April 26, 2012
Group Testing Security Of Websites, Publishing Ones That Fail
A group said that it plans to test websites' security, and those that do not prove to be secure will be named on a list of websites to be warned about.
Trustworthy Internet Movement (TIM) carried out a survey and found that over 52 percent of sites tested were using versions of security protocols known to be compromised.The group plans to test websites to see how well they are keeping their website secure, and their users safe.
TIM has been set up by security experts and entrepreneurs who are frustrated by how long it is taking to improve online safety.
"Together, we resolve major lingering security issues on the Internet, such as SSL governance and the spread of botnets and malware, by ensuring security is built into the very fabric of private and public clouds," TIM said in a statement on its website.
TIM's founder Philippe Courtot, serial entrepreneur and chief executive of security firm Qualys, said although encrypted communications through SSL is one of the fundamental parts of the Internet, it is not as secure as one might think.
He told BBC News that the first part of the attack TIM plans to run on SSL is to run automated tools against websites to test how well they had implemented SSL.
"We'll be making it public," he told BBC. "Everyone is now going to be able to see who has a good grade and who has a bad grade."
They found through earlier tests that about 52 percent of sites checked ran a version of SSL known to be compromised.
Companies that have done an unsatisfactory job of keeping their websites safe and secure will be encouraged by TIM to improve and upgrade their implementations.
TIM will also be checking those websites that offer up certificate authorities to other websites. In 2011, two certificate authorities, DigiNotar and GlobalSign, were found to have been compromised.
On its website, TIM claims that of the 198,216 sites surveyed, only 9.6 percent have shown to be a safe destination for Internet users.
Internet users can go to TIM's website and type in their own websites to test the security of the places they visit online.