Users at almost half of all UK government sites have the confidentiality of their email jeopardised because they are using server software with known security risks.
This is the alarming conclusion of a government wide survey conducted by Internet security testers NTA Monitor. The research highlights the ongoing need for organisations to keep their systems up to date and fully secured.
Deri Jones, security services manager at NTA Monitor, said: "The results obtained, although at first glance alarming, are actually on a par with the results we see from other online security surveys."
NTA Monitor ran live tests across the Internet using a subset of its Regular Monitor security testing service.
"From testing our own clients, in 80 per cent of cases we find there are substantive differences between security intentions and security achieved. This is true even with organisations that are using good security products in a well designed topology," said Jones.
"The variety of known risks within the range of old and flawed versions of email software packages found, enable hackers to crash systems, or to access confidential information within emails - and even to take control of the machines altogether," he added.
The findings are of particular concern given that the government has pledged to deliver all its services electronically by 2008.
The testing analysed the 689 internet domains within the 'gov.uk' name space. After discounting domains where no Internet email systems had been setup, or which were not reachable during the tests, the survey reported on 345 live email servers. Testing involved sending an email message to each system, and analysing the traffic exchanged.
Over 30 per cent of sites used Sendmail, of which 43 per cent were flawed versions. The majority of NT email server insecurity is caused by the use of old or unpatched versions of Microsoft Exchange - 11 per cent of sites used it, of which 45 per cent were flawed.
For more stories see 5 May issue of Network News UK
Kicking Palantir off of AWS is among their demands, too
Rafaela Vasquez was watching The Voice at the time of the crash, new evidence shows
PUBG price slashed on Steam after selling more than 50 million copies - as daily player numbers plunge
Use the same password for every website? It might be time to change them all