In the week that the Department of Trade and Industry launched a
campaign to bolster online Christmas shopping, popular sites have
been found to contain IT oversights that could compromise
security.
Security firm ProCheckUp was commissioned by CW360.com, the
Computer Weekly Web site to examine 20 popular sites with its
ProCheckNet system.
The software ran across the Internet using publicly accessible
information on servers to check firewall set-ups, Web software
configuration and the strength of encryption.
A number of sites, including music retailer HMV and gift retailer
Past Times, were classed as "medium risk" and found to contain
flaws that could present a risk.
Richard Brain, technical director at ProCheckUp, said, "It would
seem that Web administrators are not showing due diligence. [Some
are not] following the latest security guidelines from the
manufacturers to ensure that their systems are up-to-date." He said
that companies should minimise Internet risks by closing as many
firewall ports as possible.
The ProCheckNet tool found potential issues with the number of
firewall ports open at HMV.
Commenting on the security of the HMV site Stuart Rowe, e-commerce
director at HMV Europe, said the company maintained its systems
internally and runs internal audits, looking at loss potential.
"Our security is one of the fortes of the site." The UK site uses
IBM's AS/400 hardware, a server that "nobody hacks," Rowe
said.
ProCheckNet reported that the Past Times site was using 56-bit
encryption. E-commerce sites generally use stronger, 128-bit
encryption to give higher levels of security.
A spokeswoman for Past Times said, "We keep our Web site as fully
up to date as we can with regard to security bug fixes, patches,
updating when they are released and we have the highest level of
security that we can [use]."
A Mori poll for the DTI showed that the Internet is still regarded
with suspicion. About 47% of the 2,000 respondents were concerned
about credit card fraud, with 32% reluctant to give out personal
information.
Splash out for Christmas in the wake of a survey which revealed
that nearly 50% of Internet users are still concerned about credit
card fraud, actress Linda Robson is fronting a government campaign
to boost confidence in e-commerce in the run-up to Christmas. The
DTI campaign reminds consumers that credit card companies must
refund them if their card is used fraudulently, and that consumer
rights in the high street apply online. The campaign is backed by a
number of industry bodies, including the British Retail Consortium,
the Consumers Association and the Trading Standards
Institute.
Further
information:
Read CW360.com's findings in full >>Visit the DTI's Consumer
Gateway >>