Feeds

back to article MI5 stinks up website with dead SSL certificate

Blighty's intelligence agency MI5 forgot to replace the expired digital certificate for its website over the weekend. The schoolboy error meant anybody trying to securely access the Security Service's site - perhaps to report suspected terrorist activity - would have been warned by their browser that the connection was untrusted …

COMMENTS

This topic is closed for new posts.
FAIL

Least they get value for money given what they pay. :(

1
0
Silver badge
IT Angle

The problem must be

No one in IT working over the weekend.

IT icon for where's the IT staff.

0
0
Pint

Re: The problem must be

Bad excuse, our most recent certificate was created on the 19th December 2011, and expires on the 12 January 2015, replacing the previous cert that expired on the 12 January 2012.

You should always be able to start using the new cert before the old one expires, meaning your IT staff can can enjoy an alcohol fuel weekend.

0
0
Bronze badge

Re: The problem must be

I assume the digital certificate procurement consultant didn't hand the issued certificate to the secure certificate logistics consultant who could then pass it to certified digital certificate installation consultant.

You know the old saying - "Hire Capita*, get consultants".

* or any of the other outsourcing IT companies.

0
0
Coat

Perhaps it was deliberate

Training people to get used to clicking continue whenever they see an invalid certificate warning means they can MITM SSL connections a lot easier.

Mine's the one with the tin foil hood.

1
0
Silver badge
Coat

"Since the MI5 website redirects to an SSL/TLS HTTPS-only version, they have effectively created a Denial of Service attack on themselves,"

They better bloody arrest themselves then and do some self waterboarding (instructions are available on certain adult websites) and then ask the US if they can be extradited and sent to gitmo.

Theirs is the orange boilersuit.

5
0
Anonymous Coward

I reckon it's a trick.

Anyone who clicks through is automatically deemed too stupid to have a job.

1
0
Boffin

"The digital paperwork expired on Sunday, 16 April, and a new one was installed on Monday morning. "

Just to point out that today is Monday, 16th April. Sunday was the 15th.

0
0
Facepalm

Ahh that's it

MI5 are using the same Calendar software as The Register. Clearly it doesn't handle leap years.

1
0
Go

I see the article has been updated.

But what does this mean? Is there a weakness in the Gregorian calender?

WE SHOULD BE TOLD!?!

0
0
WTF?

Use of terminology

Denial of service is classed as a DDoS, Comms blocking or disconnection.

An alert is not a denial of service, it is purely a programmatical/human/weekend working error!

An expired SSL certificate (used mainly in HTTPS connections) are rarely a 'secure' method using consumer based cryptography, as multiple protocol level exploits and stolen certificates have proved!

0
0

Re: Use of terminology

DoS stands for Denial of Service. If you can't use the service, then it is a Denial of Service condition, regardless of the cause.

DDoS stands for Distributed Denial of Service and it means that the DoS was caused by multiple sources. A DDoS is a type of DoS.

You give off the perception that you are throwing around terms that you don't understand to try to sound smart.

If someone was willing to click through regardless of the SSL error then they could still get the service and it wasn't a DoS condition, but if some people were not clicking through then they weren't getting service and it is fair to say there was a DoS condition.

0
0
Anonymous Coward

"'This connection is untrusted' web browser warnings do not give the impression of professional competence and respect for internet confidentiality, which potential users of their SSL/TLS encrypted 'Reporting suspected threats' web form should expect, and upon which their lives and the lives of potential British targets may depend on."

The last "on" is redundant as, I suspect, is their reputation.

0
0
Joke

Yes, it is a hanging preposition.

0
0
Anonymous Coward

What, nobody making the obvious comment?

Nobody taking the obvious comment? then I shall:

Do you trust ANY government's web sites? Valid cert or no....

0
0
Silver badge
FAIL

Someone made a doo-doo

If the cert is valid since 25 March, 2012 ... someone didn't do their job. You should be replacing the cert as soon as you get the new one (and it's valid) instead of waiting 'till the very last moment.

0
0
Silver badge
FAIL

Utter fail

Like, its not as if you can't know up front how long your certificate will be valid....

0
0
Silver badge

Luckily

Since terrorism is more of a figment of the sick imagination of some rulers than an actual problem (meaning there are _far_ worse actual problems), it's not a problem if the site is down for a bit.

0
1

Why?

Why are they buying third party certificates?

0
0
Bronze badge
Big Brother

Re: Why?

"Why are they buying third party certificates?"

They have their own CA, I'm sure ... but if you knew their root cert they might have to shoot you!

0
0

This post has been deleted by its author

This topic is closed for new posts.