New Website To Publicly Deal Applications With Liberal Security

September 2, 2014 | By Editor 


The Internet transports enormous amount of personal information everyday with the numbers only increasing. Despite the data explosion, many services and applications still continue to put user credentials at risk by refusing to encrypt data sent via wireless networks.


What Should Companies Do

  • In today’s age and technology, online security is an aspect even a child could be made understood. So, it is definitely not rocket science for companies to understand the same. It is way beyond high time for corporates to improve the security of their customers’ information.
  • May be a little public humiliation could help convince organizations to enhance customer information security, decided software engineer Tony Webster.
  • On August 16, he created a website called ‘HTTP Shaming,’ clearly intent on shaming websites without encryption, and started posting insecure communications cases.

This was a calling card for businesses that send the personal information of their customers to the Web without encrypting.

Case Study

A well-known example is the famous travel-information company TripIt.

  • With TripIt, users can sync the information on their flight tickets, times, and itinerary with other devices sharing the details with other people. However details shared with calendar apps are not encrypted, leaving big gaping holes for hackers to easily enter.
  • Details such as user’s name, phone number, credit/debit card numbers, and mail address can be easily stolen by anyone on the same WiFi network. In fact, it is possible for a hacker to even change the victim’s flight schedule or worse, cancel the flight.
  • Till date, TripIt and 18 other services and applications have successfully enrolled themselves on the shaming list. Most complaints submitted by users who are beyond frustrated with the security lapses of companies.
  • Though not a healthy trend, it is in way good to receive the number of submissions, says Webster. While some were benign, few others, especially the ones pertaining to financial details, were quite concerning to him. Instead of publishing information on the more important cases, Webster is planning to reach the vendors first.
  • The vulnerabilities of mobile apps and Internet services are a common scenario nowadays. Recently, in July, Appthority, an app-management company revealed that majority of the mobile apps did things that put user’s information at risk.
  • Tracking location, collecting user information, and sending it to social networking sites, or advertising affiliates were some of the things. In January, a ioActive security researcher found that nearly 36 out of 40 banking apps had few unencrypted links.

This might be shocking, but many corporates still are ignorant to the use of HTTPS , the secure version of the Internet protocol, to protect their data.According to survey conducted by HP in December 2013, out of 2,100 mobile apps from 600 enterprises, 18 percent followed unencrypted data communications.In another study conducted by High-Tech Bridge, it was found that out of the top-100 online retailers 73 did not use HTTPS for data communications.Overall, out of the 150,000 websites surveyed by SSL Pulse, only 28 percent had deployed secure sockets layer (SSL), a vital component to implement HTTPS.The numbers could be pretty concerning as even in 2014, people are still sending unencrypted information across Internet. With hacking incidents increasing in number, there is no apparent reason for all websites and mobile apps to not to use HTTPS.

Another equally concerning factor is the inadequacy of companies to respond to the problems that were raised by Webster. In November 2013, he first contacted TripIt and met with a disappointed as the firm failed to respond.On Monday, the firm finally responded that it is working actively to move its calendar feeds to HTTPS all the while minimizing disruption for its users. The company further added that it also takes customer feedback very seriously and appreciates the time taken by its users to reach out.

ssl certificate

<< Google’ s Latest Initiative to Boost Search Rankings for HTTPS SitesImprove Cyber Security and Encryption with HTTPS >>

Posted in HTTPS

Be Sociable, Share!

Leave a Comment


* fields are mandatory