back to article Crimestoppers finally revamps weak crypto. Take your time guys

UK crime tip-off service Crimestoppers has revamped its weak website crypto after months of running a system that relied upon obsolete protocols. Crimestoppers "secure" form was previously insecure – rating an “F” in tests using the industry standard SSL Labs service last month – chiefly because of the site’s use of the SSLv2 …

  1. Camilla Smythe

    Associated...

    Previously,

    https://fearless.org/give-info-anonymously

    Offered that page over a non HTTPS connection but the 'person' concerned got a 'public' slap for it. Now it is over HTTPS....

    Association with Crime Stoppers,

    https://www.fearless.org/about

    https://www.ssllabs.com/ssltest/analyze.html?d=fearless.org

    Scores similar.... I mean worse. C as opposed to B.

  2. choleric

    Tricksy

    Astonishingly El Reg achieves an A on the Qualys website for www.theregister.co.uk. I'm not sure how that is possible, or indeed why it is possible, given that no public content I am aware of is served over HTTPS (including user login pages).

    Way to go El Reg! I look forward to the all-secure rollout in due course.

  3. cbars Bronze badge

    ugh

    "the window of opportunity for compromising the security of information was extremely small. All information provided is immediately diverted to our main system which is highly secure."

    I've never known a miscreant to enter through a small window, otherwise known as a gaping hole. They prefer doors and large floor to ceiling windows.

    Mug.

  4. Anonymous Coward
    Anonymous Coward

    ISO27001 big deal

    If they were also ISO27002 certified they'd have probably fixed this issue much earlier.

  5. .@.

    Hmm, let me go to https://www.theregister.co.uk to see what SSL protocol El Reg uses...

    Oh! How queer! It redirects me back to an insecure protocol.

    Glass houses ... stones ... etc ... Hmph!

    "El Reg is yet to respond to many readers' questions about its website crypto."

    There, FTFY ...

    1. Anonymous Coward
      Anonymous Coward

      In my opinion, browsers should display a warning when a url requested via https tries to redirect to a non https protocol

      1. Tomato42
        Black Helicopters

        browsers should show a big fat warning when accessing a site over HTTP, irrespective of cause

        chopper icon because we all know they listen

    2. sabroni Silver badge

      re: Glass houses ... stones ... etc ... Hmph!

      Yeah, because I regularly come on here to post info about local crims who will then want to knee cap me.

      I see no difference between a news site that doesn't secure itself and an anonymous crime reporting site that doesn't secure itself. They're both web sites after all. How different could they be?

  6. Anonymous Coward
    Anonymous Coward

    Does anyone ever think el reg will adopt HTTPS? It'll get picked to pieces.

    How on earth would the security services monitor all us dangerous people that just have knowledge and no will nor want to use it?

  7. John Tserkezis

    "The organisation is yet to respond to El Reg’s query about its website crypto."

    They did, and hacked it just to prove the point.

    But all they got was a single credit card belonging to some guy called "Phuc Dat Bich".

    He claims he's real.

    http://www.smh.com.au/technology/technology-news/phuc-dat-bich-the-australian-man-with-a-name-so-awkward-no-one-believes-him-20151120-gl4egu.html

    1. John Tserkezis

      "He claims he's real."

      I have to retract that. Turns out he's a liar. The passport in the way of "evidence" was photoshopped.

      http://www.smh.com.au/technology/web-culture/phuc-dat-faked-it-the-man-with-awkward-name-turns-out-to-be-a-hoax-20151125-gl840w.html?page=-1

      Now he's claiming his name is really "Joe Carr", with the original facebook page claiming he works at the NAB (bank).

      I bet that's all a lie too. I bet he's unemployed, his name is on the books as Joanne, and he's claiming child support for six children he doesn't really have. In Blacktown NSW of course.

  8. Anonymous Coward
    Anonymous Coward

    Why do they need crypto?

    I mean, doesn't Theresa May think it's a really, really bad thing? They should be immediately investigated as possible terrorists...

  9. Mark 65

    The mistake you make...

    ...is to think they actually give a fuck. As has been shown by El Reg's constant use of http, some people just really don't.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon