jeudi 29 octobre 2015

Major utilities leaving website vulnerabilities un-patched

website magnifying glass www

Hard on the heels of last week's TalkTalk breach, another British utility company, British Gas, has contacted over 2,000 customers to warn them that their email addresses and passwords have been posted online.

Yet according to information security company High-Tech Bridge many large companies could be leaving customer data at risk via their websites.

The company ran its free SSL checker tool on both the TalkTalk and British Gas sites and in each case revealed a lack of compliance with PCI DSS and NIST guidelines.

HT Bridge results

It has published a report on scans of web servers of 161 companies from the Forbes Global 2000 list. Among its findings are that 19.4 percent of the servers supporting HTTPS have an untrusted certificate, 34 percent have Always-On SSL enabled and 26 percent have an Extended Validation (EV) certificate. In addition 18.5 percent are still vulnerable to POODLE over SSL, and only 12 percent have configurations compliant with PCI DSS requirements 2.3 and 4.1.

"Appropriate data encryption is becoming a vital part of our everyday life," says Ilia Kolochenko, CEO of High-Tech Bridge. "Many security standards and federal laws require implementing strong data encryption to protect customers’ data. This is why at High-Tech Bridge we decided to launch a free service to enable anyone to test his or her server security in simple, fast and reliable manner. We are collaborating with many globally-recognized security organizations, such as OTA and ITU, to deliver the best quality of testing, and we are open to collaborate with the industry and individuals to continuously improve the service".

Full details of the scan results can be found on the on the High-Tech Bridge blog.

Photo Credit: Yuriy Boyko/Shutterstock



Aucun commentaire:

Enregistrer un commentaire