imported>Sjwhitak: /* JavaScript */

2022-03-06T17:24:53Z

JavaScript

← Older revision		Revision as of 17:24, 6 March 2022
Line 60:		Line 60:
	= JavaScript =		= JavaScript =

	JavaScript is typically a safe use in the clearweb and it's almost a requirement for modern websites. On <code>.onion</code> sites, JavaScript ought to be disabled and is not disabled by default using the [https://www.torproject.org/ Tor Browser] for some reason.		JavaScript is typically a safe use in the clearweb and it's almost a requirement for modern websites. On <code>*.onion</code> sites, JavaScript ought to be disabled and Javascript is not disabled by default using the [https://www.torproject.org/ Tor Browser] for some reason.

	To disable JavaScript:		To disable JavaScript:

	1. Navigate to <code>about:config</code>		1. Navigate to <code>about:config</code>.

	2. Search <code>javascript.enabled</code> and set this value to <code>false</code>.		2. Search <code>javascript.enabled</code> and set this value to <code>false</code>.

	Any site that requires JavaScript on an onion site is malicious or run by an idiot.		Any site that requires JavaScript on an onion site is malicious or run by an idiot. There's no way to tell, so don't trust the site. If you disable JavaScript and don't just wildly click dubious links, you're relatively safe on any onion site.

	If you'd like a fine-tuning of your sites rather than disabling JavaScript for every website, a necessity for adblockers, install [https://github.com/gorhill/uMatrix uMatrix] or (as uMatrix is no longer maintained), install [https://github.com/gorhill/uBlock uBlock Origin] and check the box for <code>I am an advanced user</code>, which will allow for a more confusing manner to disable JavaScript from each domain (no matter what gorhill has been telling us that uMatrix and uBlock are equivalent -- they most definitely are <em>not</em>).		If you'd like a fine-tuning of your sites rather than disabling JavaScript for every website, a necessity for adblockers, install [https://github.com/gorhill/uMatrix uMatrix] or (as uMatrix is no longer maintained), install [https://github.com/gorhill/uBlock uBlock Origin] and check the box for <code>I am an advanced user</code>, which will allow for a more confusing manner to disable JavaScript from each domain (no matter what gorhill has been telling us that uMatrix and uBlock are equivalent -- they most definitely are <em>not</em>).

imported>Sjwhitak: Created page with "The internet can be a safe place from malware and scams if one is aware of what's going on. Sometimes, when there's a good phishing email, I'll open up [https://portswigger.net/burp burp] to check out what configuration they have and see how they managed to do the things they were doing out of curiosity. When doing something sketchy (clicking phishing links, navigating onion sites, etc.), never: use your real name, give your phone number, give your credit card number, g..."

2022-02-17T14:00:10Z

Created page with "The internet can be a safe place from malware and scams if one is aware of what's going on. Sometimes, when there's a good phishing email, I'll open up [https://portswigger.net/burp burp] to check out what configuration they have and see how they managed to do the things they were doing out of curiosity. When doing something sketchy (clicking phishing links, navigating onion sites, etc.), never: use your real name, give your phone number, give your credit card number, g..."

New page

The internet can be a safe place from malware and scams if one is aware of what's going on. Sometimes, when there's a good phishing email, I'll open up [https://portswigger.net/burp burp] to check out what configuration they have and see how they managed to do the things they were doing out of curiosity.

When doing something sketchy (clicking phishing links, navigating onion sites, etc.), never: use your real name, give your phone number, give your credit card number, give your social security number, etc.

= Links =

When you hover over a link, your web browser should tell you where the link is leading to (Firefox shows it on the bottom left). Pay attention to this path. Does it look weird? Sadly, to obfuscate the final destination, many malicious actors will redirect the link multiple times so it may take some time to find the final destination. Using [https://www.man7.org/linux/man-pages/man1/curl.1.html curl], you can follow the redirects over and over again until you get to your final page. Amazon is not very nice and will consistently send malicious looking links in their emails.

If you're following links via email (don't, but), I recommend you open the source code of the email and look for <code>Return-Path: </code> rather than <code>Sender: </code> because people can simply edit the <code>Sender: </code> email to whatever they want, and if it gets past your spam filter (which it probably won't), your email client may show you that it's sent from someone, and being sent to someone else. Technically, one can also edit the <code>Return-Path: </code>, and I'm not technical (or spammy) enough with email to recognize what can be spoofed and what cannot. Simply look at the header of your email and check around at the header lines (ignoring any <code>Arc-*</code> or <code>X-*</code> stuff) to see if anything is fishy with the link. Finally, if someone's email account is compromised, there's no way to validate any of this stuff, because they are genuinely sending you a malicious email from a genuine return address.

= Certificates =

In the end, if you're tech savvy enough, check out the certificate of the website. Using openssl,

<pre>openssl s_client -connect $1:443</pre>

where <code>$1</code> is any link (<code>google.com</code>, <code>facebook.com</code>, etc.), or set this in a bash script. This will give you information about the certificate. A website like Google or Facebook will give you a good, basic certificate.

<pre>
...
subject=C = US, ST = California, L = Menlo Park, O = "Facebook, Inc.", CN = *.facebook.com

issuer=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 High Assurance Server CA
...
</pre>

Or for Google,

<pre>
...
subject=CN = *.google.com

issuer=C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
...
</pre>

Again, Amazon does not seem to care, and gives you a suspicious looking certificate (it's not something like <code>*.amazon.com</code>):

<pre>
...
subject=CN = *.peg.a2z.com

issuer=C = US, O = DigiCert Inc, CN = DigiCert Global CA G2
...
</pre>

Just remember that anyone can [https://www.digicert.com/tls-ssl/compare-certificates buy a DigiCert] certificate. If a link has a [https://www.digicert.com/ DigiCert] certificate, it may just mean that someone spent $50 to get that certificate. Certificates are not the most trustworthy; spammers will find a loophole that DigiCert has tried to cover up, but if spammers are lazy (and most are), you will see a certificate from [https://letsencrypt.org/ Let's Encrypt]. It's good for user sites, but would Amazon use [https://letsencrypt.org/ Let's Encrypt]? No. So, if you see a link that connects to "amazon.com" and you check the link with openssl and it's Let's Encrypt, something is fishy and caution should be taken there.

Would <code>www.navy.mil</code> use Let's Encrypt?
<pre>
...
subject=CN = www.navy.mil

issuer=C = US, O = Let's Encrypt, CN = R3
...
</pre>

O-oh. Okay. They actually do use Let's Encrypt. If you're in the military, you should know that a <code>mil</code> TLD should indicate a <del>shitty</del> secure website.

= JavaScript =

JavaScript is typically a safe use in the clearweb and it's almost a requirement for modern websites. On <code>.onion</code> sites, JavaScript ought to be disabled and is not disabled by default using the [https://www.torproject.org/ Tor Browser] for some reason.

To disable JavaScript:

1. Navigate to <code>about:config</code>

2. Search <code>javascript.enabled</code> and set this value to <code>false</code>.

Any site that requires JavaScript on an onion site is malicious or run by an idiot.

If you'd like a fine-tuning of your sites rather than disabling JavaScript for every website, a necessity for adblockers, install [https://github.com/gorhill/uMatrix uMatrix] or (as uMatrix is no longer maintained), install [https://github.com/gorhill/uBlock uBlock Origin] and check the box for <code>I am an advanced user</code>, which will allow for a more confusing manner to disable JavaScript from each domain (no matter what gorhill has been telling us that uMatrix and uBlock are equivalent -- they most definitely are not).

Web safety - Revision history

imported>Sjwhitak: /* JavaScript */