RE: Archaeology at Khirbet Qeiyafa
January 2, 2013 at 11:24 am
(This post was last modified: January 2, 2013 at 11:27 am by Tiberius.)
(January 1, 2013 at 10:33 pm)Aractus Wrote: The Javascript is on a different domain. My browser blocks all cross-domain javascripts anyway (part of aggressive ad-blocking), but a high security threat is a high security threat, doesn't look like a false-positive to me. Those types of javascripts "rotate" so that not everyone gets the threat, I wouldn't treat it as a false-positive. And there's nothing about 4shared that would make me trust them, I wouldn't trust rapishare.com if a threat like that popped up. Let alone a fly-by-night sharing site like 4shared....A false positive is when a program flags up an issue which isn't actually an issue. It doesn't matter that the issue here was marked as a high security threat. If it isn't actually a threat, it's a false positive.
The "threat" itself is apparently obfuscated JavaScript, which in all honestly, could be anything. AVG labelled it a "high" security threat automatically; they didn't look at any of the code or analyze it properly. It's just an automated procedure when they find obfuscated code. All that means is the code was made hard to copy / change. I've used JavaScript obfuscation before for perfectly legitimate reasons.
JavaScript is already extremely limited in what it can do. It only executes on the site you are visiting; it cannot access your other tabs or any data private to other sites. As such, even if it is a malicious file, the damage it can do is limited.
(January 2, 2013 at 1:07 am)Aractus Wrote: There's nothing wrong with the file, the website is a high security threat. If it's amazon.com and a threat pops up I'll take it seriously because no website, not even amazon or google, is immune to being hacked. The domain hosting the offensive file is 5hangoweroo.info, we don't know anything about that website if they're trustworthy or not, if they're easily hacked, if they intentionally put exploits in their javascripts, etc...The domain "5hangoweroo.info" and even the subdomain "okpw.5hangoweroo.info" is not even resolvable, which makes this being a false positive even more likely. You said you have blocking tools enabled for cross-site Javascript inclusion. It's more likely that one of those tools got in the way and triggered the AVG alert than this being a real threat.
Likewise, doing a search for "5hangoweroo.info" returns absolutely no results. Even if this was a real threat, it clearly isn't anymore.
Oh yeah, and just in case, I ran a full check against the URL: http://www.webpagetest.org/result/130102...1/details/
A stupid amount of connections, but none for the domain mentioned.
