Comment on report - showing UK police websites are insecure
October 2016 by Ilia Kolochenko, CEO of web security company, High-Tech Bridge
The comment is from Ilia Kolochenko, CEO of web security company, High-Tech Bridge:
“Unfortunately, many governmental websites in Europe allow non-encrypted HTTP connections even to web forms and protected areas, where very sensitive financial, legal or health records may be transmitted. Usually, this is caused by lack of time or other resources among the IT teams, as many European countries are now cutting governmental costs, impacting the public sector and thus its security.
Unlike other much more dangerous web application vulnerabilities, such as SQL injections, a lack of traffic encryption does not enable the compromise of a remote web application, but enables the attackers to easily intercept any information sent or received from the web server. However, today, when many users access public or insecure wi-fi networks, reliable traffic encryption becomes a very important question.
If you are surfing on a non-HTTPS version of a website – think twice before submitting any sensitive or authentication data to it. You can also use High-Tech Bridge’s free SSL security test - https://www.htbridge.com/ssl/ - to see how good and reliable traffic encryption is at any website or email server you use.”