
Output f44e3004f07d617b06f61b57803a7abe30d414fd (shellshock bash bug)

fork bomb () { :; }; :(){ :|: & };: → 57785764f85505a15dd38ea7ffab35bc43512136
Result for md5: 8cf37ff23da0423b9c167dc05b6217ea

Enjoy,

polonus

220

Tested the avast forum site against Logjam PFS Deployment: Test A ServerGo
Warning! This site uses a commonly-shared 1024-bit Diffie-Hellman Group, and might be in range of being broken by a nation-state. It might be a good idea to generate a unique, 2048-bit group for the site.
Big Blue now safe, Firefox and Google Chrome still unpatched.
Due to the weakened export downgraded encryption (USA export encryption restrictions during the 90’s and beyond caused this threat) Logjam is now a problem to be mitigated all over the world.
Server test can be found here: https://weakdh.org/sysadmin.html

polonus