polonus
661
Another report for this site flagged at urlquery dot net:
https://urlquery.net/report/4ea473d5-765f-4c09-9ac8-a805504606a8
[quote]File not found: -https://apis.google.com/js/plusone.js
ReferenceError: gapi is not defined
-http://dahluhre.blogspot.com/:369
SyntaxError: Unexpected token <
/:65
SyntaxError: Unexpected strict mode reserved word
/:65
SyntaxError: Invalid or unexpected token
/:65
SyntaxError: Unexpected identifier
/:65
SyntaxError: Unexpected token <
/:65
SyntaxError: Unexpected token &
/:65
ReferenceError: urchinTracker is not defined
-http://dahluhre.blogspot.com/:2390
SyntaxError: Unexpected token &
-http://dahluhre.blogspot.com/:64
SyntaxError: Invalid or unexpected token
-http://dahluhre.blogspot.com/:64
SyntaxError: Unexpected identifier
-http://dahluhre.blogspot.com/:64
SyntaxError: Unexpected token <
-http://dahluhre.blogspot.com/:64
SyntaxError: Unexpected strict mode reserved word
-http://dahluhre.blogspot.com/:64
SyntaxError: Unexpected token <
-http://dahluhre.blogspot.com/:64
[quote]
Consider also here: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=I3xobHVofXsubl0%3D~enc
iFrame flagged: iframes
Any iframes? Yes there are. show.
polonus
PHISHING a gigantic online problem. Now meet a Plan for Scams.
https://www.gerv.net/security/a-plan-for-scams/
(propositions by various members of Mozilla Team).
Are their any new ideas, coming from the intensified efforrts of EUROPOL and the Industry fighting PHISHING.
I think, while visiting a phisingwebsite a “whois” is being performed for that websites’ domainname,
and one checks whether the created and/or changed date are less than a weak old,
one would have caught out 95% of phising websites.
Within a few days you’d see these domains added to be blacklisted.
Are they being flagged in all browsers then immedeately?
polonus
The Reg has Admedo tracking. Where? → https://www.theregister.co.uk/security/
What’s that tracker?
Find out here: https://whotracks.me/trackers/admedo_com.html
Failed to load for me: -pj.l.admedo.com/admtracker.lib.min.js:1 F
Tracking on websites: https://whotracks.me/websites/avast.com.html
polonus
A fine tool to check on DNS, example: https://dnscheck.pingdom.com/#5a9186d122400000
Combine it with all of the toolbox here: https://mxtoolbox.com/
And here: https://www.robtex.com/dns-lookup/
Enjoy, my good friends, enjoy,
polonus
Two scanners to compare results for trackers:
- CLIQZ and Ghostery driven: https://whotracks.me/websites/theregister.co.uk.html
&
- beta scanner with privacy implications of visiting a website:
https://privacyscore.org/site/36977/
Enjoy, my good friends, enjoy,
polonus
polonus
669
For Germany and the Netherlands new directives on the use of the latest TLS version 1.3 came out.
So it is time to check:
https://www.cdn77.com/tls-test and at http://ssl-checker.online-domain-tools.com/
Following should be phased out in due time and one better no longer support such weak TLS:
TLS 1.0, TLS 1.1 en 3DES en algorithm for static key-exchanges.
Also consider: https://geekflare.com/ssl-test-certificate/
example: https://www.immuniweb.com/ssl/?id=nU20eqHp
polonus
P.S. But windows exchange servers should also be upgraded,
else to take such measures are senseless in a certain perspective,
when it is not supported elesewhere on the infrastructure.
A certification tests for a domain produces two A+ results: https://www.sslcheck.nl/mett.nl
all checked for a Dutch gov. subcontractor certificate.
However there were weak ciphers and there was a CAA issue,
which could be solved here with this generator: https://sslmate.com/caa/
Re: https://cipherli.st/
produced:
Generic
For Google Cloud DNS, Route 53, DNSimple, and other hosted DNS services
Name Type Value
mett.nl. CAA 0 issue “;”
Standard Zone File
For BIND ≥9.9.6, PowerDNS ≥4.0.0, NSD ≥4.0.1, Knot DNS ≥2.2.0
mett.nl. IN CAA 0 issue “;”
Legacy Zone File (RFC 3597 Syntax)
For BIND <9.9.6, NSD <4.0.1, Windows Server 2016
-mett.nl. IN TYPE257 # 8 000569737375653B
tinydns
:-mett.nl:257:\000\005\151\163\163\165\145\073
dnsmasq
–dns-rr=-mett.nl,257,000569737375653B
enjoy, my good avast friends, enjoy,
polonus
Also consider info here: https://www.entrustdatacard.com/knowledgebase/how-to-add-a-certification-authority-authorization-caa-record-using-tinydns and another tool: https://tools.ietf.org/html/rfc6844#section-5
JavaScript and SEO, all you wanted to know.
Pre-loading the DOM first is advisable.
On your website - be crawlable for both Googlebot and Caffeine alike.
Google and Caffeine are often mixed-up even by Google’s staff members.
Make sure your content does not depend solely on JavaScript, but also on HTML.
In the future Googlebot may render newest JavaScript.
(now renders 2018 script through the 69 version of the browser,
later will come to use the latest version);
writing isomorphic Javascript being pre-rendered on the webserver may help SEO,
and load performance, but the apt developer must have the capacity to implement this.
Google plans to integrate crawling and rendering, as planned at their 2018 Chrome Dev Summit,
but JavaScript issues may remain, so there will still will be reports coming from analysts like little old me.
Info credits go to Marketingfacts JavaScript & SEO,
all you should know by Tom Wester SEO-strategist at RIFF’s.
Test your performance on the client and webserver here,
→ https://gtmetrix.com/reports/
Enjoy, my good avast friends, enjoy,
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Linting JavaScript code with JSHint at https://jshint.com/
What script was checked: https://www.security.nl/js/core.js?13757912339 DOM-XSS 39 sources and 16 sinks detected.
beautifying and code improvement results:
CONFIGURE
Metrics
There are 86 functions in this file.
Function with the largest signature take 4 arguments, while the median is 1.
Largest function has 38 statements in it, while the median is 4.
The most complex function has a cyclomatic complexity value of 7 while the median is 2.
Nine warnings
27 [‘position’] is better written in dot notation.
175 Missing semicolon.
288 ‘result’ is already defined.
295 ‘result’ is already defined.
556 Missing semicolon.
750 Missing semicolon.
778 A leading decimal point can be confused with a dot: ‘.45’.
840 [‘compatability’] is better written in dot notation.
1207 Missing semicolon.
Three undefined variables
29 $
31 $
33 $
35 $
37 $
39 $
41 $
43 $
45 $
47 $
49 $
51 $
53 $
55 $
57 $
59 $
61 $
63 $
65 $
67 $
69 $
71 $
73 $
75 $
77 $
79 $
83 $
85 $
87 $
93 $
95 $
97 $
101 $
111 $
116 $
141 $
143 $
145 $
149 $
153 $
159 $
188 $
203 $
216 $
220 $
222 $
224 $
233 $
240 $
247 $
254 $
263 $
272 $
274 $
282 $
304 $
306 $
308 $
318 $
329 $
331 $
333 $
335 $
345 $
363 $
374 $
376 $
378 $
388 $
399 $
401 $
403 $
405 $
407 $
409 $
419 $
435 $
443 $
456 $
458 $
464 $
472 $
476 $
494 $
496 $
509 $
513 $
515 $
523 $
529 $
537 $
539 $
541 $
565 $
567 $
569 $
571 $
585 $
594 $
614 $
622 $
633 $
637 $
645 $
651 $
676 $
695 $
701 $
703 $
705 $
711 $
715 $
715 $
719 $
723 $
725 $
734 $
738 $
742 $
759 $
761 $
763 $
767 $
776 $
778 $
780 $
788 $
790 $
792 $
799 $
806 $
810 $
812 $
812 $
818 $
820 $
831 $
833 $
840 $
848 $
850 $
852 $
862 $
864 $
880 $
888 $
904 $
908 $
938 $
940 $
962 $
964 $
986 $
988 $
1010 $
1012 $
1032 $
1036 $
1052 $
1056 $
1058 $
1079 $
1081 $
1085 $
1089 $
1091 $
1112 $
1114 $
1118 $
1120 $
1122 $
1142 $
1144 $
1166 $
1168 $
1170 $
1177 $
1179 $
1188 $
1190 $
1203 $
1229 $
1233 $
1237 $
1245 $
1245 $
1247 $
1256 $
1258 $
1267 $
1269 $
1276 $
1278 $
1285 $
1287 $
1289 $
254 mytoken
345 mytoken
421 mytoken
478 mytoken
531 mytoken
596 mytoken
655 mytoken
742 mytoken
838 mytoken
866 mytoken
1205 mytoken
1237 mytoken
697 width
703 width
Three unused variables
21 default_hover_options
23 default_video_options
133 preload
For JavaScript debuggers, enjoy, my friends, enjoy.
polonus
Everybody wants an honest webshop experience, don’t they?
Check here it can be trusted?
Re: https://www.trustpilot.com/
Some things to check and go over:
- Is the product genuine or is it a cheap and lousy imitation?
- How does the webshop look, sloppy, bad presentation of consumer goods,
Does it have bad grammar and misspellings?
- Is there a under construction message to mask bad construction?
- How did others qualify that webshop? Has it a bad online rep?
- Check the registration of the site online. Is it a scam or a known fraud?
- Do you have a secure connection to it? Green lock - https & tls right version?
- What category webshop gives a major chance this could mean scam or fraud?
- When paying credit card, claim damage in time when goods do not arrive,
- Report to authorities even when there is small chance the owners will get nailed.
(source credits go to Dutch AD.nl newspaper’s article)
polonus
Various websites have issues with jQuery libraries, that should be retired because of vulnerabilities,
some issues can be abused e.g. bootstrap.js
An example: hint #1: ‘Bootstrap@3.3.5’ has 5 known vulnerabilities (5 medium). See ‘https://snyk.io/vuln/npm:bootstrap’ for more information: https://webhint.io/scanner/a3b2b998-0045-489b-934f-155784c7bfcd#hint-no-vulnerable-javascript-libraries-1
We can have that info via an extension
Retire.js
bootstrap 3.3.5 Found in http://dk-advertising.com/wp-content/plugins/content-views-query-and-display-post-page/public/assets/js/cv.js?ver=2.1.3.3
Vulnerability info:
High 28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331 1
Medium 20184 XSS in data-target property of scrollspy CVE-2018-14041 1
Medium 20184 XSS in collapse data-parent attribute CVE-2018-14040 1
Medium 20184 XSS in data-container property of tooltip CVE-2018-14042 1
jquery 1.7.0 Found in https://ajax.googleapis.com/ajax/libs/jquery/1.7.0/jquery.min.js?ver=5.2
Vulnerability info:
Medium CVE-2012-6708 11290 Selector interpreted as HTML 123
Medium 2432 3rd party CORS request may execute CVE-2015-9251 1234
Medium CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution
or here online: https://retire.insecurity.today/#!/scan/531a6fa7af013314295e06229fcae3e27022551843a80ca3d0aeaaea484ed5cd
complicating vuln. : Directory Indexing
In the test an attempt was made to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is a common information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.
/wp-content/uploads/ enabled (insecure)
/wp-content/plugins/ disabled
polonus
Fine resources: http://www.scada-radar.com/protocol.php?protocol=BACnet/IP
This in the light of Delphi malcode dropper like malicious protocol.php (analysis of Zebrocy dropper)
But the website we visit here with that scanner needs some jQuery libraries to be retired:
Retire.js
bootstrap 3.3.4 Found in http://www.scada-radar.com/js/bootstrap.min.js
Vulnerability info:
High 28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331
Medium 20184 XSS in data-target property of scrollspy CVE-2018-14041
Medium 20184 XSS in collapse data-parent attribute CVE-2018-14040
Medium 20184 XSS in data-container property of tooltip CVE-2018-14042
jquery 1.11.3 Found in https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js
Vulnerability info:
Medium 2432 3rd party CORS request may execute CVE-2015-9251 1234
Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers
Medium CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution 123
jquery 1.8.2 Found in http://www.scada-radar.com/js/jquery_1_8_2.min.js
Vulnerability info:
Medium CVE-2012-6708 11290 Selector interpreted as HTML
Medium 2432 3rd party CORS request may execute CVE-2015-9251
Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers
Medium CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS,
and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution
only minor improvment site recommendations, 16 in all: https://webhint.io/scanner/a1cf7fd6-fd7d-4233-ba98-e17de6b6c7e1
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Malicious JA3 fingerprints to fingerprint SSL/TLS client applications. In the best case, you can use JA3 to identify malware traffic that is leveraging SSL/TLS.
However mind that these fingerprints have not been tested against known good traffic yet and may cause a significant amount of FPs!
Find them here: https://sslbl.abuse.ch/ja3-fingerprints/ compare with findings here: https://urlhaus.abuse.ch/browse/
pol
Your browser knows all about you, all and everything.
What is going on under the hood?
Read this extensive paper by Sally Vandeven:
https://www.sans.org/reading-room/whitepapers/authentication/ssl-tls-whats-hood-34297
also read: https://en.wikipedia.org/wiki/Public-key_cryptography
And again polonus says, check and test it: http://codefromthe70s.org/certcheck.aspx
polonus
Mozilla makes online tracking visable.
Give those surveillance capitalistic trackers something to chew on.
See: https://trackthis.link/
It does not bring back the happy days of freebee Interwebz, like we knew it once,
the happy days before vendor lock-in came to hold us all as hostages,
but on the fringes of the existing commercial internet,
innovation will help us all against allmighty Big Brother Data Grabbers.
polonus
