Is Facebook Connect widget phishing via pinterest? - it is not secure!

polonus · May 28, 2015, 11:28am

In a tracking report I see http://pinterest.com/advancedbionics/ htxp pinterest.com /advancedbionics/ widget 93 66 2015-05-28 13:16:48 connect.facebook.net htxps://connect.facebook.net/en_US/sdk.js
Client side functionality I get a PFS warning no SSL3 - http://toolbar.netcraft.com/site_report?url=https://connect.facebook.net
Insecure: Warning! This site does not support perfect forward secrecy. While it is safe from the Logjam attack, you should deploy Elliptic-Curve Diffie-Hellman (ECDHE) in order to protect your users.
So there might be some patching to do for the akamai server admin

polonus

polonus · May 28, 2015, 10:41pm

Certificate seems OK: https://ssltools.thawte.com/checker/views/certCheck.jsp
Not PFS here: http://toolbar.netcraft.com/site_report?url=https://www.pinterest.com
Security Header Situation see attached.
Facebook Domain Insights: This website contains tracking information that allows admins to see Facebook Insights out of Facebook to this domain. See initial posting…
For what we report here, read: http://www.bbb.org/calgary/news-centre/bbb-scam-alerts/2014/03/pinterest-pinners-the-latest-target-of-social-media-phishing-scams/ link article author = Leah Brownridge

polonus

Is Facebook Connect widget phishing via pinterest? - it is not secure!

Announcements