Wednesday 21 December 2016

SumTips: 7 Findings from Secure the News' Leaderboard

Secure computer
At this point, the average internet user knows to check for HTTPS encryption (the little padlock at the top of a browser) before entering sensitive information online. And while many of the websites that require sensitive information—typically banks and online vendors—have made necessary security upgrades, the websites that often go forgotten are those of media outlets.

In response, the Freedom of the Press Foundation recently launched a new tool: Secure the News, a platform that provides information on the security of more than 100 media websites. The results are a little unsettling. May we suggest a VPN the next time you need to catch up on your current events?

  • 29% of news sites surveyed provide HTTPS encryption; only 14% default automatically to HTTPS.
  • The United States’ Intercept was the only site to receive an A+ security rating. Runners up include the UK’s Guardian and the United States’ Buzzfeed, ProPublica, TechCrunch and WIRED, who also provide and default to valid HTTPS. These sites have HSTS capabilities, but are not preloaded (HSTS protects against HTTPS downgrade attacks).
  • 9 news sites worldwide received a security rating of B for providing and defaulting to HTTPS, but lack HSTS altogether. These include Germany’s Die Welt; the Moscow Times; the Toronto Star and the Washington Post.
  • 15 news sites worldwide received a security rating of C. These sites offer valid HTTPS and are available over HTTPS, but do not default to it and lack HSTS altogether; they include France’s Le Monde; India’s Anandabazar; Italy’s La Stampa; Wirtualna Polska; Saudi Arabia’s Al Arabiya; and the UK’s Independent and BBC.
  • 25 news sites worldwide received a security rating of D. These sites only offer valid HTTPS and include Germany’s FAZ.NET; Spiegel Online and Süddeutschede; the India Times and Indian Express; Poland’s Onet; Russia’s TACC; and the United States’ New York Times and Ars Technica.
  • The remaining 50 news sites received a security rating of F, for their complete lack of HTTPS and HSTS. These global sites include Australia’s Age; China’s Global Times, People’s Daily, Shanghai Daily and Xinhua News Agency; India’s Andhrajyothi, DNA India, Hindu, Hindustan Times and Mathrubhumi; Italy’s Corriere della Sera; Qatar’s Al Jazeera; Russia’s Pravda Report; Spain’s, el Mundo, el Pais, el Periodico and la Vanguardia; the United States’ Univision; the Associated Press; and Reuters.
  • Currently, 0 sites have committed to making a change, but the Freedom of the Press Foundation expects Secure the News’ report will begin to prompt such action.
Use HTTPS, surf secure and stay Rando!

Image credit of
Want more SumTips? Read on!

Want SumTips sent to your inbox? Sign up for our weekly newsletter ("Security Tips and News" at bottom of page). 

SumRando Cybersecurity is a Mauritius-based VPNWeb Proxy and Secure Messenger provider. Surf secure and stay Rando!

No comments:

Post a Comment