Is Facebook Connect widget phishing via pinterest? - it is not secure!

[polonus]

In a tracking report I see http://pinterest.com/advancedbionics/   htxp   pinterest.com   /advancedbionics/   widget      93   66   2015-05-28 13:16:48   connect\.facebook\.net   htxps://connect.facebook.net/en_US/sdk.js
Client side functionality  I get a PFS warning no SSL3 - http://toolbar.netcraft.com/site_report?url=https://connect.facebook.net
Insecure: Warning! This site does not support perfect forward secrecy. While it is safe from the Logjam attack, you should deploy Elliptic-Curve Diffie-Hellman (ECDHE) in order to protect your users.
So there might be some patching to do for the akamai server admin 

polonus

[polonus]

Certificate seems OK: https://ssltools.thawte.com/checker/views/certCheck.jsp
Not PFS here: http://toolbar.netcraft.com/site_report?url=https://www.pinterest.com
Security Header Situation see attached.
Facebook Domain Insights: This website contains tracking information that allows admins to see Facebook Insights out of Facebook to this domain. See initial posting...
For what we report here, read: http://www.bbb.org/calgary/news-centre/bbb-scam-alerts/2014/03/pinterest-pinners-the-latest-target-of-social-media-phishing-scams/   link article author = Leah Brownridge

polonus