Keep this link blocked here - privacy concerns because of https protocol issues?

I was attented there through my good friend Pondus, alas a link became blocked for me by uMatrix extension in Google Chrome.

Nice site check website, anyways, but I like to have this link blocked at that address - -stats.cyscon.net by default through my uMatrix extension. Why, you wanna know, then google it and also see the https everywhere hick-ups?
Re: https://www.virustotal.com/nl/domain/stats.cyscon.net/information/
Re: https://www.eff.org/https-everywhere/atlas/domains/cyscon.net.html
Re: https://github.com/EFForg/https-everywhere/blob/master/src/chrome/content/rules/Cyscon.net.xml
and also https://www.c-sirt.org/en/ - http://www.phishtank.com/user_submissions.php?username=cyscon
Especially https://certificate.revocationcheck.com/stats.cyscon.net
Re: http://toolbar.netcraft.com/site_report?url=https://www.c-sirt.org

I guess they also market their scan results and stats.cyscon.net is part of that, even I suspect this stats.cyscon.net link is phishing in a sense, depending on what they do with these info.
Weak exchange parameters found and capped to B status for that reason: https://www.ssllabs.com/ssltest/analyze.html?d=stats.cyscon.net - security protocol site served from the weak side up - therefore privacy risks.
IP with issues according to VT: https://www.virustotal.com/nl/ip-address/87.106.161.150/information/
Malware detected on IP: https://www.virustotal.com/nl/file/6420055ad21c10aff6a12157d7a824e289e7da2f39a52f3a8f0a0bef407b0f61/analysis/
For me I would not like to run scripts from stats.cyscon.net, so I keep the uMatrix block on, as I would block it in firefox with NoScript/Request Policy. :wink:

polonus (volunteer website security analyst and website error-hunter)

When I stumble there on this code jquery/jquery.smartbanner.js know that could be vulnerable to injection and doesn’t appear on all apps. uMatrix blocks this for me in the browser: http://stats.cyscon.net/libs/jquery/jquery.smartbanner.js? encoding: GB2312 0.99, content
Morpheus plug-in hello chat vulnerabilty detected, read: http://www.securiteam.com/exploits/5SP0L0AFHS.html
PIWIK exploits ptached: http://www.cvedetails.com/vulnerability-list/vendor_id-9612/Piwik.html
Also blocked by uMatrix = -http://stats.cyscon.net/index.php?module=Proxy&action=getCoreJs&cb=40bee108aaa85dbdfc5801a655a6de8c%20HTTP/1.1

polonus

The smartbanner code is rather old - from 2012, and in computer terms that is archaic!
DOM XSS scanner results from scanning URL: -http://stats.cyscon.net/libs/jquery/jquery.smartbanner.js?
Number of sources found: 18
Number of sinks found: 5
A 2014 universal variant: https://github.com/yanniks/jquery.universal-smartbanner/blob/master/jquery.ultimate-smartbanner.php
The ongoing project: https://github.com/jasny/jquery.smartbanner
and candidate 23: https://github.com/jasny/jquery.smartbanner/blob/master/jquery.smartbanner.js
and now also in the light of the DOM XSS scan results read what could go wrong and where the code is vulnerable:
https://www.trustwave.com/Resources/SpiderLabs-Blog/Beware!-Bats-hide-in-your-jQuery!/
Well, folks, jQuery libraries are minified and infrequently reviewed by those using them, jQuery becomes a good place to hide malicious code. Such malicious code usually attempts to deliver malware to as many users as possible.

Think of window.location.hostname source and a data sink and this code

 $('#container').load('http://google.com'); // SERIOUSLY!
 
$.ajax({
    url: 'http://news.bbc.co.uk',
    type: 'GET',
    success: function(res) {
        var headline = $(res.responseText).find('a.tsh').text();
        alert(headline);
    }
});
 
// Works with $.get too!

Code for cross domain requests info credits go James Padolsey and Chris Heilman,

polonus