WebHogs Does Central Banks
by Doctor Electron
Sometimes called "the bank of last resort," the central bank of a country is generally vested with special authority by government to promote stability in financial markets for the benefit of commerce within and between nations. The central bank leaders of major economic powers often meet to compare notes. In the U.S., this special bank is called the Federal Reserve Bank, chaired for a number of years by Alan Greenspan.
Maj. Hog, the official spokesman for the WebHogs program, turned down the idea of a personal meeting and photo opportunity with Mr. Greenspan, "Other central bank chairmen might want similar treatment and it might cause turmoil in financial markets." An alternative was to ask Maj. Hog to look at web pages of central banks. He did and put many in the Web Hogs Pen, in a special section called the "Central Bank Club."
Table 1 presents results from 107 central bank web pages, arranged in four groups. These default pages are often, but not always, the home pages for the site.
Table 1: Central Bank Web Page Responses and Pig Scores
Address Name Pig Bytes Resp E Server216.87.14.90 www.bcv.org.ve 140 19910= 200 Microsoft-IIS/5.0 66.45.56.34 www.bcrp.gob.pe 80 8946= 200 E Microsoft-IIS/5.0 194.152.217.18 HNBnetra.hnb.hr 74 34737= 200 Netscape-Enterprise/3.6 203.97.36.19 rbnz.govt.nz 57 27304= 200 Zeus/3.3 62.200.195.22 www.bnb.bg 47 4462= 200 Lotus-Domino/0 195.94.0.103 www.centralbank.gov.ye 44 16182= 200 E Microsoft-IIS/5.0 208.148.169.23 resbank.malawi.net 40 8973= 200 E Microsoft-IIS/4.0 209.88.238.17 .eccb-centralbank.org 40 10764= 200 Microsoft-IIS/5.0 217.110.182.53 www.bundesbank.de 39 12540X 200 Apache 206.138.197.2 firewall-all.ny.frb.org 37 16564= 200 Netscape-Enterprise/4.1 206.180.238.12 bankofsierraleone.com 37 12955= 200 E Apache/1.3.12 193.95.69.11 www.bct.gov.tn 33 24013= 200 E Apache/1.2.6 195.82.5.24 www.nationalbank.kz 30 8598= 200 E Microsoft-IIS/4.0 202.51.159.232 blazer.lanka.net 29 36141= 200 E Microsoft-IIS/5.1 193.108.185.40 www.bank.lv 25 2874= 200 E Microsoft-IIS/4.0 195.167.100.130 w-hosts130.otenet.gr 25 3252= 404 Microsoft-IIS/5.0 200.69.211.82 www.bcra.gov.ar 25 8055= 200 Microsoft-IIS/5.0 200.85.47.18 www.bcp.gov.py 25 3194= 403 195.8.1.171 www.bancomoc.mz 22 17078X 200 Apache/1.3.20 200.181.13.79 www.bcb.gov.br 21 22098= 200 Microsoft-IIS/5.0 196.3.139.108 www.central-bank.org.tt 20 23694= 200 Microsoft-IIS/4.0 212.40.192.49 www.cbr.ru 20 36704= 200 Microsoft-IIS/5.0 212.77.204.174 www.qcb.gov.qa 17 4414= 200 Netscape-Enterprise/3.6 64.33.81.17 www.sama.gov.sa 16 8240= 200 E Apache/1.3.26 140.80.193.5 .bank-banque-canada.ca 15 4490= 200 Netscape-Enterprise/3.6 194.129.36.50 .facility.pipex.com 14 2787= 200 E Microsoft-IIS/4.0 212.42.65.83 ns.bank.gov.ua 12 9708= 200 Microsoft-IIS/3.0 195.39.135.3 pc3.cbk.gov.kw 10 1666= 200 NetWare-Enterprise-Web-Server/5.1 203.172.24.1 www.bsp.gov.ph 10 22201= 200 E Microsoft-IIS/4.0 193.126.81.20 vabbinfaru.bportugal.pt 9 1183= 200 E Microsoft-IIS/4.0 216.6.27.61 www.bot-tz.org 9 10617= 200 Microsoft-IIS/5.0 212.124.160.1 avala.yubc.net 6 84729= 200 E Apache 195.202.64.129 .uunet.co.ke 5 16107- 200 E Apache/1.3.4 193.188.112.36 www.bma.gov.bh 4 8537= 200 E Apache/1.3.14 208.224.181.35 www2.boz.zm 4 1608- 200 Netscape-Communications/1.12 193.87.129.130 www.nbs.sk 3 1030= 200 E Apache/1.3.26 196.40.57.36 www.bccr.fi.cr 3 394= 200 E Microsoft-IIS/5.0 202.54.34.254 .computeraccess.co.in 3 3235= 200 E Microsoft-IIS/5.0 212.56.194.129 .mldnet.com 3 753= 200 E Oracle 166.114.45.5 bcbweb.bcb.gov.bo 2 65X 200 Apache/1.3.19 63.241.182.45 .beready.att.net 2 280= 200 E Apache/1.3.20 193.53.62.66 www.nbb.be 1 213= 200 Microsoft-IIS/4.0 194.125.145.44 www.centralbank.ie 1 4074X 200 Microsoft-IIS/4.0 195.193.90.8 dnb.nl 1 2798= 200 E IBM_HTTP_SERVER/1.3.19 196.44.140.173 www.bon.com.na 1 1270= 200 Microsoft-IIS/5.0 202.152.28.166 www.bi.go.id 1 138X 302 Microsoft-IIS/4.0 203.150.3.147 bot.co.th 1 171X 302 Microsoft-IIS/4.0 212.98.162.9 www.nbrb.by 1 312= 500 Microsoft-IIS/5.0 210.174.166.201 www.boj.or.jp 0 18592= 200 E Apache/1.3.26 163.121.229.251 subnet229.idsc.gov.eg 0 12212= 200 E Microsoft-IIS/4.0 193.188.75.1 dinar.cbj.gov.jo 0 8145X 200 Netscape-Enterprise/2.0d 206.136.173.119 www.bcr.gob.sv 0 7723= 200 E Microsoft-IIS/5.0 168.167.71.198 www.bankofbotswana.bw 0 7491- 200 E Microsoft-IIS/4.0 195.215.15.211 www.nationalbanken.dk 0 3837= 200 Lotus-Domino/5.0.9 80.78.66.61 www.bankofalbania.org 0 3435= 200 E Microsoft-IIS/4.0 195.222.32.22 is6.bih.net.ba 0 3232X 200 Netscape-Enterprise/3.6 206.48.105.130 bch.hn 0 3172= 200 E Apache/1.3.9 193.96.201.13 www.ecb.int 0 2795= 200 E Apache/1.3.19 213.250.51.67 www.bsi.si 0 2732= 200 E Microsoft-IIS/4.0 129.35.233.49 www.snb.ch 0 2594= 200 Netscape-Enterprise/3.6 194.102.208.3 www.bnro.ro 0 1606= 200 E Microsoft-IIS/4.0 157.100.207.5 www.bce.fin.ec 0 1246= 200 Netscape-Enterprise/2.0a 203.116.44.235 www.mas.gov.sg 0 1075X 200 Netscape-Enterprise/4.1 64.226.137.140 cbo-oman.org 0 1024= 200 E Microsoft-IIS/5.0 195.250.70.100 cba.am 0 1021= 200 E Microsoft-IIS/5.0 128.214.68.40 www.bof.fi 0 1004= 200 E Apache/1.3.22 210.104.132.11 www.bok.or.kr 0 1002X 200 Oracle 207.50.234.5 www.bceao.int 0 947= 200 Lotus-Domino/5.0.6 209.130.86.220 www.cbaruba.org 0 902= 200 E Rapidsite/Apa/1.3.26 195.76.129.69 moriles.bde.es 0 831= 200 Netscape-Enterprise/4.1 200.85.170.4 sweb.bcn.gob.ni 0 603= 200 E Microsoft-IIS/4.0 170.70.84.3 www.banxico.org.mx 0 599= 200 E Microsoft-IIS/4.0 195.142.236.1 tcmb580.tcmb.gov.tr 0 584= 200 E ZZZ 193.203.230.241 www.bancaditalia.it 0 578= 200 E Apache/1.3.20 194.198.134.26 www.riksbank.se 0 550= 200 194.154.192.107 www-a.pt.lu 0 505= 200 E Apache/1.3.20 194.106.64.41 smtp.kemmunet.net.mt 0 487= 200 E Apache/1.3.0 202.123.26.122 bom.intnet.mu 0 455= 200 E Microsoft-IIS/5.0 200.44.39.14 www.bcv.org.ve 0 359= 200 E Apache/1.3.0 62.56.182.2 www.bnr.rw 0 271= 200 E Microsoft-IIS/5.0 193.71.196.92 virtual-3.nettvik.no 0 255= 200 E Apache/1.3.9 66.38.187.91 .gtconnect.net 0 238= 200 E Microsoft-IIS/5.0 196.29.242.10 www.resbank.co.za 0 75= 200 E Microsoft-IIS/4.0 200.1.156.10 pluto.sr.net 0 40= 200 E Apache/1.3.0 205.214.220.204 www.centralbank.org.bb 0 299= 302 Lotus-Domino/5.0.6 194.149.13.9 vservers.datanet.hu 0 211X 302 GTS-DataNet/1.0 195.38.160.228 eagle.nbkr.kg 0 129= 400 Oracle_Web_Listener/4.0.8.1.0 200.10.237.38 www.bcentral.cl 0 172= 403 Microsoft-IIS/5.0 202.186.13.99 ash3.skali.net 0 172= 403 Microsoft-IIS/5.0 63.99.209.6 www.bankofsudan.org 0 172= 403 Microsoft-IIS/5.0 213.208.1.8 www.oenb.co.at 0 164= 404 Engine: 212.58.126.126 webserver.nbg.gov.ge 0 111= 404 Microsoft-IIS/5.0 196.3.81.152 .codetel.net.do 0 102= 404 Microsoft-IIS/4.0 62.23.1.152 .rev.coltfrance.com 0 102= 404 Microsoft-IIS/4.0 63.241.73.115 www.bdl.gov.lb 0 102= 404 Microsoft-IIS/4.0 200.30.148.35 mail.banguat.gob.gt 0 1160= 406 Microsoft-IIS/4.0 161.58.231.100 reservebank.gov.fj 0 0 161.58.232.244 bankisrael.gov.il 0 0 193.85.201.130 web1.kpnqwest.cz 0 0 194.30.133.77 evagoras.logos.cy.net 0 0 195.136.199.105 www.nbp.pl 0 0 195.26.128.195 www.nbrm.gov.mk 0 0 202.128.227.99 www.info.gov.hk 0 0 209.226.86.5 www.boj.org.jm 0 0 212.107.32.146 www.ee 0 0 213.167.148.178 www.sedlabanki.is 0 0 216.72.142.131 .globalone.net.co 0 0Legend: Pig, Score by Webhogs program. Bytes, length of content read. =, same as, or -, less than Content-Length in http header. X, no Content-Length stated. Resp, http header response code. E, etag in http header. Server, software description in http header. The two character country codes (ve, pe, hr, etc) indicate countries as shown in this list.(1) 48 sites showed Pig Scores greater than zero and are listed in descending order. The average Pig Score in this group was 22, about double the overall average found with random sampling of web sites [Web Hogs Pen].
Please join us in welcoming Venezuela (ve) into the One Hundred Club section of the Web Hogs Pen. Also in the top ten Pig Scorers, we have Peru (pe), Croatia/Hrvatska (hr), New Zealand (nz), Bulgaria (bg), Yemen (ye), Malawi, Ecuador (eccb), Germany (de) and the United States (ny.frb.org). The chairpersons for these central banks have their work cut out for them. "We are not running some silly piggy bank here," might be the refrain heard. "How can the nation prosper with all this piggy content on our web site? Get the webmaster in my office immediately."
(2) 36 central bank sites responded with the 200 OK code and their content showed zero Pig Scores. Japan (jp) was in this group. As one of the major economic powers participating in international economic summits, an agenda item for a future meeting will be for Japan to teach the U.S. and Germany how to make central bank web pages.
These 36 central banks are hereby awarded the privilege of displaying the official WebHogs seal of approval -- "Certified pig-free by Maj. Hog." This seal suggests that the leadership can effectively delegate authority as evidenced by the pig-free web page of the central bank. Maj. Hog is the only known authority who has said that the stock markets in countries carrying this seal are due for an upswing.
Considering groups (1) and (2), more than half of these 84 responsive sites showed positive Pig Scores. The "percent Pigs" (48 / 84) index was somewhat greater then seen generally [Web Hogs Pen], but perhaps not enough to rattle the futures markets.
(3) 12 central banks responded with error codes (302, 400, 403, etc). This result alone should not be construed as reason for financial panic in those countries. However, mild wondering might be in order.
(4) 11 of the central banks surveyed accepted a connection from the WebHogs client program but refused to say anything, not even an error code, when asked for their default site page. For these cases, moderate wondering might be in order.
Combining groups (3) and (4), we have 23 of 107 countries tested which may not have reliable access to web sites where the central bank presents content.
More than half of the responsive central banks (47 or 84) used etag entries in their http headers. All of the sites using etag, except one, did not use cookies. Of the 14 sites using cookies, Brazil (br) was the cookie kook among central banks, using four cookies in its http header.
What is the web server software used by central banks, presumably chosen by some of the best financial brains in the world? Table 1 shows Microsoft-IIS (n = 49), Apache (n = 21) and Netscape (n = 11) were the most popular. That is, more than half of the responsive servers (49 of 84) were running Microsoft-IIS, which has previously been compromized by several self-propagating viruses, which may allow unauthorized access to infected servers. It is often true that web server machines are not connected to the actual network used by the organization where confidential information might be stored. Hopefully this is generally true for the central banks surveyed.
If the reader saw a trusted, honest neighbor dressed up like a jewel thief -- black outfit with a ski mask -- carrying burglar tools -- crow bar, lock cutter, glass cutter, etc -- with a sack to carry off loot, the question might arise, "What are you doing? You look like a bandit." The answer might be, "I'm going to a costume party." Now we ask some of the central banks, "What are you doing?"
Table 2 lists the top users of scripts in central bank web pages. These were the central banks dressed up like bandits, so to speak. Scripts are programs to be run on the user's computer. They are either included in the textual content of the web page in html tags or are downloaded separately from the same site or another location. We found two rather large nations, the United States (ny.frb.org) and Russia (ru), may be taking lessons from Malawi, which tried to run 10 programs (Scripts) on the computer of the user who dared to surf to that central bank web page with browser scripts enabled. The page contained 19 references to Java scripts (Java) and defined 1 function (Func) used by the programs.Table 2: Central Bank Web Page Script Kiddies
Address Name Pig Scripts Java Func JS208.148.169.23 resbank.malawi.net 40 10 19 1 216.87.14.90 www.bcv.org.ve 140 7 30 16 206.138.197.2 firewall-all.ny.frb.org 37 7 6 5 212.40.192.49 www.cbr.ru 20 7 8 196.3.139.108 www.central-bank.org.tt 20 5 5 1 212.42.65.83 ns.bank.gov.ua 12 5 5 62.200.195.22 www.bnb.bg 47 4 4 4 1 195.94.0.103 www.centralbank.gov.ye 44 4 4 3 193.95.69.11 www.bct.gov.tn 33 4 7 1 3 194.152.217.18 HNBnetra.hnb.hr 74 3 21 10 203.97.36.19 rbnz.govt.nz 57 3 6 12 206.180.238.12 bankofsierraleone.com 37 3 6 2 200.69.211.82 www.bcra.gov.ar 25 3 4 1 2 200.85.47.18 www.bcp.gov.py 25 3 1 1 195.8.1.171 www.bancomoc.mz 22 3 6 2 1 Legend: Pig, Score by Webhogs program. Scripts, number of script programs the web page may run (may depend on user choices). Java, number of references to Java scripts (may indicate the number of times particular scripts might be run). Func, number of functions defined in script tags in the web page (functions are mini-programs within a program). JS, number of .js programs that may be downloaded in addition to scripts already in the web page content.The leader in downloading programs to run on the visitor's computer was the United States, which may attempt separate transfers of up to 5 of 7 Javascript programs (JS) to the user's computer. Is the Federal Reserve Bank (FRB) on the way to a costume party? The near winners were Yemen (ye) and Tunisia (tn), each invading the visitor's computer with three Java program downloads.
If somebody attempted to transfer and run programs on the computers of the FRB, an arrest might be in the offing. The difference here is that the user voluntarily visits the site which voluntarily provides content. The similarity is that neither computer vandals and bandits or the FRB volunteers information about these attempts. Neither provides a notice, "Please wait while we download software to take over your computer." Has the reader ever noticed a flurry of activity -- hard drive active, pauses, etc -- upon visiting a web page? Guess what is happening. Somebody managing the web site is running programs using your computer, your hard drive and your RAM. Forget about the programs you want running; maybe these will be swapped out of RAM for the intruders to take control.
Let us close this hopefully fun report on central banks by noting that intrusive html is not necessary to present web content, even for the big and sophisticated. Example: at last check, the home page of www.fbi.gov had a zero Pig Score and was able to present text and graphics in an attractive and informative manner. The author has previously visited the FRB site and found useful and interesting information, all with scripting disabled in the browser. As noted above, the central banks of Japan and many other countries (Table 1) are able to write script-free web pages.
The name of the game for central banks is credibility. Certainly, being piggy and greedy with respect to the computer resources of other people is incongruent with a public image suitable for central banks. So let us look for dieting where necessary to reduce those Pig Scores. As always, WebHogs users may help by forwarding their polite comments and the WebHogs transcript to the corresponding webmasters.
Copyright © 2002 Global Services
Original publication: September 11, 2002Back to Net Census