Chinese government websites “Riddled with security flaws” say researchers

Share post:

A recent study conducted by researchers from the Harbin Institute of Technology reveals significant security issues plaguing Chinese government websites, leaving them vulnerable to malicious attacks. The study, which examined nearly 14,000 government websites across China, highlights numerous vulnerabilities and dependencies that compromise the digital efficacy and safety of these systems.

Among the key findings, over a quarter of the examined domain names lacked effective DNS configuration, raising concerns about their reliability and accessibility. The study also highlighted a notable dependence on a handful of DNS service providers, creating potential single points of failure in the network infrastructure.

The researchers discovered that many government websites relied on outdated versions of the jQuery JavaScript library, leaving them exposed to remote attacks due to vulnerabilities like CVE-2020-23064, which has been known for years.

The study also identified issues with HTTPS adoption and IPv6 integration, which are crucial for secure and modern internet communications. Additionally, unsigned DNSSEC signatures pointed to potential weaknesses in domain name security.

Through a Zed Attack Proxy (ZAP) analysis, the researchers found widespread issues with security headers, including X-Content-Type-Options, Content Security Policy, and Anti-CSRF tokens. Many websites were also vulnerable to attacks like clickjacking and cross-site request forgery due to improper configurations.

The study highlights the urgent need for real-time monitoring, malicious activity detection, and regular updates of third-party libraries to improve the security of Chinese government websites. It also emphasizes the importance of diversifying network nodes to enhance system resilience and performance.

The findings are particularly notable as the Chinese government has repeatedly emphasized the need to improve digital services and cybersecurity. The study serves as a wake-up call, underscoring the need for stringent vetting and regular security updates to safeguard critical government infrastructure.

 

SUBSCRIBE NOW

Related articles

Payment gateway breach exposes 1.7 million credit card holders

Slim CD, a payment gateway provider, recently disclosed a significant data breach that impacted nearly 1.7 million credit...

Taiwan chip manufacturer (TSMC) successful with first US production trial

TSMC has made significant strides with its $65 billion investment in chip manufacturing in their new Arizona fabrication...

Elon Musk Now Controls Two-Thirds of All Active Satellites

SpaceX, Elon Musk's space exploration company, has launched its 7,000th Starlink satellite, solidifying its dominance in the satellite...

AI Healthcare Firm Exposes 5.9 TB of Sensitive Mental Health Data

In a significant data security incident, Confidant Health, a Texas-based AI healthcare platform, inadvertently exposed 5.3 terabytes of...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways