Avast WEBforum
Other => Viruses and worms => Topic started by: polonus on July 26, 2017, 01:24:08 AM
-
We do not see it or notice it because it transports content non-publicly, but we are not completely left in the dark.
Why they think they can get away with it? Insecure ciphers, no CSP, no HSTS.
We have an insecure infrastructure, but we do want to see improvements :(
Allthough the certificate was installed correctly, we meet this insecurities: -akamai.com
Warnings
RC4
Your server's encryption settings are vulnerable. This server uses the RC4 cipher algorithm which is not secure. More information.
RSA remove cross certificates
The certificate chain contains a cross root (primary intermediate) certificate that should be removed. Use Symantec CryptoReport to remove cross root certificates.
Info Verisign and Symantic Intermediate certs.
F-Grade and recommendations:
https://observatory.mozilla.org/analyze.html?host=akamai.com
More issues: http://www.dnsinspect.com/akamaitechnologies.com/10114995
7 red out of 10 risk grade: http://toolbar.netcraft.com/site_report?url=http%3A%2F%2Fa72-247-94-238.deploy.akamaitechnologies.com%2F
polonus (volunteer website security analyst and website error-hunter)