My first poll, but I sincerely want to know the answer. ;D Hope this one doesn't violate any Board policies or generally seem like the proverbial "stupid question" :P

My guess is that the majority of members subscribe to a "layered approach" to all aspects of security, so a lot of you will want to specify more than one. Looking forward to the discussion!

Hi ;)

Three best to me (by far):

http://www.pcflank.com/test.htm about privacy (nice and precise)

http://www.pcflank.com/exploits.htm about firewall defences (beware - powerful test !) You have to tick all the boxes to proceed with all the attacks at the same time.

http://www.leader.ru/secure/who.html again about privacy (terribly good - already helped me several times to discover flaws in my soft's or config's when I thought all was perfect)

If you haven't done it already, please go and try these and come back to tell me what you think... (Don't try the second one if you're not firewall-protected !)

Rgds, Crockett 8)

BlackCode I can't even run, 'cause my security settings seem to keep me from even going further than the start page ! JVScripts enabled, though... Strange.

Crockett 8)

;D For a ports test I like Gibsons-GRC. Quick and to the point whether your ports are open, closed, or stealth. A while back I believe I read that he is working on a scanner that will include all :o65,535 ports. :o I can't wait for that!! ;D

I agree with beetlejuice. I like grc. for a quick port scan to make every thing is stealth . :)

{QUOTE-> quoting: beetlejuice link=board=19;threadid=15280;start=0#msg95458 date=1066860085]
;D For a ports test I like Gibsons-GRC. Quick and to the point whether your ports are open, closed, or stealth. A while back I believe I read that he is working on a scanner that will include all :o65,535 ports. :o I can't wait for that!! ;D
<-QUOTE}

You can already custom scan ports.

{QUOTE-> quoting: Crockett link=board=19;threadid=15280;start=0#msg95416 date=1066845930]
Hi ;)

Three best to me (by far):

http://www.pcflank.com/test.htm about privacy (nice and precise)

<-QUOTE}

Pcflank test looks too "clever" and yet it can't work if you are using an ISP trasnparent NAT :)

i choose grc. too.... ;D it was quick and i like that i can just enter a port range and scan.

JayK...."ISP transparent NAT"....?? i am not sure what that is, could you explain it so i don't go around thinking you mean one of those see-through cased routers?

snap :)

sorry..spelled your name JKay..it sounded the same :-\

{QUOTE-> quoting: snapdragin link=board=19;threadid=15280;start=0#msg95566 date=1066908725]
i choose grc. too.... ;D it was quick and i like that i can just enter a port range and scan.

JayK...."ISP transparent NAT"....?? i am not sure what that is, could you explain it so i don't go around thinking you mean one of those see-through cased routers?

snap :)

sorry..spelled your name JKay..it sounded the same :-\
<-QUOTE}

Hmm perhaps the word NAT was redudant. transparent proxy

But seriously, I don't know what that means either, it just sounds cool! :)

PS See my tag line

ROFL - well it DOES sound cool! Thanks JayK!

{QUOTE-> quoting: Crockett link=board=19;threadid=15280;start=0#msg95416 date=1066845930]
http://www.leader.ru/secure/who.html again about privacy (terribly good - already helped me several times to discover flaws in my soft's or config's when I thought all was perfect)

If you haven't done it already, please go and try these and come back to tell me what you think... <-QUOTE}

Hi Crockett

I tried the " Holmes/Who" site you recommended - Seems like a good one, but it didn't give me any different results than PC Flank or GRC, and it doesn't seem as polished. Then again, I only tried the first port scan :-\ Still, I've bookmarked it.

I have found that Sygate Online (stealth scan option) tells me I've got several ports 'Blocked' but not 'Stealth'. But every other scan I've done (PC Flank, GRC, Sygate quick scan) tells me I'm 'All Stealth'. Question: Does anyone suppose that these results are reliable - that is, Sygate found a problem others didn't?

Regards, Optigrab ;)

Hi Optigrab :)

If your system is safe, as yours seems to be, there's no automatic reason Holmes would give you any different result.

But I recall, when first trying Opera a couple of years ago, I tried the test and was amazed to see the site could access... my internet connection username ! Talk about a surprise ! :o

After some trial and error and dialogs with the Opera crew, we realized the problem came from some flaw in the SunJava machine (1.3 at the time if my memory is good). Using some combination of Java and Javascripts, the Holmes site could get access to the info the JavaMachine knew.

The point is - I was very proud of the fact that I succeeded all the on-line tests I could get my hands on, and then this flaw was revealed by Holmes.

So I was glad I came accross it so I could correct the flawed configuration on my pc (i.e. change my JavaMachine or decide to disable JavaScripts alltogether).

More recently, I decided to try the FireBird stand-alone browser, and again went through many tests, always succeeding... But again, I went to Holmes, and with JavaScripts enabled, it was able to see which previous site I was connecting from. That puzzled me, since I had history and referrers disabled in the browser AND referrers disabled in WebWasher (web filter). I then tried with a former version of FBird (i.e. Phoenix) and got the same troubling result. I then switched to Opera, which appeared not to suffer from the flaw. I then tried Beonex (a third stand-alone browser based on the Mozilla engine), and it didn't suffer from the flaw either...

See, in some instances this Holmes site can really see some important things that most other sites can't...

Now, you can understand why - even when I succeed on PCFlank - I always double-check on Holmes... ;)

Rgds, Crockett 8)

{QUOTE-> quoting: optigrab link=board=19;threadid=15280;start=0#msg95765 date=1066996020]
I have found that Sygate Online (stealth scan option) tells me I've got several ports 'Blocked' but not 'Stealth'. But every other scan I've done (PC Flank, GRC, Sygate quick scan) tells me I'm 'All Stealth'. Question: Does anyone suppose that these results are reliable - that is, Sygate found a problem others didn't?

Regards, Optigrab ;)
<-QUOTE}

HI again ;)

I now spend most of my time on Opera, and Opera doesn't even allow me to enter the 'start procedure' on Sygate tests. Opera behaves like this only on Sygate site, displaying a message it doesn't allow the procedure for security reasons.

Not sure why, but I think it might be because the site tries to unsecurely access the browser on port 443 when this port should be reserved for secure connections only. :-\

Beyond that, the Sygate scan site has a rather uneven reputation, to say the least. On the other hand, their firewall has a rather good reputation and seems to almost always be part of the top four list of free FW's on the market (OutPost, LookAndStop, Kerio2.15 and Sygate).


If I recall, it had already been discussed some time ago... To get to the desired thread(s), you may click on my name ('View profile of Crockett'), ask for some of the first posts I had on Wilders and see which messages lead to threads which can give you some various opinions about the site.

Feel free to PM if you can't find the desired threads you're looking for.

Rgds, Crockett 8)

Hi Crockett :)

I see (said the blind man)! Thanks for the wealth of knowledge. As is usual for me I'll have to read through a couple of times before it all sinks in my primitive brain ;)

I'll also go back to Holmes (to test my mettle) and Sygate (to unravel the bugger).

Many thanks, and I'll be in touch.

Best regards
Optigrab ;D

{QUOTE-> quoting: optigrab link=board=19;threadid=15280;start=0#msg95765 date=1066996020]I have found that Sygate Online (stealth scan option) tells me I've got several ports 'Blocked' but not 'Stealth'. But every other scan I've done (PC Flank, GRC, Sygate quick scan) tells me I'm 'All Stealth'. Question: Does anyone suppose that these results are reliable - that is, Sygate found a problem others didn't? <-QUOTE}

For the scan at Sygate Blocked = Stealth

From their site:
"Ideally you should receive "Blocked." This indicates that your ports are not only closed, but they are completely hidden (stealthed) to the world."

Regards,

CrazyM

GRC for me :)

speed,convenience and easy to remember/type in when i mess something up/have to switch browsers/configurations dont go as planned
when all clear from there, then try others and try additional tweaks from there
but thats me ;D Simple ;D

SpyD 8)

{QUOTE-> quoting: Crockett link=board=19;threadid=15280;start=0#msg95889 date=1067039528]
Hi Optigrab :)


More recently, I decided to try the FireBird stand-alone browser, and again went through many tests, always succeeding... But again, I went to Holmes, and with JavaScripts enabled, it was able to see which previous site I was connecting from. That puzzled me, since I had history and referrers disabled in the browser AND referrers disabled in WebWasher (web filter). I then tried with a former version of FBird (i.e. Phoenix) and got the same troubling result. I then switched to Opera, which appeared not to suffer from the flaw. I then tried Beonex (a third stand-alone browser based on the Mozilla engine), and it didn't suffer from the flaw either...

Rgds, Crockett 8)
<-QUOTE}

That's strange, did you ever figure out why? The current build of FB 0.7 don't have this problem.

{QUOTE-> quoting: CrazyM link=board=19;threadid=15280;start=0#msg95975 date=1067058019]For the scan at Sygate Blocked = Stealth

From their site:
"Ideally you should receive "Blocked." This indicates that your ports are not only closed, but they are completely hidden (stealthed) to the world."

Regards,
CrazyM
<-QUOTE}
You are correct, CrazyM, of course. My mistake. I meant "Closed, not Blocked/Stealth".

WEB-80-CLOSED, POP3-110-CLOSED, IDENT-113-CLOSED, NetBIOS-139-CLOSED, HTTPS-443-CLOSED, 445-CLOSED, 1080-CLOSED, 1245-CLOSED.

This is for "Sygate Stealth Scan" only; Sygate Quick, and most other scans say I'm stealth. Just beginning my investigation to find the cause.

Best regards :)
Optigrab

Hello :)

Went back and checked ShieldsUp again... Of course I agree this is one of the top ones also.

https://grc.com/x/ne.dll?bh0bkyd2

Rgds, Crockett 8)

Among other things, the Browser Header scan is very nice...

Crockett 8)

{QUOTE-> quoting: optigrab link=board=19;threadid=15280;start=15#msg96033 date=1067088029]"Closed, not Blocked/Stealth".

WEB-80-CLOSED, POP3-110-CLOSED, IDENT-113-CLOSED, NetBIOS-139-CLOSED, HTTPS-443-CLOSED, 445-CLOSED, 1080-CLOSED, 1245-CLOSED.

This is for "Sygate Stealth Scan" only; Sygate Quick, and most other scans say I'm stealth. Just beginning my investigation to find the cause.
<-QUOTE}

I figured out the Sygate Stealth Scan that previously gave me the above result. Seems the scan calls the browser to send a DNS request to a different server (other than my ISP). Created a new rule in my firewall and now I am stealth on all Sygate scans. I now have an enhanced respect for that clever site. ;)

Hi JayK :)

Sorry for late answer...

{QUOTE-> quoting: JayK link=board=19;threadid=15280;start=15#msg96014 date=1067073391]
That's strange, did you ever figure out why? The current build of FB 0.7 don't have this problem.
<-QUOTE}

I just redid the same test with FireBird and came to the same conclusion...

You can try it yourself if you want...

I start from this post: http://www.wilderssecurity.com/showthread.php?t=15280;start=msg95416#msg95416

Click on the link to leader.ru/who...

See screenshot for the settings I use in FB

Please also note that, in addition, I use a specifically dedicated filter to block referrers and prefixes, among other things...

Of course, no cookie allowed...

But I'm afraid I still get the same surprising result:

Holmes just knows where I'm coming from...

Of course, FB indeed first filtered by WW as seen below.

Again, Beonex - although a close relative to FB - does not suffer from the same flaw.

BTW, I still have to first add 'blank page' to the Bookmark list before I can get the 'import option' to function... That's annoying too.

Rgds, Crockett 8)

;D

Gee - do you think we have enough screenshots in here yet? :o Pete

{QUOTE-> quoting: Crockett link=board=19;threadid=15280;start=15#msg97758 date=1067699686]
Of course, no cookie allowed...

But I'm afraid I still get the same surprising result:

Holmes just knows where I'm coming from...
<-QUOTE}

I just tested. nothing.

You do know that in FB and mozilla by default they don't block referrers yes? You need to change/add network.http.senderreferrerheader to 0? One way is to add them into your user.js file.

Sorry for checking with you about something so elementary but the screenshot you showed about options maked me wonder if you knew about this.


If you have already done that, I suspect it's webwasher that is causing the problem either way please first test without it.

Hi JayK ;)

Just re-did some testing... Here are the results...

Any browser, without Javascript, referrers allowed, with WebWasher disabling referrers, PCFlank can't see anything, Holmes can't either.

Same thing, this time with WebWasher not interfering in any way on referrers, PCFlank and Holmes can see the originating site.

So, as I already knew, WW works perfectly fine.

If Javascripts are enabled in Opera, referrers allowed, WebWasher still does the job, on PCFlank and on Holmes.

If Javascripts are enabled in Firebird, WW still activated, PCFlank can't see anything (because traditional refs are blocked by WW), but Holmes can (using Javascripts in some way to access the desired information)!

So I don't think it's really a matter of referrers per se, but rather some flaw in the FB's Javascript managing which Holmes is able to exploit and use as if 'traditional' referrers were actually sent.

Another point I believe is even more important... Let's say a newbie decides he is tired to surf on Internet Exporer, and tries FireBird as alternative browser... He knows not much, but he at least knows he should check the Preferences or Tools menus before getting started.

He sees some choice in cookie management, and can decide which option to enable or disable in this regard. He sees other tweaking possibilities for Java, and Javascripts, and History and Cache, and so on... He tries to make the best possible choices he can based on the limited knowledge he has, and then decides to finally go and surf the Web.

Then what happens ? With JavaScripts enabled, he clicks on a link to Holmes just to discover that Holmes knows where he's coming from. Rather surprising, and disappointing.

What's my point ? Yes, one can go to user.js and add this or that line and change 1 to 0 and so forth, but that's something that should have been done before, and should have been done much more easily. That's something that should have been possible in the Privacy menu, or in the advanced menu, like many other privacy features.

FireBird, Phoenix, Black Diamond FireBird do not allow it to easily be done. The only Mozilla family browser that does (to the best of my klowledge) is Beonex - which has a very precise referrers management menu, as you know.

One always criticises M$, because many features were enabled by default in WXP - one only has to surf the excellent Steve Gibson's ShieldsUp! to find references to this.

One cannot say referrers are as potentially dangerous as the XP features I'm talking about, but I think there is a similar kind of flaw in the way FB allows some (very good) sites such as Holmes to use JavaScripts as tracking tool.

So much so that it could easily be corrected by the FB's programmers' crew - whose job I admire and respect, by the way.

Rgds, Crockett 8) (No screenshots today in order to spare fragile eyes :D)

I use and trust grc.com(Shields Up).
His website is very helpful if you have Windows XP. ;)
I use the port scanner and I use his small utilities;UnPlug and Pray and DCOMbobulator.
Mr. Gibson does a good job explaining his programs and some of the vulnerabilities in the operating systems.

I really like the way he improved the port scanner.

The other site that I use occasionally is auditmypc.com.

{QUOTE-> quoting: Crockett link=board=19;threadid=15280;start=15#msg98206 date=1067810635]
Hi JayK ;)

Just re-did some testing... Here are the results...

Any browser, without Javascript, referrers allowed, with WebWasher disabling referrers, PCFlank can't see anything, Holmes can't either. <-QUOTE}

No surprise.

{QUOTE->
Same thing, this time with WebWasher not interfering in any way on referrers, PCFlank and Holmes can see the originating site.
<-QUOTE}

Just to confirm, you have network.http.senderreferrerheader=0 ?
If not, that's not suprising without ww it doesn't work. If you are then it's a strange bug, since I can't reproduce it.

{QUOTE->
So I don't think it's really a matter of referrers per se, but rather some flaw in the FB's Javascript managing which Holmes is able to exploit and use as if 'traditional' referrers were actually sent.
<-QUOTE}

No offence sounds like crap to me. Mozilla, FB, etc with JS,JAVA, on , but with referrers off I get no information at all about referrers on Holmes.

I also tested with referrers on , JS on OR off, it still got the referrer. It is the sending of referrers fields that holmes is reading. Nothing else.

Holmes is not using anything profound to check your referrer. at least in all my tests, js doesn't make a difference.

About the presence of proxies.

{QUOTE->

If Javascripts are enabled in Firebird, WW still activated, PCFlank can't see anything (because traditional refs are blocked by WW), but Holmes can (using Javascripts in some way to access the desired information)!
<-QUOTE}


This one is interesting if it's true. But I tested using proxomitron AND later webwasher with JS/JAVA on, Firebird not blocking referrers , Holmes is still fooled.

So in conclusion I don't see any such effect., I don't see anything clever that allows it to defeats proxies.

In any case, adding network.http.senderreferrerheader=0 is sufficent to fool Holmes.

{QUOTE->
Another point I believe is even more important... Let's say a newbie decides he is tired to surf on Internet Exporer, and tries FireBird as alternative browser... He knows not much, but he at least knows he should check the Preferences or Tools menus before getting started.

He sees some choice in cookie management, and can decide which option to enable or disable in this regard. He sees other tweaking possibilities for Java, and Javascripts, and History and Cache, and so on... He tries to make the best possible choices he can based on the limited knowledge he has, and then decides to finally go and surf the Web.

Then what happens ? With JavaScripts enabled, he clicks on a link to Holmes just to discover that Holmes knows where he's coming from. Rather surprising, and disappointing.

What's my point ? Yes, one can go to user.js and add this or that line and change 1 to 0 and so forth, but that's something that should have been done before, and should have been done much more easily. That's something that should have been possible in the Privacy menu, or in the advanced menu, like many other privacy features.

<-QUOTE}

All this I agree with (more than you know actually), but it's not relevant to the discussion. You mention some kind of bug, that the developers might like to know about, but I don't see it.

If you have not please test by typing about:Config
then change network.http.senderreferrerheader to 0.


{QUOTE->

FireBird, Phoenix, Black Diamond FireBird do not allow it to easily be done. The only Mozilla family browser that does (to the best of my klowledge) is Beonex - which has a very precise referrers management menu, as you know.

<-QUOTE}

That is the problem with Mozilla FB, it is not a very good browser for a newbie but someone consicious about privacy. Changing the referrer field to send blank is considered something "advanced" not to be played with. They have also refused to "Fake" referrers .



{QUOTE->

One cannot say referrers are as potentially dangerous as the XP features I'm talking about, but I think there is a similar kind of flaw in the way FB allows some (very good) sites such as Holmes to use JavaScripts as tracking tool.

<-QUOTE}

Sorry, but I don't see any evidence of Holmes using javascript to figure out where I'm coming from. With network.http.senderreferrerheader=0 Holmes sees nothing.

fwiw:

run proxo with open log window & see what matches:

I get the following matches:

Match 168: Hide Browser's Referrer from JS
Match 168: Hide Browser's Referrer from JS

along with a bunch of other matches Java, ads, banners, & JavaScript etc.

{QUOTE-> quoting: peakaboo link=board=19;threadid=15280;start=30#msg98316 date=1067833236]
fwiw:

run proxo with open log window & see what matches:

I get the following matches:

Match 168: Hide Browser's Referrer from JS
Match 168: Hide Browser's Referrer from JS

along with a bunch of other matches Java, ads, banners, & JavaScript etc.


<-QUOTE}

Let me try again. Since I'm clearly not getting through.

Your browser will SEND the referrer string HTTP_REFERER to the server, regardless of JS is on or off. What proxomitron is detecting is the javascript part that grabs and displays it (document.referrer property). In any case, even with JS off , holmes can still display your referrer string through other means such as server side scripting.

If a site is dumb enough only to use JS to display the results, then someone might think he is safe (because JS doesnt display it), but actually isn't since the info is given to the server, but because you have JS off it isn't displayed.

If your browser doesn't send any referrers, JS is irrelevant. If it does, turning off JS won't help.

When I was referring to JS revealing your referrers, I was talking about something more then just displaying your http_referrer maybe something clever like
http://www.gemal.dk/browserspy/css.html which uses CSS

Hi JayK :)

If you will allow me, these few more lines to conclude my participation to the discussion since it seems to me it's getting nowhere while at the same time becoming rather uselessly tiring to me.

{QUOTE-> quoting: JayK link=board=19;threadid=15280;start=30#msg98296 date=1067830414]

Just to confirm, you have network.http.senderreferrerheader=0 ?
<-QUOTE}

Of course I don't - that seems evident.

{QUOTE-> quoting: JayK link=board=19;threadid=15280;start=30#msg98296 date=1067830414]
This one is interesting if it's true. But I tested using proxomitron AND later webwasher with JS/JAVA on, Firebird not blocking referrers , Holmes is still fooled.
<-QUOTE}

Well, of couse it's true. I don't have time to waste writing lies on this BBoard. If you don't believe what I say, then there's no point in even going on with the discussion on this subject. Why you get different results from those I get I don't know.

{QUOTE-> quoting: JayK link=board=19;threadid=15280;start=30#msg98296 date=1067830414]
I don't see anything clever that allows it to defeats proxies.
<-QUOTE}

I never wrote anywhere Holmes did defeat proxies - that's not the point.

{QUOTE-> quoting: JayK link=board=19;threadid=15280;start=30#msg98296 date=1067830414]
If you have not please test by typing about:Config
then change network.http.senderreferrerheader to 0.
<-QUOTE}

There's no way I'm gonna do it this way. I'll wait 'till the possibility does exist in the general interface so any newbie can access it. 'til then, I won't recommend FBird any longer

{QUOTE-> quoting: JayK link=board=19;threadid=15280;start=30#msg98296 date=1067830414]
That is the problem with Mozilla FB, it is not a very good browser for a newbie but someone consicious about privacy. Changing the referrer field to send blank is considered something "advanced" not to be played with. <-QUOTE}

Right - then I'll stick to Beonex.

{QUOTE-> quoting: JayK link=board=19;threadid=15280;start=30#msg98296 date=1067830414]
Sorry, but I don't see any evidence of Holmes using javascript to figure out where I'm coming from. With network.http.senderreferrerheader=0 Holmes sees nothing. <-QUOTE}

Well, at least I do and it seems after doing some testing by himself Peakaboo does also.

{QUOTE-> quoting: JayK link=board=19;threadid=15280;start=30#msg98296 date=1067830414]
Holmes is not using anything profound to check your referrer. <-QUOTE}

Never said anything like it either.

{QUOTE-> quoting: JayK link=board=19;threadid=15280;start=30#msg98318 date=1067835336] In any case, even with JS off , holmes can still display your referrer string through other means such as server side scripting.

If a site is dumb enough only to use JS to display the results, then someone might think he is safe (because JS doesnt display it), but actually isn't since the info is given to the server, but because you have JS off it isn't displayed.
<-QUOTE}

Well, at least many sites seem dumb enough not to even use Js to do it since I only got this result on Holmes.

{QUOTE-> quoting: JayK link=board=19;threadid=15280;start=30#msg98318 date=1067835336]
If your browser doesn't send any referrers, JS is irrelevant. If it does, turning off JS won't help. <-QUOTE}

I disagree. That's the point of my previous posts. Turning off Jscript does make a difference.

To wrap it up quickly, you have the right not to like Holmes, but the point was it's the only site I know off (I'm not saying others couldn't do the same nor that it's the only one currently doing it) which made me think 'hey, we have something weird going on here'.

Js combined with FBird default settings does allow the results I described to be produced.

Rgds,
Going-back-to-Opera-for-a-(long)-while-Crockett 8)

Dear Crockett

Clearly you are offended. I didn't mean it that way, I was just curious if there was a bug as I stated before. I'm always eager to see why something fails.

As it stands, you have found something I can reproduce , webwasher+normal FB+JS on allows Holmes to detect the referrer. So sadly I cannot file a bug report.

Self-censored to avoid offending people.