Who Needs Heartbleed When Many Dot-Govs Don't Even Encrypt Communications

More than a quarter of federal websites are not properly configured with software to prevent intruders from intercepting data entered by citizens, according to a new study. Federal sites in general scored 10 percent lower than online banking services and social media networks at site security and server configuration, researchers at the Online Trust Alliance discovered.

The study, released Wednesday, looked at 50 cabinet-level and other high-traffic, consumer-oriented federal websites, as well as purported federal sites set up by fraudsters. Phishing emails luring citizens to the bogus sites also were examined.

Industrywide, the average score for so-called SSL configuration was 83.4 on a 100-point scale, whereas the government average was 70.5. The government rating was dragged down by the large number of sites, 26 percent, that scored lower than 50, said Craig Spiezle, founder of the alliance and a study co-author. About 10 of the sites had no discernible SSL connection, he said...