recent work

Trustworthy Internet Movement (TIM) to publish the names of insecure websites

The move by TIM aims to improve website security, following research that confirmed 52% of sites were using “versions of security protocols known to be compromised”.

The group, which consists of security experts and entrepreneurs, has been created because of frustrations about blaze attitudes and the slow pace of online safety improvements.

“We want to stimulate some initiatives and get something done,” said TIM’s founder Philippe Courtot, serial entrepreneur and chief executive of security firm Qualys.

Other expderts that will be part of TIM include SSL’s inventor Dr Taher Elgamal; “white hat” hacker Moxie Marlinspike who has written extensively about attacking the protocol; and Michael Barrett, chief security officer at Paypal.

The testing methods that TIM will undertake are two-stage: the first part would be to run automated tools against websites to test how well they had implemented SSL. The second stage concerns the running of the bodies, known as certificate authorities, which guarantee that a website is what it claims to be.

“We’ll be making it public,” adds Courtot, “Everyone is now going to be able to see who has a good grade and who has a bad grade.”