Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Bing dot com - You would not believe this until you see the scan results!
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Bing dot com - You would not believe this until you see the scan results! (Read 2105 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 34065
malware fighter
Bing dot com - You would not believe this until you see the scan results!
«
on:
March 28, 2016, 04:26:39 PM »
Seems that many a server is still vulnerable to the so-called DROWn attack and this one also has insecure security header configuration!
Checked this and it fits the Hall of Shame:
https://securityheaders.io/?q=https%3A%2F%2Fbing.com
Results for bing.com
Sites that use the certificates below are vulnerable to eavesdropping. Attackers may be able to decrypt recorded traffic and steal data.
Update server software at all IP addresses shown, and ensure SSLv2 is disabled.
Would you believe these results?
https://test.drownattack.com/?site=bing.com
supports SSLv2 export ciphers
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Secondmineboy
Avast Evangelist
Massive Poster
Posts: 3645
Re: Bing dot com - You would not believe this until you see the scan results!
«
Reply #1 on:
March 28, 2016, 04:32:01 PM »
Take a look ast this:
https://securityheaders.io/?q=https%3A%2F%2Fjobboerse.arbeitsagentur.de%2F
Our countries employment Exchange.......
Take a look at your PMs please, even worse.
Logged
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10
polonus
Avast Überevangelist
Probably Bot
Posts: 34065
malware fighter
Re: Bing dot com - You would not believe this until you see the scan results!
«
Reply #2 on:
March 28, 2016, 04:47:40 PM »
Only caching headers are securely implemented.
This seems reasonable:
http://toolbar.netcraft.com/site_report?url=https://jobboerse.arbeitsagentur.de
(on a bad zone)
PFS not implemented and SSL3 not supported.
DNS seems OK:
http://www.dnsinspect.com/arbeitsagentur.de/1459176122
The use of Dojo on the website certainly expands the attack surface considerably:
Dojo exploits
https://www.exploit-db.com/exploits/33764/
&
https://www.cvedetails.com/vulnerability-list/vendor_id-7641/product_id-12940/Dojotoolkit-Dojo.html
pol
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 34065
malware fighter
Re: Bing dot com - You would not believe this until you see the scan results!
«
Reply #3 on:
November 26, 2017, 02:02:34 PM »
Update
Another big alt-news site, of which you would not believe the potential CMS insecurity!
What site, well see here:
https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=ip73.ip-149-56-231.net&ref_sel=GSP2&ua_sel=ff&fs=1
redirects to ->
-http://adserver.adtechus.com/adserv/3.0/5235/2562505/0/170/ADTECH;cookie=info;loc=300;key=key1 ->
http://aka-cdn-ns.adtechus.com/images/AT170_300x250_4.gif
for -https://www.prisonplanet.com/ (uBlock Origin will block adserver dot adtechus dot com).
CMS Outdated WordPress Version
4.7
Version does not appear to be latest 4.8.3 - update now.
These settings are wrong, admin Tim: Warning User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.
ID User Login
1 admin admin
2 Tim tim
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.
One plug-in outdated: wp-super-cache 1.4.9 latest release (1.5.
Update required
https://wordpress.org/plugins/wp-super-cache/
See privacy score, security headers not set, attack vulnerability:
https://privacyscore.org/site/34971/
1 hidden Flash cookie tracking.
Oh and a retirable vuln. jQuery library detected:
http://retire.insecurity.today/#!/scan/50d7a1d0cb3d0054eddc556cb4ed3938f3fef02dae0691ea7cc0d4c008ad8b65
Tracking can it be avoided, I think it has almost become impossible, but security could be better upheld!
polonus (volunteer website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Bing dot com - You would not believe this until you see the scan results!