polonus
February 18, 2016, 10:48pm
1
polonus
February 19, 2016, 11:08pm
2
Another example of this and why the www variety of the site was taken down.
Re: http://toolbar.netcraft.com/site_report?url=http://wide-netzwerk.at
Joomla Version
3.4
Version does not appear to be latest 3.4.8 - update now.
And the same plug-in at the culprit of this, this code is insecure folks:
-http://www.wide-netzwerk.at/
Detected libraries:
jquery-migrate - 1.2.1 : -http://www.wide-netzwerk.at/media/jui/js/jquery-migrate.min.js
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
swfobject - 2.1 : -http://www.wide-netzwerk.at/plugins/content/multithumb/shadowbox/shadowbox.js
jquery - 1.11.2 : (active1) -http://www.wide-netzwerk.at/media/jui/js/jquery.min.js
(active) - the library was also found to be active by running code
1 vulnerable library detected
This website is insecure.
25% of the trackers on this site could be protecting you from NSA snooping. Tell wide-netzwerk.at to fix it.
Insecure Identifiers
Unique IDs about your web browsing habits have been insecurely sent to third parties.
d5fb79cb40xxxxxxxxx42d9651ae2ac1a1445965753
All trackers: webpage -Google -www.wide-netzwerk.at -www.wide-netzwerk.at -ssl.google-analytics.com
polonus (volunteer website security analyst and website error-hunter_
polonus
February 20, 2016, 10:40pm
3
@ all here that take an interest in the subject,
In the light of all this I encourage you to read this article from Infosec Institute: http://resources.infosecinstitute.com/safely-and-wisely-use-jquery/
Also read here: https://www.securityinnovation.com/training/application-security/computer-based/courses/secure-coding/creating-secure-jquery-code.html
Know how to mitigate retirable code - scan at http://retire.insecurity.today/#
and live up to what has been put forward by the jQuery Foundation Committee, read: https://jquery.org/conduct/enforcement-manual/
My good friends, let us all appreaceate fine code with security at heart.
polonus (volunteer website security analyst and website error-hunter)