| Cyber-security risks: News, sports websites most vulnerable to attacks |
13 Jun 2017
|News and sports websites have poor levels of security and are vulnerable to cyber attacks, revealed a study.
A cyber-security expert team analyzed the security protocols used by the top 500 websites in various sectors.
Less than 8% of news and sports sites use basic security protocols like HTTPS (HyperText Transfer Protocol Secure) and TLS (Transport Layer Security) that aren't latest or strongest.
| Study published in Journal of Cyber Security Technology |
|The study showed websites of some sectors were more secure than others.
The websites of computer and technology firms and financial organizations had much higher level of security adoption than gaming and shopping sites.
Almost every analyzed website in the finance sector had encrypted links while adoption of latest standards by those in the retail sector was very low.
| How safe are shopping websites? |
|According to the study, only 25% of shopping sites surveyed were using TLS, which is not a very good number. TLS offers tools like "digital certificates, remote passwords, and a choice of ciphers to encrypt traffic between a website and its visitors."|
| News and sports websites using security protocol |
News and Sports
|Among the news and sports websites using security protocol, many of them failed to use the latest and strongest tools available.
Such tools include HSTS (HTTP Strict Transport Security) that automatically pushes away users from accessing an unsecured version of the website and diverts them to the encrypted version instead.
Hardly any news and sports websites adopted the HSTS tool.
| Websites not valuing their content: Cyber-security expert |
|Cyber-Security expert at the UK's University of Surrey, Professor Alan Woodward, said that it seems like the news and sports content providing websites do not value the security of their content.
He added the websites are making themselves vulnerable to attacks such as cross-site scripting where attackers could pretend something has come from a website when it has not.
| Professor Alan Woodward's statement |
|"As time goes by, all encryption gets weaker because people find ways around it. We tested the University of Surrey's website using a site called Security Headers a couple of weeks ago and it got an A, but it's only a C now."|
| Do not put too much faith in secure-looking websites |
|Professor Woodward warned against putting faith in websites with latest, comprehensive security protocols.
People shouldn't assume their conversation is secure just because they are using TLS; there's no guarantee about "who" they're having it with.
He added, "(Some) Spoof sites are using more up-to-date security than the genuine sites. You've got to click on that padlock and check who it is you're talking to."