Dear forum friends,

So there are still a lot of issues with this campaign that can make it go awfully wrong.
We found the following problems while scanning this randowm website from the HTTPS Everywhere Atlas:
https://www.eff.org/https-everywhere/atlas/domains/packetstormsecurity.com.html

Detected a failed ruletest.
Tested on scanner with 16 scripts, we have: https://observatory.mozilla.org/analyze.html?host=www.packetstatic.com
We get a meagre F-grade status there and various recommendations for improvement on the website’s security.

Both hosterl Rockabear as CDN GoDaddy could do much better than we find here, not very impressing to say the least:
http://toolbar.netcraft.com/site_report?url=https://packetstatic.com

Here we immedeately are confronted with a Google Safebrowsing alert
and block, while cybercriminals may abuse the unsafe website at:
-https://packetstormsecurity.org/error/404.html

See content returned on this uri-request: https://aw-snap.info/file-viewer/?protocol=secure&tgt=packetstatic.com%2Fjs1492100243%2Fpt.js&ref_sel=GSP2&ua_sel=ff&fs=1
Dom XSS sources & sinks → http://www.domxssscanner.com/scan?url=https%3A%2F%2Fpacketstormsecurity.org

Well here on site’s DNS they did a better job: http://dnssec-debugger.verisignlabs.com/packetstatic.com

And all this shows again to the keen observer that Google security campaigns a
nd end user privacy may not have anything in common, as sad as this conclusion can be.

Isn’t it time to split the Big Google Concern up?

Privacy score is minimal and has a lot of issues.
https://privacyscore.org/site/33664/
de json version of this: https://privacyscore.org/site/33664/json/
(open to Lucky13 and BEAST attacks).

So from the above “Quick and Dirty” we see not all at HTTPS Everywhere is a reason to cry Hosannah,
and for now it just looks more of Security through Obscurity.

polonus (volunteer website security analyst and website error-hunter)