Some surprising Irish sites have ‘incorrectly configured SSL certs’

3 Nov 201597 Shares

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

We recently got wind of an interesting little project undertaken by an Irish webmaster, who took the time to check SSL security across a number of Irish websites. The results were… surprising.

Darren Hallinan recently got in touch, he of Smashteck Phones, a Sligo-based buying and repair shop. Hallinan drew our attention to a recent blog post of his, The Most Unsecured Incorrectly Configured SSL Cert On An Irish Website Award, which checked out the SSL cert configuration across a number of major Irish websites.

He checked a handful of transport sites, government sites and, quite obviously, communications sites. Across all three there should, you would think, be a high level of security.

But, considering the constant supply of major data breaches around both the country and the world, perhaps the opposite should be the expected result.

“So, its Friday night and we are working hard to have our website ready for the Christmas spending spree, which has already started with the more savvy shoppers,” said Hallinan.

“While carrying out some basic security checks on our site I wanted to ensure our SSL cert was doing its job.”

An SSL cert encrypts the information between web servers and users’ browsers – a basic, effective way to protect user information that gets logged onto websites.

Hallinan popped over to Qualys’ ssllabs.com, which has a great little tool that you can use to check the cert make-up of certain sites.

“It highlights every known issue and grades a domain based on a large number of factors,” said Hallinan. Smashteck Phones bagged an A-,  as did the Department of Revenue and Supervalu.

Poorly performing sites were Tesco, Drivingtest.ie and Vodafone, each bagging an F. However, we reran the Tesco test and couldn’t get a grade, and drivingtest.ie converts to RSA.ie so I’m not sure of the significance of that. Vodafone, though, got an F grade on our test too.

We ran our site through the tool, too, nabbing a B, which is not the top of the pile but certainly not the worst.

Lock image via Shutterstock

Gordon Hunt is a journalist at Siliconrepublic.com

editorial@siliconrepublic.com