{"id":327025,"date":"2017-06-10T09:31:39","date_gmt":"2017-06-10T09:31:39","guid":{"rendered":"http:\/\/citifmonline.com\/?p=327025"},"modified":"2017-06-10T09:31:39","modified_gmt":"2017-06-10T09:31:39","slug":"news-and-sports-websites-vulnerable-to-attack","status":"publish","type":"post","link":"https:\/\/citifmonline.com\/?p=327025","title":{"rendered":"News and sports websites &#8216;vulnerable to attack"},"content":{"rendered":"<p class=\"story-body__introduction\">News and sports websites have some of the lowest levels of security adoption, a study has suggested.<\/p>\n<p>A team of cyber-security experts looked at the security protocols used by the top 500 sites in various industries and online sectors.<\/p>\n<p>They found that fewer than 10% of news and sports websites used basic security protocols such as HTTPS and TLS.<\/p>\n<p>Even those that do are not always using the &#8220;latest or strongest protocols&#8221;, one of the study&#8217;s authors said.<\/p>\n<p>&#8220;As time goes by, all encryption gets weaker because people find ways around it,&#8221; Prof Alan Woodward, a cyber-security expert at the University of Surrey, told the BBC.<\/p>\n<p>&#8220;We tested the University of Surrey&#8217;s website using a site called Security Headersa couple of weeks ago and it got an A,&#8221; he explained, &#8220;but it&#8217;s only a C now.&#8221;<\/p>\n<p class=\"story-body__crosshead\"><strong>Shopping and gaming<\/strong><\/p>\n<p>The research, published in the Journal of Cyber Security Technology, shows that some sectors seem much more security-conscious than others.<\/p>\n<p>The websites of computer and technology companies and financial organisations showed a much higher level of adoption than shopping and gaming sites, for example.<\/p>\n<p>&#8220;In the financial sector, almost every one of the sites we looked at had encrypted links&#8221;, Prof Woodward said, &#8220;but even in retail the adoption of the very latest standards is low.&#8221;<\/p>\n<p>A quarter of the shopping sites studied were using Transport Layer Security (TLS), which offers tools including digital certificates, remote passwords, and a choice of ciphers to encrypt traffic between a website and its visitors.<\/p>\n<p>But among news and sport websites fewer than 8% were found to be using the protocol.<\/p>\n<p>Among those that did, many failed to make use of some of the strongest tools available, such as HSTS, which automatically pushes users accessing an unsecured version of a website on to the encrypted version instead.<\/p>\n<p class=\"story-body__crosshead\"><strong>&#8216;Click on the padlock&#8217;<\/strong><\/p>\n<p>&#8220;It&#8217;s like news and sport content providers don&#8217;t value the security of their content,&#8221; Prof Woodward said.<\/p>\n<p>&#8220;They&#8217;re leaving themselves vulnerable to attacks like cross-site scripting, where an attacker can pretend something&#8217;s come from a website when it hasn&#8217;t.&#8221;<\/p>\n<p>But Prof Woodward warned against putting too much faith in sites that appear to have the most up-to-date and comprehensive security protocols in place.<\/p>\n<p>&#8220;People assume that because they&#8217;re using TLS they&#8217;re having a secure conversation, but there&#8217;s no guarantee about who they&#8217;re having that secure conversation with,&#8221; he explained.<\/p>\n<p>&#8220;Some of those spoof sites are using more up-to-date security than the genuine sites. You&#8217;ve got to click on that padlock and check who it is you&#8217;re talking to.&#8221;<\/p>\n<p>&#8211;<\/p>\n<p>Source: BBC<\/p>\n","protected":false},"excerpt":{"rendered":"<p>News and sports websites have some of the lowest levels of security adoption, a study has suggested. A team of cyber-security experts looked at the security protocols used by the top 500 sites in various industries and online sectors. They found that fewer than 10% of news and sports websites used basic security protocols such [&hellip;]<\/p>\n","protected":false},"author":14,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jnews-multi-image_gallery":[],"jnews_single_post":[],"jnews_primary_category":[],"jnews_social_meta":[],"jnews_override_counter":[],"footnotes":""},"categories":[106],"tags":[],"class_list":["post-327025","post","type-post","status-publish","format-standard","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/citifmonline.com\/index.php?rest_route=\/wp\/v2\/posts\/327025","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/citifmonline.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/citifmonline.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/citifmonline.com\/index.php?rest_route=\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/citifmonline.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=327025"}],"version-history":[{"count":0,"href":"https:\/\/citifmonline.com\/index.php?rest_route=\/wp\/v2\/posts\/327025\/revisions"}],"wp:attachment":[{"href":"https:\/\/citifmonline.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=327025"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/citifmonline.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=327025"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/citifmonline.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=327025"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}