Started by Admin in Ski Chatter 22-May-2018
Latest images on this Topic...
With the GDPR deadline looming, and online security and privacy in the news, it's time to take our regular look at the security (or otherwise!) of the top skiing websites.
Ranked from most secure, to least (i.e. NOT secure), the most popular Ski Websites (with their security grading) are :-
- A+ J2Ski at https://www.j2ski.com/ (yes, we care about your data!)
- A Crystal Ski at https://www.crystalski.co.uk/
- A Iglu at https://www.igluski.com/
- A OnTheSnow at https://www.onthesnow.com/
- A Snow-Forecast at https://www.snow-forecast.com/
- B Ski Solutions at https://www.skisolutions.com/
- C SkiClub GB at https://www.skiclub.co.uk/
- F Snowheads at http://snowheads.com/
Why Does It Matter?
If a website is not secure, then your personal information - including your password and any details you enter or store on that website - is at risk.
And if the connection is not secure (does not use https, or is mis-configured) your data is at risk not just from someone hacking that website, but every time you browse it. An insecure website gets sent your data (and your password) in plain text all the way from your browser (your PC or phone).
Your data can be stolen, relatively easily, by anyone able to get between you and that website...
How likely is that - really?
If you use a public Wifi service (or a poorly secured private one!) to login to an insecure website, then anyone else using that Wifi may be able (with the right software) to see your password. And if your name, email address, passport details, whatevever are on that website then they can help themselves to those too.
Not wishing to make you paranoid, but see Mr. Scumbag sitting in the corner of the coffee shop with his laptop? Yeah, him; he's just grabbed your password, logged in to get your email, name and address and right now he's filling out a loan application in your name... and if you used the same password on your Amazon account... he's having a party!
And if one of the administrators of your favourite insecure website is in the coffee shop, Mr. Scumbag just got his password too; and now he's logged in and is scooping up everyone's data.
The GDPR (General Data Protection Regulation) comes into force on the 25th May and "requires personal data to be processed in a manner that ensures its security". Insecure websites will clearly fail this requirement and not be GDPR-compliant.
How Can I Tell if my connection to a Website is Secure?
Check the icon or text on your browser's address bar, next to the website address. A green padlock and/or the word "Secure" and you're good to go; an exclamation mark and/or the phrase "Not Secure" and you're not!
This Year's Results
Once again, we've used the comprehensive tool at SSL Labs to check these websites. You can run these tests yourself, or check any other website you use, by going to https://www.ssllabs.com/ssltest/
Top Of The Class
Best of the bunch, with secure connections and a secure up-to-date technology platform, scoring A or A+ are :-
SSL Labs wrote:J2Ski "Secure" - Graded A+ - https://www.ssllabs.com/ssltest/analyze.html?d=www.j2ski.com
SSL Labs wrote:Crystal "Secure" - Graded A - https://www.ssllabs.com/ssltest/analyze.html?d=crystalski.co.uk
SSL Labs wrote:Iglu "Secure" - Graded A - https://www.ssllabs.com/ssltest/analyze.html?d=igluski.com
SSL Labs wrote:On The Snow "Secure" - Graded A - https://www.ssllabs.com/ssltest/analyze.html?d=onthesnow.com
SSL Labs wrote:Snow Forecast "Secure" - Graded A - https://www.ssllabs.com/ssltest/analyze.html?d=snow-forecast.com
Could do Better
Secure, but not as secure as they could be (outdated, badly configured or compromised platform), scoring B or C are :-
SSL Labs wrote:Ski Solutions - Graded B - https://www.ssllabs.com/ssltest/analyze.html?d=skisolutions.com
SSL Labs wrote:Ski Club GB "Vulnerable" - Graded C - https://www.ssllabs.com/ssltest/analyze.html?d=skiclub.co.uk
Hall Of Shame
Insecure connections (all your data are belong to... anyone who wants it) and insecure websites :-
SSL Labs wrote:Snowheads "Not Secure" - Graded F - https://www.ssllabs.com/ssltest/analyze.html?d=snowheads.com
If there are any other Ski Websites you'd like to see added to this list (i.e. the ones we test each year) then let us know with a reply here...
Keep it secret, keep it safe...