Websites of 59 M’sian politicians, including the PM, are unsafe
Tun Dr Mahathir Mohamad’s blog chedet.cc and the websites of at least nine other prominent Malaysian politicians have been deemed unsafe, posing a security risk for visitors, according to a study by a UK-based consumer website.
(The Star) – The site, Comparitech, studied the websites of 85 Malaysian politicians and found that 59 of them lacked Secure Sockets Layer (SSL) encryption, meaning that visitors’ connections to those sites are not private nor secure.
In all, Comparitech said it assessed the websites of more than 7,500 politicians in 37 countries, including Malaysia.
It said three out of the five websites it studied lacked basic Hyper Text Transfer Protocol Secure (HTTPS) encryption.
HTTPS, the secure version of HTTP, conceals the communication between a user’s browser and the website he or she is visiting.
SSL is used to set up an encrypted connection between the browser and the site, and it’s vital for securing online banking and shopping transactions.
“About half of the politicians’ websites include some form of input where users can register accounts, log in, sign up for newsletters, or send a message.
“These forms often request the user to enter personal information such as name or email address.
“None of these interactions can be properly protected without HTTPS,” Comparitech said in an article reporting the findings of its study (https://www.comparitech.com/blog/vpn-privacy/politicians-https-study/).
Some Malaysian politicians do, however, have SSL encryption for their websites.
They include those belonging to Finance Minister Lim Guan Eng (https://limguaneng.com/) and Economic Affairs Minister Datuk Seri Azmin Ali (https://azminali.com/).
Comparitech said even websites that do not include form input fields should ideally use HTTPS to encrypt the content of what users see on a particular site.
“HTTPS encrypts data in transit so that unauthorised third parties cannot intercept and decipher it.
“Valid SSL certificates also authenticate websites, helping to ensure voters that they’re on the politician’s genuine site and not a fraudulent one.
“Obtaining an SSL certificate and implementing HTTPS is not difficult nor expensive so politicians have little excuse for not properly securing their sites,” Comparitech said.
However, some cybersecurity experts have pointed out that the lack of security certificates such as SSL is not necessarily a critical vulnerability.
This is because while such security measures protect a user’s data from being hijacked and seen by other parties, it can only happen if the hacker and the victim are on the same network, and also requires tools and skills.
In the study, the United States landed in 1st place in terms of having the lowest percentage of politicians’ websites with no HTTPS encryption (26.2%), followed by the United Kingdom (30.65%), Germany (31.92%), Australia (37.44%) and Denmark (41.3%).
Malaysia, where 69.41% of politicians’ websites have no HTTPS encryption, came in 16th spot while South Korea with 92.31% was last among the 37 countries involved in the study.
The Comparitech dataset can be accessed at the following link: https://docs.google.com/spreadsheets/d/1dXBWyV4Xy6ZTve93I9KOGCxW0E9hmlX-rk4rBeMObd0/edit?ts=5bd71d79#gid=38968544
