« previous next »
Pages: [1]   Go Down

Author Topic: Website with room for security improvement...HTTPS Everywhere issue.  (Read 1179 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33902
  • malware fighter
Website with room for security improvement...HTTPS Everywhere issue.
« on: August 28, 2016, 11:29:43 PM »
See: https://www.eff.org/https-everywhere/atlas/domains/discoveryplace.org.html
See: http://www.discoveryplace.org/
Detected libraries:
jquery - 1.9.1 : (active1) -http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
swfobject - 2.2 :- http://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js
jquery-migrate - 1.2.1 : -http://www.discoveryplace.org/assets/js/_synced/jquery-migrate-1.2.1.min.js?v=4.51
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
(active) - the library was also found to be active by running code
2 vulnerable libraries detected

Meagre F-Status: https://sritest.io/#report/e967ff32-1114-4525-81bb-3cf71ed02f83

And some F-statuses here: https://observatory.mozilla.org/analyze.html?host=www.discoveryplace.org

See: http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2Fwww.discoveryplace.org%2F&useragent=Fetch+useragent&accept_encoding=

Warnings
RC4
Your server's encryption settings are vulnerable. This server uses the RC4 cipher algorithm which is not secure. More information.
Root installed on the server.
For best practices, remove the self-signed root from the server.
TLS1.2
This server is vulnerable to a TLS renegotiation attack.

Insecure Tracking: 50% of the trackers on this site could be protecting you from NSA snooping. Tell discoveryplace.org to fix it.
 All trackers
At least 2 third parties know you are on this webpage.

 -www.discoveryplace.org
-pixel.sitescout.com  SiteScout -> https://www.mywot.com/en/scorecard/sitescout.com?utm_source=addon&utm_content=popup

facebook sharer script error
Code: [Select]
found JavaScript
     error: undefined variable $
     error: undefined function $Define the variables at the beginning of the function.

On IP: http://www.projecthoneypot.org/ip_72.52.221.138

polonus (volunteer website security analyst and website error-hunter)
« Last Edit: August 28, 2016, 11:34:43 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »