Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Safe website to visit, but security wise it fits the hall of shame!
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Safe website to visit, but security wise it fits the hall of shame! (Read 1832 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33913
malware fighter
Safe website to visit, but security wise it fits the hall of shame!
«
on:
September 30, 2016, 02:13:33 AM »
For a Norse Oslo university hospital the security situation is under par.
Secure to visit:
http://urlquery.net/report.php?id=1475189021734
and uMatrix blocks this monitoring javascript: -http://rum-static.pingdom.net/
Be aware of this external link, see alien vault:
https://otx.alienvault.com/indicator/hostname/gn.symcd.com/
a Symantec/Akamai operated
See:
https://sritest.io/#report/9d4fcec4-9206-44e7-8d9c-9e3eea4ad4c0
Vuln. library: -https://www.kreftregisteret.no/
Detected libraries:
jquery - 2.2.2 : (active1) -https://www.kreftregisteret.no/
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
jquery-ui-dialog - 1.11.4 : (active1) -https://www.kreftregisteret.no/
jquery-ui-autocomplete - 1.11.4 : (active1) -https://www.kreftregisteret.no/
jquery-ui-tooltip - 1.11.4 : (active1) -https://www.kreftregisteret.no/
(active) - the library was also found to be active by running code
Excessive headers warning and secure cookies warning:
https://asafaweb.com/Scan?Url=https%3A%2F%2Fwww.kreftregisteret.no
Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) OS: Windows; CPE: cpe:/o:microsoft:windows
7 blacklisted on AS:
http://sitevet.com/db/asn/AS2116
F-I-B- statuses:
https://observatory.mozilla.org/analyze.html?host=www.kreftregisteret.no
SSL/TLS certificate installation correct according to crypto-report.
XSS-DOM scan: Results from scanning URL:
https://www.kreftregisteret.no/bundles/js?v=IR8tbGxNtUoYsyve56aW_1c3g4EQ1M7KS8ineAgabNE1
Number of sources found: 386
Number of sinks found: 26
See:
https://aw-snap.info/file-viewer/?tgt=https%3A%2F%2Fwww.kreftregisteret.no&ref_sel=GSP2&ua_sel=ff&fs=1
Line 13 etc. clearp<
Directive "p<" is not a known CSP directive. * Missing object-src allows the injection of plugins which can execute JavaScript - et to 'none'
CSP issue: src="/bundles/js?v=IR8tbGxNtUoYsyve56aW_1c3g4EQ1M7KS8ineAgabNE1"
Host whitelists can frequently be bypassed. Consider using 'strict-dynamic' in combination with CSP nonces or hashes.
5 content requests from Google.
Strict-Transport-Security header is missing, Caching Pragma missing (use 'no-cache'),
Access Control X-Permitted-Cross-Domain-Policies missing (Use 'master-only').
Warning: Content Security Policy Content-Security-Policy default-src https: d...nline' 'unsafe-eval' Avoid 'unsafe-inline'. Avoid 'unsafe-eval'. Add 'default-src `self`'. Add 'report-uri /csp_report_parser. & Caching Cache-Control private Add 'no-cache, no-store, must-revalidate'
Checked via public 3rd party scan results, analyzed and presented by,
polonus (volunteer website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Safe website to visit, but security wise it fits the hall of shame!