Informational and sports websites are among the types of sites that have the lowest security levels, according to a new research.
A team of cyber-security specialists has examined the security protocols used by the top 500 websites in a wide range of industries and across sectors that have online presence. As they found, under 10% of news and sports websites use basic security protocols, such as “HTTPS” and “TLS”. Even those who do so do not always use the latest or stronger protocols, one of the researchers said.
“As time passes, encryption is becoming weaker because there are ways to access it”,
said to the BBC, Professor Alan Woodward, a cyber security expert at the University of Surrey.
“We tried the university website using a site called “Security Headers” a few weeks ago and got A, but it’s just C now”,
The research, published in the “Journal of Cyber Security Technology”, shows that some sectors seem to take security more seriously than others: Websites of computer and technology companies and financial institutions and organizations are at higher levels of adopting security measures in relation to, for example, websites dealing with gaming and shopping.
“In the financial sector, almost all sites we tested had encrypted links”,
said Professor Woodward,
“but even in retail, the adoption of the newest standards is low”.
About one-fourth of the purchase sites tested used “Transport Layer Security (TLS)”, offering various tools, including digital certificates, remote codes, and a range of encryption options for traffic between a website and its visitors.
However, on informational and athletic websites, just under 8% used this protocol. Among those who did it, many did not use some of the most powerful tools available, such as “HSTS”, which automatically redirects users who enter an unsecured version of the website to the right (encrypted) one.
“It’s like news and sporting content providers do not value the security of their content”,
Professor Woodward said, adding that:
“they leave themselves vulnerable to attacks like “cross-site scripting”, where the attacker may be guilty of having something Comes from a web page, and in fact it has not happened”.
(Συνολικές Επισκέψεις: / Total Visits: 13)
(Σημερινές Επισκέψεις: / Today's Visits: 1)