[ISN] 99 percent of Arab websites are insecure

From: InfoSec News (alerts@private)
Date: Wed Aug 16 2006 - 01:02:06 PDT


http://www.star.com.jo/viewNews/DetailNews.aspx?nid=2775

The Star
August (10-16) 2006 

Poor security, lack of original content and bad design on Arab
websites are seriously hindering the development of e-commerce in the
Middle East, according to a group of organisations, which have joined
forces to develop quality standards for the region's internet
industry.

Dubai Internet City (DIC) and eHosting Datafort have formed
Interstandards, the Arab Internet Standards Organisation (AISO), as a
joint inititative to develop a certification programme for Arab
commercial websites in association with the British Standards
Institute (BSI).

The organisations believe that the Arab world's internet industry is
plagued with inadequacies, including the lack of even basic security
standards on some websites. Evidence of the latter comes from "ethical
hacking" actions carried out by eHosting Data fort during security
audits on the IT systems of more than 30 organisations in the region
over a four-year period.

According to the company, the actions, which involved it acting as a
"white hat" hacker by exploiting vulnerabilities to enter the
organisations' IT systems, were "99% successful". Ahmed Baig, manager
of security consulting at eHosting Datafort, said: "What we do is we
try to act like a typical hacker and try to penetrate into the
corporate networks of the client."

'We actually gain the proof of our penetration through our records
that we gather through the testing process," he continued. "We have
been successful almost all the time - it very clearly indicates that
the basic level of due care and diligence is lacking in most of the
networks," he added.

Baig went on to say that some companies tested by eHosting Data fort
did not even have monitoring systems in place to indicate they had
been hacked, only discovering months after an attack had taken place
that they had been hit. "We have found some companies where the
clients have been hacked for a few months and they are not even aware
that they have been hacked," he claimed.

Baig believes that developing standards to improve the security of the
region's websites will go a long way to addressing what the companies
perceive as a lack of trust among users in carrying out transactions
online. This insecurity among users is one of the main factors
hampering the development of e-commerce in the region, he claimed.

"Basically, currently the main obstacle between us and a very viable
Arab e-commerce market, like the one that is in the US for example, is
confidence level of the users," he stated. "The main obstacle remains
trust and confidence for the users and today they do have a reason to
be worried because very few websites in the Arab world are providing
secure platforms for commerce transactions," he added.

The companies are still working with the BSI on developing the
certification standards, which will cover design, content, marketing,
applications and security. They hope to have certified 50 companies by
the middle of next year and say a number of companies have already
registered for certification, including aljazeera.net, maktoob.com,
tejari.com and albawaba.com.

As well as security issues, the companies hope to address issues
around the poor content of the region's websites - much of which they
claim is copied or pasted from its original source on other sites, and
breaches copyright laws. n99 percent of Arab websites are insecure

The Star is a registered trademark. © 2003 Jordan Press & publishing
Co.  All rights reserved.



_________________________________
Visit the InfoSec News store!
http://www.shopinfosecnews.org



This archive was generated by hypermail 2.1.3 : Wed Aug 16 2006 - 01:22:18 PDT