Almost every fourth public website with secure connection, still prove to be vulnerable, according to a review done by NRK news .
The entire 102 domains, or 24 percent of the sites with HTTPS connection in public, had significant deficiencies in the layout, NRK reported.
The seemingly secure connection is characterized by a green padlock to the left of the address bar in the browser. Among the supposedly secure websites that turned out not to be so secure after all, are the Police web portal, several of the internal network solutions of the Military and the National ID Center.
– As long as they have the padlock, it is good, but if you take a closer look, you will see that NCIS has not followed the recommended standards. This way they send a signal that they maybe don’t take this as seriously as they should, security expert Runa Sandvik says.
She and security adviser Per Thorsheim contacted NCIS other to inform them of other flaws and errors of the tip page. In March this year nothing had been done by the NCIS to correct this.
In retrospect, however NCIS made changes that has raised the vulnerability assessment of the tip page from the grade F, which represents the most vulnerable, to C.
– History has shown us that new vulnerabilities on the Internet turn up periodically. It is therefore important for us to correct them as soon as we get to know them. There must be no doubt that we are taking this seriously, Ida Dahl Nilssen, press officer at NCIS, says.
Source: NTB scanpix / Norway Today