Technology / Top 50 UK websites putting users at risk, say researchers

Top 50 UK websites putting users at risk, say researchers

The 50 most frequently visited web domains in the UK are exposing users to significant risks due to the outsized number of scripts and codes employed when user visit the domains.

Thinkstock girl on tablet

Security researchers discovered that on average each of the top 50 websites in the UK executes 19 scripts.

One website was found to execute 125 unique scripts when requested, while four executed more than 50 each and 72 per cent executed 20 or less.

The top 50 sites, according to analytics firm Alexa, include Google, Facebook, YouTube, eBay and Wikipedia.

Two of the sites that downloaded the most code were media sites, with the top media site downloading 4.9MB of code.

The remaining three sites in the UK’s top five sites were social media sites.

On average, visitors’ browsers downloaded an average of 1.2MB of code, although one site outside of the top 50 was found to download 6.1MB of code.

Researchers from Menlo security also discovered that approximately one third of the top 50 sites were running vulnerable server versions and that one site had a sinkholed malware domain, implying the existence of a large number of infected UK computers.

Websites typically use JavaScript to enrich their user experience, but the more scripts in use from greater number of sources means higher risk for end users.

“Knowing that visiting a UK top-ten site means that I’m allowing my browser to execute more than 25 scripts –  that may or may not be well-written or secure – should be a concern,” said Jason Steer, a security specialist at Menlo.

“The main takeaways show that going to any popular website is now associated with some risk, as we see play out in numerous media stories every week.

“The recent Pagefair hack should be a warning to everyone that trusted websites take content from many entities of varying security postures.”


TEISS banner