SSL protection not updated on some Belgian authorities’ websites
Monday, 13 April 2015
SSL security protocol on several Belgian authorities’ websites is often not updated. Weaknesses were found by a graduate student, Thomas Vanhoutte, reports niche website datanews.be on Monday. “Too many Belgians are vulnerable to the Poodle flaw, which increases the risk of falling prey to cybercriminals,” reckons Thomas Vanhoutte. SSL protection is often used to make a connection secure, especially for online banking portals, online shopping, or sending personal data.
Thomas Vanhoutte applied online SSL Labs tests to the websites, to check how well the SSL protocol was installed and updated. A similar test had revealed some issues on portals of various banks. According to the student, the social security and eGov websites and the Digiflow federal employees’ portal in particular, performed very poorly. They use an old version of SSL, leaving users open to a potential attack, similar to the Poodle attack which was discovered in October. Anyone typing in their personal data on an eGov profile could see their information stolen.
Jan Guldentops, internet security specialist, says the use of the old SSL protocol by the administration may have 2 explanations: carelessness, or just to make it easier for older users to use the app. “But there are other ways to make it compatible,” he says.