funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Fwd: [ISN] US government fails to secure its websites

From: Paul Ferguson <fergdawgster () gmail com>
Date: Thu, 12 Aug 2010 00:18:48 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

FYI,

- - ferg


- ---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>
Date: Thu, Aug 12, 2010 at 12:08 AM
Subject: [ISN] US government fails to secure its websites
To: isn () infosecnews org


http://www.theinquirer.net/inquirer/news/1727426/us-government-fails-secure
- -websites

By Lawrence Latif
The Inquirer
Aug 11 2010

GUARDIAN OF THE AMERICAN PEOPLE the Department of Homeland Security
(DHS) is seemingly unable to set up a secure website correctly.

The website for the high profile cabinet department that is supposed to
protect the US from terrorists and has a reported budget of $52 billion
throws up errors when users try to access the secure site through the
HTTPS protocol.

Browsers such as Firefox, Safari and Chrome issue warnings suggesting
the site is not quite what it seems. The problem is down to the fact
that while the certificate was issued for the official DHS domain name,
the technological wunderkind in charge of matters forgot that hosting
duties are actually farmed out to Akamai.

So when the content is loaded from Akamai's servers, which are not
covered by the SSL certificate issued for the DHS domain, browsers
rightly throw up a warning suggesting something dodgy is going on. While
security warnings that the DHS website is some dodgy knock-off might be
ironic, in the case of the State Department's website, it's of far
greater concern.

[...]


- --
Visit InfoSec News!
http://www.infosecnews.org/

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)

wj8DBQFMY6BQq1pz9mNUZTMRAgM1AKD00DZdWxozM7wh0DsvUgfg8HdqEwCgz/PP
6YB0i+vHDKSwnjyjS/1O2ME=
=hnIp
-----END PGP SIGNATURE-----





-- 
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawgster(at)gmail.com
 ferg's tech blog: http://fergdawg.blogspot.com/

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: