Blocking task report is showing false positive

Here is the code I am using to send email alerts. It seems to send more false +ves, can anyone guide me how to resolve this ?

DECLARE @Waiting INT; DECLARE @Message NVARCHAR(MAX);  SELECT  @Waiting = COUNT( s.session_id ) FROM    sys.dm_exec_sessions s LEFT OUTER JOIN sys.dm_exec_connections c ON ( s.session_id = c.session_id ) LEFT OUTER JOIN sys.dm_exec_requests r ON ( s.session_id = r.session_id ) LEFT OUTER JOIN sys.dm_os_tasks t ON ( r.session_id = t.session_id AND  r.request_id = t.request_id ) LEFT OUTER JOIN (                     -- In some cases (e.g. parallel queries, also waiting for a worker), one thread can be flagged as                     -- waiting for several different threads.  This will cause that thread to show up in multiple rows                     -- in our grid, which we don't want.  Use ROW_NUMBER to select the longest wait for each thread,                     -- and use it as representative of the other wait relationships this thread is involved in.                     SELECT  *                             ,ROW_NUMBER() OVER ( PARTITION BY waiting_task_address ORDER BY wait_duration_ms DESC ) AS row_num                     FROM    sys.dm_os_waiting_tasks ) w ON ( t.task_address = w.waiting_task_address )                                                             AND w.row_num = 1 LEFT OUTER JOIN sys.dm_exec_requests r2 ON ( r.session_id = r2.blocking_session_id ) WHERE   ISNULL( t.task_state, N'' ) <> ''         AND ISNULL( DB_NAME( r.database_id ), N'' ) = 'MyDB'         AND ISNULL( w.wait_duration_ms, 0 ) > CASE                                                     WHEN FORMAT( GETDATE(), 'HH:mm' ) >= FORMAT( CAST('07:00AM' AS TIME), N'hh\.mm' )                                                         AND  FORMAT( GETDATE(), 'HH:mm' ) < FORMAT( CAST('05:30PM' AS TIME), N'hh\.mm' ) THEN 10000                                                     ELSE 20000                                                 END ---  this will change the wait time to 20s during offpeak hours.         AND s.session_id <> ISNULL( w.blocking_session_id, 0 )         AND is_user_process = 1;    ---- added on 2019-04-02 @8.40AM to neglect the parallel queries.threads blocking themselves   IF ( @Waiting > 30 )     --send email  

SPF – Dmarc report

I get Dmarc reports sent from various different sources. All of the reports generally have <result>pass</result> for all of the sections.

However, the reports from Google always have SPF fails:

<row>     <source_ip>185.116.215.174</source_ip>     <count>1</count>     <policy_evaluated>         <disposition>none</disposition>         <dkim>pass</dkim>         <spf>fail</spf>     </policy_evaluated> </row> . . . </auth_results>      <dkim>         <domain>domain.co.uk</domain>         <result>pass</result>         <selector>dkim</selector>     </dkim>     <dkim>         <domain>email-od.com</domain>         <result>pass</result>         <selector>dkim</selector>     </dkim>     <spf>         <domain>bounce.domain.co.uk</domain>         <result>fail</result>     </spf> </auth_results> 

My SPF record looks like:

“v=spf1 +a +mx +a:server.domain.co.uk include:email-od.com ~all”

I am unsure why my bounce domain is failing SPF checks, but it only seems to be on Google DMARC reports.

To be honest, I am unsure what the bounce domain does, should I set up an email address – bounce@bounce.eazyfreight.co.uk?

Any help sorting my SPF and advice re bounce.domain.co.uk would be great.

What must be included in a good report writeup when submitting it to whoever (eg. paper skeleton)? [closed]

For some reasons this question is not about vulnerability reporting as many question I read, but rather about the writeup of a good, professional paper that states all details about hole.

I can think of some:

  • PoC
  • Date of writing
  • What else?

Thanks in advance.

Security Report about “Insecure Content-Type Setting”: Does this apply to CSS and JavaScript as well?

I am working through a report of an automated vulnerability scanner. One Item is

Web Server Misconfiguration: Insecure Content-Type Setting ( 11359 )

It’s about not returning the character-set for a given HTML page like so, for example:

HTTP/1.1 200 OK ... Content-Type: text/html; charset=utf-8 ... 

the reported response in question only gives

HTTP/1.1 200 OK ... Content-Type: text/html ... 

Now I understand the implications, but what about CSS and especially JavaScript?

Is the charset of CSS and JavaScript resources strictly defined by a standard?

What if I have internationalized strings in JavaScript variables? Will those by definition have to be escaped? Or would this case require the declaration of a charset?

Sending credit history report to potential landlord

I have a credit report from TransUnion that contains:

  1. My real name, current and past addresses
  2. Current and past credit card accounts, last 12 monthly balances and payments
  3. My past mortgage
  4. Past credit queries by banks and other credit providers

A landlord in the United States wishes me to submit this report to him. All of my info above (except for my name of course) pertains to another country that I’m moving from.

What risks should I be concerned about with this submission?

How to report false positive to Google Safe Browsing without signing up with Google?

I was wondering how to report a false positive to Google Safe Browsing without having to create a Google account and feeding their insatiable hunger for more data?

I have not found such a way as of yet. Google pretty much seems intent on preventing any contact in this matter or others.

Background

My domain – yep whole one, including subdomains – was reported as (two examples):

Firefox blocked this page because it might try to trick you into installing programs that harm your browsing experience (for example, by changing your homepage or showing extra ads on sites you visit).

… and:

This site is unsafe

The site https://***********.net/ contains harmful content, including pages that:

Install unwanted or malicious software on visitors’ computers

I won’t disclose my domain here, but given I have a list of digests for all the files located on my (private) website and the list is signed with my PGP key and I verified the hashes and the signature and all checked out, I am sufficiently certain that this is a false positive. None of these files have changed in the last four years, because my current software development activities are going on elsewhere.

Unfortunately there is no useful information to be had from the “details” provided by Google Safe Browsing. A full URL to the alleged malicious content would have been helpful; heck even a file name or something like MIME-type plus cryptographic hash …

I have two pieces of content on my website where one could debate whether they are PUA/PUP (as it’s called these days). Both are executables inside a ZIP file and alongside the respective source code which was used to create those executables. So in no way would any of that attempt to install anything on a visitors computer, unless we imagine a fictitious browser hellbent on putting its user at risk by requesting to run at highest privileges upon start and then unpacking every download and running found executables without user interaction. And even then one of the two pieces of software would fail and the other would be visible.

  1. One is a Proof of Concept for an exploit of Windows debug ports which has been patched for well over a decade and so will hardly be a danger to anyone.
  2. The other is a tutorial which includes a keylogger which – when run – is clearly visible to the user. So no shady dealings here either.

But since these two items came up in the past, I thought I should mention them.

Anyway, a cursory check on VirusTotal showed one out of seventy engines giving a “malicious” for my domain. Given Google bought VT some time ago, it stands to reason they use it for Google Safe Browsing.

The mysterious engine with the detection is listed as “CRDF” and I still have been unable to find out who or what that refers to. So obviously there is no way to appeal, request a review or whatever … seems Google is judge, jury and executioner in this one.

So how do I “appeal”?

Carfax and AutoCheck Vehicle History Report Re-seller

Hey guys,

Selling my website: Reselling / selling Carfax reports.

This is best for those who own a car dealership in the US or EU and who get Carfax unlimited reports.

Or you can always find someone who sells Carfax for cheap and re-sell it.

#10 Position in Google – Keyword "Cheap Carfax"

You can also re-sell AutoCheck reports. I can give you a supplier who sells it for $ 2.

Earnings:
October 2November 2

Total: $ 198 – 33 Orders ($ 5.99)

August 30 -…

Carfax and AutoCheck Vehicle History Report Re-seller

Rebooted host machine from inside VM, should I report this issue and where to report?

Excuse my ignorance as I don’t work in infosec.

I ran reboot inside a linux virtual machine using VirtualBox on Mac and it rebooted my host machine. I am trying to reproduce the problem but haven’t gotten it right just yet.

If I am able to reproduce the issue, should I report it and who should I report it to?

Embed Iframe inside a Facebook post to allow users in emergency situations to report us

My company has the need to collect emergency data from our Facebook page fans.
We are doing an experiment to allow some users who are located very far from emergency services to report their cases on our Facebook page (very long story).

So we want to place an iframe with a form that was optimized for a very long time.

I saw an app that is doing that: https://quiz-app.co/

But I don’t have a clue how they did that.

Thanks