3

Firefox seems to be OK with it, but I don't want to log in on any browser in case I have some malware doing this. However I can't seem to find anything, so I'm not sure what it is.

Chrome says it's using TLS 1.2 and there are insecure resources on the page, apparently the site "loaded an insecure script". I am a bit scared to log in incase this is some kind of MITM attack. I already disabled all of my chrome extensions, just in case, but this is still here.

edit: just checked, other https pages seem to work in chrome, it's just paypal (that i know of) that's doing this.

1 Answers1

0

I believe the primary reason you are getting an error message regarding insecure resources is because Paypal is serving their favicon over regular http instead of https. Firefox and Palemoon do not give an error for favorite icons, but they do for other content.

This is funny to me because they serve the favicon several times, and one of them is https.

The other message regarding obsolete ciphers is most likely because of a separate MAC for message authentication, rather than using an AEAD cipher such as AES-GCM. This is less likely to raise an error and does not do so on most browsers unless RC4 is used.

Richie Frame
  • 1,980