N4T Investigators: How safe is that website you're using? - KVOA | KVOA.com | Tucson, Arizona

N4T Investigators: How safe is that website you're using?

Posted: Updated:
Photo: AP Photo: AP

TUCSON- If you've ever paid a bill or a ticket online, you may want to listen up. How well do you really know the website you're using and is it secure? We tested out various websites at the city, county, and state level, but also utility companies. Our investigation reveals who passed and who failed.

It may be taken for granted since it's become part of our every day life. You type your name, birthday, a credit card number, and maybe even a social security number. It seems harmless, because you're just paying a bill or even a traffic ticket.

"You don't want to make it easy for them," said Quincey Hobbs, KVOA tech contributor. "Any network can be compromised give it enough time."

Hobbs tells the N4T Investigators cyber attacks happen every minute all across the world as he showed us one website tracking them in real time.

"Multiple people around the clock attacking because of time zones because of some people that's their profession," said Hobbs. "There's places in Tucson that are likely being attacked."
So we used a free online program to see how safe these websites are. The test is simple, you type the URL, the program scans the website, gives it a letter grade and gives you a reason why it scored high or low. It checks for outdated security protocols which could potentially put your information in the wrong hands.
"It's something that should be fixed because it's low hanging fruit and you want to ensure all your weak points to make sure that you don't seem 
to be in an appealing target for someone," said Hobbs.

Websites like Pima County got an "A" along with the State of Arizona, and Pima Community College. Trico Electric Cooperative scored the highest with an "A+." The City of Tucson and Southwest Gas got a "B."

In a statement, Southwest Gas said, "Safety is paramount at Southwest Gas in everything we do. Our commitment to safety goes beyond the safe and reliable delivery of natural gas; this commitment to protect people and property carries over to our website as well. Southwest Gas places a high priority on ensuring the security of our online customers’ personal information and we continuously strive to maintain that security in the best ways possible."

Others like Cochise County and Tucson Electric Power scored a "C."

On Wednesday afternoon, TEP released a statement saying, "The security of customer data is a priority for us. We’re already aware of these potential security issues and are working to address them. The issues identified by this online tool don’t apply to the systems where we store customer information, which is protected by multiple layers of security. These potential vulnerabilities don’t apply to online transactions conducted by customers using the most recent versions of web browsers. We recommend to our customers that they should update their browsers and operating systems."
But then Pima County Consolidated Court, along with schools Salpointe Catholic High School and Temple Emanu-EL Tucson scored an "F."

However, after the N4T Investigators told Pima County Consolidated Court about its "F" grade, it went ahead and made the necessary changes, and now they have an "A." Cochise County also followed, as they went from a "C" to an "A."

In a statement Cochise County said, " it should be noted that even with the old cipher's supported, our site being built with SSL enabled by default provided an enhanced level of security when compared to the old web site. At the time we had launched the new web site, last year, we actually had a more strict security model in place but had determined that it prevented older browsers from working.  Our biggest challenge was with computer systems within the County still running Windows XP and IE6.  Since then though we have been working diligently on replacing those older systems.  At this point, most (if not all) legacy systems that are in use with IE6 have been updated. The VirtualHost directives on the web server are now updated.  "

Salpointe Catholic High School's director of systems administration, Jeffrey Mounts released a statement to us saying, "I immediately contacted our website vendor, who has been working with their partners to investigate the scan results. This past weekend our website vendor did patch their system and the vulnerability did in fact go away."

The company we used Qualys and its director of engineering Ivan Rustic confirmed this information saying, "(Salpointe) They investigated and confirmed that some of their devices required patching. It is expected that, after the patching, the POODLE TLS vulnerability will go away."

On Monday, Salpointe's grade improved from an "F" to a "C."

"It's just better to go ahead and resolve them instead of having them linger out there and someone finding something new a new way to actually exploit it," said Hobbs.

Salpointe also said it's addressing other problems into why its grade was capped at a "C."

If you have a story for the N4T Investigators, email investigators@kvoa.com or call the tipline 520-955-4444.


Interactive Radar
Powered by Frankly

© KVOA.com 2018, KVOA.com
All rights reserved
Privacy Policy, | Terms of Service, and Ad Choices

Can't find something?