J2Ski logo J2Ski logo
Login Forum Search Recent Forums

Ski Website Security 2018 - How Secure are your favourite websites?

Ski Website Security 2018 - How Secure are your favourite websites?

Login
To Create or Answer a Topic

Started by Admin in Ski Chatter

Latest images on this Topic...

Admin posted May-2018

Are the websites you use secure? (and why does it matter?)

With the GDPR deadline looming, and online security and privacy in the news, it's time to take our regular look at the security (or otherwise!) of the top skiing websites.



Summary

Ranked from most secure, to least (i.e. NOT secure), the most popular Ski Websites (with their security grading) are :-

- A+ J2Ski at https://www.j2ski.com/ 8) (yes, we care about your data!)
- A Crystal Ski at https://www.crystalski.co.uk/
- A Iglu at https://www.igluski.com/
- A OnTheSnow at https://www.onthesnow.com/
- A Snow-Forecast at https://www.snow-forecast.com/
- A Snowheads at https://snowheads.com/ (from November 2018 )
- B Ski Solutions at https://www.skisolutions.com/
- C SkiClub GB at https://www.skiclub.co.uk/


Why Does It Matter?

If a website is not secure, then your personal information - including your password and any details you enter or store on that website - is at risk.

And if the connection is not secure (does not use https, or is mis-configured) your data is at risk not just from someone hacking that website, but every time you browse it. An insecure website gets sent your data (and your password) in plain text all the way from your browser (your PC or phone).

Your data can be stolen, relatively easily, by anyone able to get between you and that website...


How likely is that - really?

If you use a public Wifi service (or a poorly secured private one!) to login to an insecure website, then anyone else using that Wifi may be able (with the right software) to see your password. And if your name, email address, passport details, whatevever are on that website then they can help themselves to those too.

Not wishing to make you paranoid, but see Mr. Scumbag sitting in the corner of the coffee shop with his laptop? Yeah, him; he's just grabbed your password, logged in to get your email, name and address and right now he's filling out a loan application in your name... and if you used the same password on your Amazon account... he's having a party!

And if one of the administrators of your favourite insecure website is in the coffee shop, Mr. Scumbag just got his password too; and now he's logged in and is scooping up everyone's data.


GDPR

The GDPR (General Data Protection Regulation) comes into force on the 25th May and "requires personal data to be processed in a manner that ensures its security". Insecure websites will clearly fail this requirement and not be GDPR-compliant.


How Can I Tell if my connection to a Website is Secure?

Check the icon or text on your browser's address bar, next to the website address. A green padlock and/or the word "Secure" and you're good to go; an exclamation mark and/or the phrase "Not Secure" and you're not!


This Year's Results

Once again, we've used the comprehensive tool at SSL Labs to check these websites. You can run these tests yourself, or check any other website you use, by going to https://www.ssllabs.com/ssltest/


Top Of The Class

Best of the bunch, with secure connections and a secure up-to-date technology platform, scoring A or A+ are :-
SSL Labs wrote:J2Ski "Secure" - Graded A+ - https://www.ssllabs.com/ssltest/analyze.html?d=www.j2ski.com

SSL Labs wrote:Crystal "Secure" - Graded A - https://www.ssllabs.com/ssltest/analyze.html?d=crystalski.co.uk

SSL Labs wrote:Iglu "Secure" - Graded A - https://www.ssllabs.com/ssltest/analyze.html?d=igluski.com

SSL Labs wrote:On The Snow "Secure" - Graded A - https://www.ssllabs.com/ssltest/analyze.html?d=onthesnow.com

SSL Labs wrote:Snow Forecast "Secure" - Graded A - https://www.ssllabs.com/ssltest/analyze.html?d=snow-forecast.com

SSL Labs wrote:Snowheads "Secure" - Graded A - https://www.ssllabs.com/ssltest/analyze.html?d=snowheads.com



Could do Better

Secure, but not as secure as they could be (outdated, badly configured or compromised platform), scoring B or C are :-
SSL Labs wrote:Ski Solutions - Graded B - https://www.ssllabs.com/ssltest/analyze.html?d=skisolutions.com

SSL Labs wrote:Ski Club GB "Vulnerable" - Graded C - https://www.ssllabs.com/ssltest/analyze.html?d=skiclub.co.uk




If there are any other Ski Websites you'd like to see added to this list (i.e. the ones we test each year) then let us know with a reply here...

Keep it secret, keep it safe...

Note :- Updated November 2018 to show that our friends at Snowheads are now secure!
The Admin Man

Edited 1 time. Last update at 22-Nov-2018