Ready for the Hall of Shame?
Unbelievable this site being vulnerable to DROWn: https://test.drownattack.com/?site=https%3A%2F%2Fdatabricks.com%2F
One of the firms for data mining that the CIA invested in to spot so-called ‘insider threats’.
The snooper and In-Q-Tel partner website uses old WordPress plug-in: WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.
google-analyticator 6.4.9.6 latest release (6.4.9.7) Update required
http://www.videousermanuals.com/google-analyticator/
Configuration issue: Warning User Enumeration is possible
The first two user ID’s were tested to determine if user enumeration is possible.
ID User Login
1 Jake Bellacera admin
2 None
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.
Warnings
BEAST
The BEAST attack is not mitigated on this server.
Retirable jQuery code: -https://databricks.com
Detected libraries:
jquery - 1.11.1 : (active1) -https://databricks.com/wp-content/themes/databricks/assets/js/vendor.js?ver=2.71.1
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
handlebars.js - 3.0.1 : (active1) -https://databricks.com
Info: Severity: medium
https://github.com/wycats/handlebars.js/pull/1083
(active) - the library was also found to be active by running code
2 vulnerable libraries detected
polonus (volunteer website security analyst and website error-hunter)
For a background read: https://theintercept.com/2016/04/14/in-undisclosed-cia-investments-social-media-mining-looms-large/