WebHogs Does Central Banks

by Doctor Electron

Sometimes called "the bank of last resort," the central bank of a country is generally vested with special authority by government to promote stability in financial markets for the benefit of commerce within and between nations. The central bank leaders of major economic powers often meet to compare notes. In the U.S., this special bank is called the Federal Reserve Bank, chaired for a number of years by Alan Greenspan.

Maj. Hog, the official spokesman for the WebHogs program, turned down the idea of a personal meeting and photo opportunity with Mr. Greenspan, "Other central bank chairmen might want similar treatment and it might cause turmoil in financial markets." An alternative was to ask Maj. Hog to look at web pages of central banks. He did and put many in the Web Hogs Pen, in a special section called the "Central Bank Club."

Table 1 presents results from 107 central bank web pages, arranged in four groups. These default pages are often, but not always, the home pages for the site.

Table 1: Central Bank Web Page Responses and Pig Scores
Address         Name                   Pig Bytes  Resp E Server
216.87.14.90    www.bcv.org.ve         140 19910=  200   Microsoft-IIS/5.0
66.45.56.34     www.bcrp.gob.pe         80  8946=  200 E Microsoft-IIS/5.0
194.152.217.18  HNBnetra.hnb.hr         74 34737=  200   Netscape-Enterprise/3.6
203.97.36.19    rbnz.govt.nz            57 27304=  200   Zeus/3.3
62.200.195.22   www.bnb.bg              47  4462=  200   Lotus-Domino/0
195.94.0.103    www.centralbank.gov.ye  44 16182=  200 E Microsoft-IIS/5.0
208.148.169.23  resbank.malawi.net      40  8973=  200 E Microsoft-IIS/4.0
209.88.238.17   .eccb-centralbank.org   40 10764=  200   Microsoft-IIS/5.0
217.110.182.53  www.bundesbank.de       39 12540X  200   Apache
206.138.197.2   firewall-all.ny.frb.org 37 16564=  200   Netscape-Enterprise/4.1
206.180.238.12  bankofsierraleone.com   37 12955=  200 E Apache/1.3.12
193.95.69.11    www.bct.gov.tn          33 24013=  200 E Apache/1.2.6
195.82.5.24     www.nationalbank.kz     30  8598=  200 E Microsoft-IIS/4.0
202.51.159.232  blazer.lanka.net        29 36141=  200 E Microsoft-IIS/5.1
193.108.185.40  www.bank.lv             25  2874=  200 E Microsoft-IIS/4.0
195.167.100.130 w-hosts130.otenet.gr    25  3252=  404   Microsoft-IIS/5.0
200.69.211.82   www.bcra.gov.ar         25  8055=  200   Microsoft-IIS/5.0
200.85.47.18    www.bcp.gov.py          25  3194=  403
195.8.1.171     www.bancomoc.mz         22 17078X  200   Apache/1.3.20
200.181.13.79   www.bcb.gov.br          21 22098=  200   Microsoft-IIS/5.0
196.3.139.108   www.central-bank.org.tt 20 23694=  200   Microsoft-IIS/4.0
212.40.192.49   www.cbr.ru              20 36704=  200   Microsoft-IIS/5.0
212.77.204.174  www.qcb.gov.qa          17  4414=  200   Netscape-Enterprise/3.6
64.33.81.17     www.sama.gov.sa         16  8240=  200 E Apache/1.3.26
140.80.193.5    .bank-banque-canada.ca  15  4490=  200   Netscape-Enterprise/3.6
194.129.36.50   .facility.pipex.com     14  2787=  200 E Microsoft-IIS/4.0
212.42.65.83    ns.bank.gov.ua          12  9708=  200   Microsoft-IIS/3.0
195.39.135.3    pc3.cbk.gov.kw          10  1666=  200   NetWare-Enterprise-Web-Server/5.1
203.172.24.1    www.bsp.gov.ph          10 22201=  200 E Microsoft-IIS/4.0
193.126.81.20   vabbinfaru.bportugal.pt  9  1183=  200 E Microsoft-IIS/4.0
216.6.27.61     www.bot-tz.org           9 10617=  200   Microsoft-IIS/5.0
212.124.160.1   avala.yubc.net           6 84729=  200 E Apache
195.202.64.129  .uunet.co.ke             5 16107-  200 E Apache/1.3.4
193.188.112.36  www.bma.gov.bh           4  8537=  200 E Apache/1.3.14
208.224.181.35  www2.boz.zm              4  1608-  200   Netscape-Communications/1.12
193.87.129.130  www.nbs.sk               3  1030=  200 E Apache/1.3.26
196.40.57.36    www.bccr.fi.cr           3   394=  200 E Microsoft-IIS/5.0
202.54.34.254   .computeraccess.co.in    3  3235=  200 E Microsoft-IIS/5.0
212.56.194.129  .mldnet.com              3   753=  200 E Oracle
166.114.45.5    bcbweb.bcb.gov.bo        2    65X  200   Apache/1.3.19
63.241.182.45   .beready.att.net         2   280=  200 E Apache/1.3.20
193.53.62.66    www.nbb.be               1   213=  200   Microsoft-IIS/4.0
194.125.145.44  www.centralbank.ie       1  4074X  200   Microsoft-IIS/4.0
195.193.90.8    dnb.nl                   1  2798=  200 E IBM_HTTP_SERVER/1.3.19
196.44.140.173  www.bon.com.na           1  1270=  200   Microsoft-IIS/5.0
202.152.28.166  www.bi.go.id             1   138X  302   Microsoft-IIS/4.0
203.150.3.147   bot.co.th                1   171X  302   Microsoft-IIS/4.0
212.98.162.9    www.nbrb.by              1   312=  500   Microsoft-IIS/5.0
210.174.166.201 www.boj.or.jp            0 18592=  200 E Apache/1.3.26
163.121.229.251 subnet229.idsc.gov.eg    0 12212=  200 E Microsoft-IIS/4.0
193.188.75.1    dinar.cbj.gov.jo         0  8145X  200   Netscape-Enterprise/2.0d
206.136.173.119 www.bcr.gob.sv           0  7723=  200 E Microsoft-IIS/5.0
168.167.71.198  www.bankofbotswana.bw    0  7491-  200 E Microsoft-IIS/4.0
195.215.15.211  www.nationalbanken.dk    0  3837=  200   Lotus-Domino/5.0.9
80.78.66.61     www.bankofalbania.org    0  3435=  200 E Microsoft-IIS/4.0
195.222.32.22   is6.bih.net.ba           0  3232X  200   Netscape-Enterprise/3.6
206.48.105.130  bch.hn                   0  3172=  200 E Apache/1.3.9
193.96.201.13   www.ecb.int              0  2795=  200 E Apache/1.3.19
213.250.51.67   www.bsi.si               0  2732=  200 E Microsoft-IIS/4.0
129.35.233.49   www.snb.ch               0  2594=  200   Netscape-Enterprise/3.6
194.102.208.3   www.bnro.ro              0  1606=  200 E Microsoft-IIS/4.0
157.100.207.5   www.bce.fin.ec           0  1246=  200   Netscape-Enterprise/2.0a
203.116.44.235  www.mas.gov.sg           0  1075X  200   Netscape-Enterprise/4.1
64.226.137.140  cbo-oman.org             0  1024=  200 E Microsoft-IIS/5.0
195.250.70.100  cba.am                   0  1021=  200 E Microsoft-IIS/5.0
128.214.68.40   www.bof.fi               0  1004=  200 E Apache/1.3.22
210.104.132.11  www.bok.or.kr            0  1002X  200   Oracle
207.50.234.5    www.bceao.int            0   947=  200   Lotus-Domino/5.0.6
209.130.86.220  www.cbaruba.org          0   902=  200 E Rapidsite/Apa/1.3.26
195.76.129.69   moriles.bde.es           0   831=  200   Netscape-Enterprise/4.1
200.85.170.4    sweb.bcn.gob.ni          0   603=  200 E Microsoft-IIS/4.0
170.70.84.3     www.banxico.org.mx       0   599=  200 E Microsoft-IIS/4.0
195.142.236.1   tcmb580.tcmb.gov.tr      0   584=  200 E ZZZ
193.203.230.241 www.bancaditalia.it      0   578=  200 E Apache/1.3.20
194.198.134.26  www.riksbank.se          0   550=  200
194.154.192.107 www-a.pt.lu              0   505=  200 E Apache/1.3.20
194.106.64.41   smtp.kemmunet.net.mt     0   487=  200 E Apache/1.3.0
202.123.26.122  bom.intnet.mu            0   455=  200 E Microsoft-IIS/5.0
200.44.39.14    www.bcv.org.ve           0   359=  200 E Apache/1.3.0
62.56.182.2     www.bnr.rw               0   271=  200 E Microsoft-IIS/5.0
193.71.196.92   virtual-3.nettvik.no     0   255=  200 E Apache/1.3.9
66.38.187.91    .gtconnect.net           0   238=  200 E Microsoft-IIS/5.0
196.29.242.10   www.resbank.co.za        0    75=  200 E Microsoft-IIS/4.0
200.1.156.10    pluto.sr.net             0    40=  200 E Apache/1.3.0
205.214.220.204 www.centralbank.org.bb   0   299=  302   Lotus-Domino/5.0.6
194.149.13.9    vservers.datanet.hu      0   211X  302   GTS-DataNet/1.0
195.38.160.228  eagle.nbkr.kg            0   129=  400   Oracle_Web_Listener/4.0.8.1.0
200.10.237.38   www.bcentral.cl          0   172=  403   Microsoft-IIS/5.0
202.186.13.99   ash3.skali.net           0   172=  403   Microsoft-IIS/5.0
63.99.209.6     www.bankofsudan.org      0   172=  403   Microsoft-IIS/5.0
213.208.1.8     www.oenb.co.at           0   164=  404   Engine:
212.58.126.126  webserver.nbg.gov.ge     0   111=  404   Microsoft-IIS/5.0
196.3.81.152    .codetel.net.do          0   102=  404   Microsoft-IIS/4.0
62.23.1.152     .rev.coltfrance.com      0   102=  404   Microsoft-IIS/4.0
63.241.73.115   www.bdl.gov.lb           0   102=  404   Microsoft-IIS/4.0
200.30.148.35   mail.banguat.gob.gt      0  1160=  406   Microsoft-IIS/4.0
161.58.231.100  reservebank.gov.fj       0     0
161.58.232.244  bankisrael.gov.il        0     0
193.85.201.130  web1.kpnqwest.cz         0     0
194.30.133.77   evagoras.logos.cy.net    0     0
195.136.199.105 www.nbp.pl               0     0
195.26.128.195  www.nbrm.gov.mk          0     0
202.128.227.99  www.info.gov.hk          0     0
209.226.86.5    www.boj.org.jm           0     0
212.107.32.146  www.ee                   0     0
213.167.148.178 www.sedlabanki.is        0     0
216.72.142.131  .globalone.net.co        0     0
Legend: Pig, Score by Webhogs program. Bytes, length of content read. =, same as, or -, less than Content-Length in http header. X, no Content-Length stated. Resp, http header response code. E, etag in http header. Server, software description in http header. The two character country codes (ve, pe, hr, etc) indicate countries as shown in this list.

(1) 48 sites showed Pig Scores greater than zero and are listed in descending order. The average Pig Score in this group was 22, about double the overall average found with random sampling of web sites [Web Hogs Pen].

Please join us in welcoming Venezuela (ve) into the One Hundred Club section of the Web Hogs Pen. Also in the top ten Pig Scorers, we have Peru (pe), Croatia/Hrvatska (hr), New Zealand (nz), Bulgaria (bg), Yemen (ye), Malawi, Ecuador (eccb), Germany (de) and the United States (ny.frb.org). The chairpersons for these central banks have their work cut out for them. "We are not running some silly piggy bank here," might be the refrain heard. "How can the nation prosper with all this piggy content on our web site? Get the webmaster in my office immediately."

(2) 36 central bank sites responded with the 200 OK code and their content showed zero Pig Scores. Japan (jp) was in this group. As one of the major economic powers participating in international economic summits, an agenda item for a future meeting will be for Japan to teach the U.S. and Germany how to make central bank web pages.

These 36 central banks are hereby awarded the privilege of displaying the official WebHogs seal of approval -- "Certified pig-free by Maj. Hog." This seal suggests that the leadership can effectively delegate authority as evidenced by the pig-free web page of the central bank. Maj. Hog is the only known authority who has said that the stock markets in countries carrying this seal are due for an upswing.

Considering groups (1) and (2), more than half of these 84 responsive sites showed positive Pig Scores. The "percent Pigs" (48 / 84) index was somewhat greater then seen generally [Web Hogs Pen], but perhaps not enough to rattle the futures markets.

(3) 12 central banks responded with error codes (302, 400, 403, etc). This result alone should not be construed as reason for financial panic in those countries. However, mild wondering might be in order.

(4) 11 of the central banks surveyed accepted a connection from the WebHogs client program but refused to say anything, not even an error code, when asked for their default site page. For these cases, moderate wondering might be in order.

Combining groups (3) and (4), we have 23 of 107 countries tested which may not have reliable access to web sites where the central bank presents content.

More than half of the responsive central banks (47 or 84) used etag entries in their http headers. All of the sites using etag, except one, did not use cookies. Of the 14 sites using cookies, Brazil (br) was the cookie kook among central banks, using four cookies in its http header.

What is the web server software used by central banks, presumably chosen by some of the best financial brains in the world? Table 1 shows Microsoft-IIS (n = 49), Apache (n = 21) and Netscape (n = 11) were the most popular. That is, more than half of the responsive servers (49 of 84) were running Microsoft-IIS, which has previously been compromized by several self-propagating viruses, which may allow unauthorized access to infected servers. It is often true that web server machines are not connected to the actual network used by the organization where confidential information might be stored. Hopefully this is generally true for the central banks surveyed.

If the reader saw a trusted, honest neighbor dressed up like a jewel thief -- black outfit with a ski mask -- carrying burglar tools -- crow bar, lock cutter, glass cutter, etc -- with a sack to carry off loot, the question might arise, "What are you doing? You look like a bandit." The answer might be, "I'm going to a costume party." Now we ask some of the central banks, "What are you doing?"

Table 2 lists the top users of scripts in central bank web pages. These were the central banks dressed up like bandits, so to speak. Scripts are programs to be run on the user's computer. They are either included in the textual content of the web page in html tags or are downloaded separately from the same site or another location. We found two rather large nations, the United States (ny.frb.org) and Russia (ru), may be taking lessons from Malawi, which tried to run 10 programs (Scripts) on the computer of the user who dared to surf to that central bank web page with browser scripts enabled. The page contained 19 references to Java scripts (Java) and defined 1 function (Func) used by the programs.

Table 2: Central Bank Web Page Script Kiddies
Address         Name                    Pig Scripts Java  Func   JS
208.148.169.23	resbank.malawi.net       40    10    19     1	
216.87.14.90    www.bcv.org.ve          140     7    30    16	
206.138.197.2   firewall-all.ny.frb.org  37     7     6           5
212.40.192.49   www.cbr.ru               20     7     8		
196.3.139.108   www.central-bank.org.tt  20     5     5           1
212.42.65.83    ns.bank.gov.ua           12     5     5		
62.200.195.22   www.bnb.bg               47     4     4     4     1
195.94.0.103    www.centralbank.gov.ye   44     4     4           3
193.95.69.11    www.bct.gov.tn           33     4     7     1     3
194.152.217.18  HNBnetra.hnb.hr          74     3    21    10	
203.97.36.19    rbnz.govt.nz             57     3     6    12	
206.180.238.12  bankofsierraleone.com    37     3     6           2
200.69.211.82   www.bcra.gov.ar          25     3     4     1     2
200.85.47.18    www.bcp.gov.py           25     3     1     1	
195.8.1.171     www.bancomoc.mz          22     3     6     2     1
Legend: Pig, Score by Webhogs program. Scripts, number of script programs the web page may run (may depend on user choices). Java, number of references to Java scripts (may indicate the number of times particular scripts might be run). Func, number of functions defined in script tags in the web page (functions are mini-programs within a program). JS, number of .js programs that may be downloaded in addition to scripts already in the web page content.

The leader in downloading programs to run on the visitor's computer was the United States, which may attempt separate transfers of up to 5 of 7 Javascript programs (JS) to the user's computer. Is the Federal Reserve Bank (FRB) on the way to a costume party? The near winners were Yemen (ye) and Tunisia (tn), each invading the visitor's computer with three Java program downloads.

If somebody attempted to transfer and run programs on the computers of the FRB, an arrest might be in the offing. The difference here is that the user voluntarily visits the site which voluntarily provides content. The similarity is that neither computer vandals and bandits or the FRB volunteers information about these attempts. Neither provides a notice, "Please wait while we download software to take over your computer." Has the reader ever noticed a flurry of activity -- hard drive active, pauses, etc -- upon visiting a web page? Guess what is happening. Somebody managing the web site is running programs using your computer, your hard drive and your RAM. Forget about the programs you want running; maybe these will be swapped out of RAM for the intruders to take control.

Let us close this hopefully fun report on central banks by noting that intrusive html is not necessary to present web content, even for the big and sophisticated. Example: at last check, the home page of www.fbi.gov had a zero Pig Score and was able to present text and graphics in an attractive and informative manner. The author has previously visited the FRB site and found useful and interesting information, all with scripting disabled in the browser. As noted above, the central banks of Japan and many other countries (Table 1) are able to write script-free web pages.

The name of the game for central banks is credibility. Certainly, being piggy and greedy with respect to the computer resources of other people is incongruent with a public image suitable for central banks. So let us look for dieting where necessary to reduce those Pig Scores. As always, WebHogs users may help by forwarding their polite comments and the WebHogs transcript to the corresponding webmasters.

Copyright © 2002 Global Services
Original publication: September 11, 2002

Back to Net Census