dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
4556
share rss forum feed


Dude111
An Awesome Dude
Premium
join:2003-08-04
USA
kudos:12

3 recommendations

Test your browser

»www.browserscope.org/security/test

An interesting test.

When i put that domain in my restricted zone and try to load that link,ALL I GET IS A BLANK SCREEN!! (Browser wont allow it if its in that zone)



jadinolf
I Love You Fred
Premium
join:2005-07-09
Ojai, CA
kudos:8

CSRF error, whatever that is.
--
Printed on 100% recycled bytes



therube

join:2004-11-11
Randallstown, MD

1 recommendation

NoScript: Cross-Site Scripting (XSS) or CSRF



jadinolf
I Love You Fred
Premium
join:2005-07-09
Ojai, CA
kudos:8
reply to Dude111

Oh yes, thanks for the tip.



Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11

1 edit

1 recommendation

reply to Dude111


IE9

Opera 12.14
Results.


Bach
Premium
join:2002-02-16
Flint, MI
reply to Dude111


FireFox 19.0

Marsman

join:2004-11-10
reply to Dude111

Click for full size
Thx for the post, running Fx 18.0.2 here...

Marsman

join:2004-11-10
reply to Dude111

Just updated to Fx 19.0 and upon rescanning I received the same results!



Bach
Premium
join:2002-02-16
Flint, MI

said by Marsman:

Just updated to Fx 19.0 and upon rescanning I received the same results!

Interesting. Before upgrading to 19.0 I also testing with 18.0.2 and in both cases got 4 items failing, whereas you get only 1.


EUS
Kill cancer
Premium
join:2002-09-10
canada
reply to Dude111

Opera: The test won't run.
Chromium: #3 Shows FAIL.
Konqueror out of box does not do well.
--
~ Project Hope ~



FFH
Premium
join:2002-03-03
Tavistock NJ
kudos:5
reply to Dude111

Mobile Safari on an iPad

PASS postMessage API
PASS JSON.parse API
FAIL toStaticHTML API
PASS httpOnly cookie API
PASS X-Frame-Options
FAIL X-Content-Type-Options
PASS Block reflected XSS
PASS Block location spoofing
PASS Block JSON hijacking
PASS Block XSS in CSS
PASS Sandbox attribute
PASS Origin header
FAIL Strict Transport Security
PASS Block cross-origin CSS attacks
PASS Content Security Policy
PASS Cross Origin Resource Sharing
PASS Block visited link sniffing
--
A democracy cannot exist as a permanent form of government. It can only exist until the voters discover that they can vote themselves money from the public treasury.



FFH
Premium
join:2002-03-03
Tavistock NJ
kudos:5

Mobile Chrome on iPad:

PASS postMessage API
PASS JSON.parse API
FAIL toStaticHTML API
PASS httpOnly cookie API
PASS X-Frame-Options
FAIL X-Content-Type-Options
PASS Block reflected XSS
PASS Block location spoofing
PASS Block JSON hijacking
PASS Block XSS in CSS
PASS Sandbox attribute
PASS Origin header
PASS Strict Transport Security
PASS Block cross-origin CSS attacks
PASS Content Security Policy
PASS Cross Origin Resource Sharing
PASS Block visited link sniffing
--
A democracy cannot exist as a permanent form of government. It can only exist until the voters discover that they can vote themselves money from the public treasury.


wolfy339

join:2005-04-30
Edmonds, WA
reply to Dude111

Click for full size
Test 1 with NoScript XSS protection on
Click for full size
Test 2 with NoScript XSS Protection off
Just for kicks I did the test twice in Firefox 18.0.2...once with NoScript's XSS protection on and once with it off

Ravenheart

join:2006-02-10
Berkeley, CA
reply to Dude111


Firefox 18.0.2 with NoScript

SRWare Iron 19.0
Opera 12.01 much as for Dustyn but FAIL Strict Transport Security

redwolfe_98
Premium
join:2001-06-11
kudos:1
Reviews:
·Time Warner Cable
reply to Bach

said by Bach:

said by Marsman:

Just updated to Fx 19.0 and upon rescanning I received the same results!

Interesting. Before upgrading to 19.0 I also testing with 18.0.2 and in both cases got 4 items failing, whereas you get only 1.

i think the difference is having the "noscript" addon, for "firefox"..

running FF in "safe mode" ie with no "noscript", i got the same results that you did.. but, when running FF in normal mode, with "noscript", i got the same results that marsman did..

if you want your computer to be secure, i would recommend using the "noscript" addon, with "firefox', not just to pass the "browserscope"-tests but to restrict javascript from running, as well as restricting plugins from running..

Ravenheart

join:2006-02-10
Berkeley, CA
reply to Ravenheart

Iron 24.0, same as for Iron 19.0



JustBurnt

@rr.com
reply to Dude111

Doesn't do anything, I guess that means I passed.

NO, I will not turn down my security to TEST my security.



Dude111
An Awesome Dude
Premium
join:2003-08-04
USA
kudos:12

 

Ahhhh you get a blank screen also??

Very good.......



norwegian
Premium
join:2005-02-15
Outback

.

So did I.

However if you do not allow the first domain to be trusted, you might as well pull the plug on the computer.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke



norwegian
Premium
join:2005-02-15
Outback
reply to Dude111

Re: Test your browser

Well, I let the main domain have permissions for running the test.
However a second domain browserscope2.org wants permission, so does the following:
pwdhash.com for an iframe
and of course:
google-analytics.com for a script - ga.js

But without allowing them, the screen shot shows results.
Seems Chrome has a toStaticHTML.API issue for security.

IE9 I might test, who knows, seems fun enough.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke



norwegian
Premium
join:2005-02-15
Outback

1 recommendation

On toStaticHTML.API

»code.google.com/p/chromium/issue···d=108159

Where's Name Game See Profile, I'm sure this browser is the safest, but check the date Dec 2011

I could %$^$#&7 at some of these vendors laziness some days.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke


redwolfe_98
Premium
join:2001-06-11
kudos:1
reply to Dude111

i didn't see where anyone tested google's "chrome" browser, with the "browserscope"-tests.. is no one here using google's "chrome" browser?



CCat
We're all quite mad here
Premium,MVM
join:2005-12-06
Wonderland
kudos:18
Reviews:
·Time Warner Cable

Click for full size
Chromium 26.0.1408.0


pokesph
It Is Almost Fast
Premium
join:2001-06-25
Sacramento, CA
kudos:1
Reviews:
·Comcast
reply to Dude111

Click for full size
Firefox 18.0.2
Firefox 18.0.2 w/ noscript allowing main domain comes out like this

What is this origin header i see failing on many of these results?


Phoenix22
Death From Above
Premium
join:2001-12-11
SOG C&C Nrth
reply to Marsman

go to ff19.0



Phoenix22
Death From Above
Premium
join:2001-12-11
SOG C&C Nrth
Reviews:
·Comcast Formerl..

3 edits

1 recommendation

reply to Dude111

said by Dude111:

»www.browserscope.org/security/test

An interesting test.

When i put that domain in my restricted zone and try to load that link,ALL I GET IS A BLANK SCREEN!! (Browser wont allow it if its in that zone)

ffox19.0
PASS postMessage API
PASS JSON.parse API
PASS toStaticHTML API
PASS httpOnly cookie API
PASS X-Frame-Options
PASS X-Content-Type-Options
PASS Block reflected XSS
PASS Block location spoofing
PASS Block JSON hijacking
PASS Block XSS in CSS
PASS Sandbox attribute
FAIL Origin header
PASS Strict Transport Security
PASS Block cross-origin CSS attacks
PASS Content Security Policy
PASS Cross Origin Resource Sharing
PASS Block visited link sniffing

CSRF verification failed. Request aborted.

You are seeing this message because this HTTPS site requires a 'Referer header' to be sent by your Web browser, but none was sent. This header is required for security reasons, to ensure that your browser is not being hijacked by third parties.

If you have configured your browser to disable 'Referer' headers, please re-enable them, at least for this site, or for HTTPS connections, or for 'same-origin' requests.

»wiki.mozilla.org/Security/Origin···tigation

4u older members............you'll remember steve gibson's "shields up"..........seems like 2k13 version of s.u.

--
101ST ABN Div. (AirAssault) "Rendezvous With Destiny!" "Night Stalkers/Phoenix Flight" For Buddy...who lived it! Whiskey for my men and beer for my horses! H.A.L.O!, 5th Grp., MACV SOG, 160TH AVN SOG, Death From Above, VFW, AmLegion


VikingBob

join:2004-06-05
Ste Anne, MB
reply to Dude111

IE 8 really blows it on this one. FF 19 with NoScript never completes the scan, much like norwegian's results. Opera (with JS and all plugins disabled) won't run it.

Another little site to test your plugin patch state:

»browsercheck.qualys.com/



NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:11
Reviews:
·SONIC.NET
·Pacific Bell - SBC
reply to Dude111

said by Dude111:

An interesting test.

When I click on the, "Run the Security Rests" button, nothing happens.

Opera 12.14. Scripts are globally disabled.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to norwegian

said by norwegian:

On toStaticHTML.API

»code.google.com/p/chromium/issue···d=108159

Where's Name Game See Profile, I'm sure this browser is the safest, but check the date Dec 2011

I could %$^$#&7 at some of these vendors laziness some days.

Chrome is so safe there is no reason to run these silly test They are for IE and FF users who can't figure out why they get whacked all the time if they don't run fancy third party plugins that slow their browsers to a crawl.
--
Gladiator Security Forum
»www.gladiator-antivirus.com/

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to Dude111

Click for full size
I upgraded to Fx 17.0.3 ESR earlier today and here is how it tests. Of course, Proxomitron may be affecting the results.

I'm more interested in Acid3 test...only Opera gets that one 100%.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson