Blighty's intelligence agency MI5 forgot to replace the expired digital certificate for its website over the weekend. The schoolboy error meant anybody trying to securely access the Security Service's site - perhaps to report suspected terrorist activity - would have been warned by their browser that the connection was untrusted …
Least they get value for money given what they pay. :(
The problem must be
No one in IT working over the weekend.
IT icon for where's the IT staff.
Re: The problem must be
Bad excuse, our most recent certificate was created on the 19th December 2011, and expires on the 12 January 2015, replacing the previous cert that expired on the 12 January 2012.
You should always be able to start using the new cert before the old one expires, meaning your IT staff can can enjoy an alcohol fuel weekend.
Re: The problem must be
I assume the digital certificate procurement consultant didn't hand the issued certificate to the secure certificate logistics consultant who could then pass it to certified digital certificate installation consultant.
You know the old saying - "Hire Capita*, get consultants".
* or any of the other outsourcing IT companies.
Perhaps it was deliberate
Training people to get used to clicking continue whenever they see an invalid certificate warning means they can MITM SSL connections a lot easier.
Mine's the one with the tin foil hood.
"Since the MI5 website redirects to an SSL/TLS HTTPS-only version, they have effectively created a Denial of Service attack on themselves,"
They better bloody arrest themselves then and do some self waterboarding (instructions are available on certain adult websites) and then ask the US if they can be extradited and sent to gitmo.
Theirs is the orange boilersuit.
I reckon it's a trick.
Anyone who clicks through is automatically deemed too stupid to have a job.
"The digital paperwork expired on Sunday, 16 April, and a new one was installed on Monday morning. "
Just to point out that today is Monday, 16th April. Sunday was the 15th.
Ahh that's it
MI5 are using the same Calendar software as The Register. Clearly it doesn't handle leap years.
I see the article has been updated.
But what does this mean? Is there a weakness in the Gregorian calender?
WE SHOULD BE TOLD!?!
Use of terminology
Denial of service is classed as a DDoS, Comms blocking or disconnection.
An alert is not a denial of service, it is purely a programmatical/human/weekend working error!
An expired SSL certificate (used mainly in HTTPS connections) are rarely a 'secure' method using consumer based cryptography, as multiple protocol level exploits and stolen certificates have proved!
Re: Use of terminology
DoS stands for Denial of Service. If you can't use the service, then it is a Denial of Service condition, regardless of the cause.
DDoS stands for Distributed Denial of Service and it means that the DoS was caused by multiple sources. A DDoS is a type of DoS.
You give off the perception that you are throwing around terms that you don't understand to try to sound smart.
If someone was willing to click through regardless of the SSL error then they could still get the service and it wasn't a DoS condition, but if some people were not clicking through then they weren't getting service and it is fair to say there was a DoS condition.
"'This connection is untrusted' web browser warnings do not give the impression of professional competence and respect for internet confidentiality, which potential users of their SSL/TLS encrypted 'Reporting suspected threats' web form should expect, and upon which their lives and the lives of potential British targets may depend on."
The last "on" is redundant as, I suspect, is their reputation.
Yes, it is a hanging preposition.
What, nobody making the obvious comment?
Nobody taking the obvious comment? then I shall:
Do you trust ANY government's web sites? Valid cert or no....
Someone made a doo-doo
If the cert is valid since 25 March, 2012 ... someone didn't do their job. You should be replacing the cert as soon as you get the new one (and it's valid) instead of waiting 'till the very last moment.
Like, its not as if you can't know up front how long your certificate will be valid....
Since terrorism is more of a figment of the sick imagination of some rulers than an actual problem (meaning there are _far_ worse actual problems), it's not a problem if the site is down for a bit.
Why are they buying third party certificates?
"Why are they buying third party certificates?"
They have their own CA, I'm sure ... but if you knew their root cert they might have to shoot you!
- Xmas Round-up Ten top tech toys to interface with a techie’s Christmas stocking
- Google embiggens its fat vid pipe Chromecast with TEN new supported apps
- Microsoft: Don't listen to 4chan ... especially the bit about bricking Xbox Ones
- Shivering boffins nail Earth's coldest spot
- Exploits no more! Firefox 26 blocks all Java plugins by default