Blighty's intelligence agency MI5 forgot to replace the expired digital certificate for its website over the weekend. The schoolboy error meant anybody trying to securely access the Security Service's site - perhaps to report suspected terrorist activity - would have been warned by their browser that the connection was …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Monday 16th April 2012 12:28 GMT Anonymous Coward

Least they get value for money given what they pay. :(

1 0
Monday 16th April 2012 12:50 GMT John G Imrie

The problem must be

No one in IT working over the weekend.

IT icon for where's the IT staff.

0 0
1. Monday 16th April 2012 13:07 GMT My Alter Ego
  
  Re: The problem must be
  
  Bad excuse, our most recent certificate was created on the 19th December 2011, and expires on the 12 January 2015, replacing the previous cert that expired on the 12 January 2012.
  
  You should always be able to start using the new cert before the old one expires, meaning your IT staff can can enjoy an alcohol fuel weekend.
  
  0 0
2. Monday 16th April 2012 16:24 GMT ElNumbre
  
  Re: The problem must be
  
  I assume the digital certificate procurement consultant didn't hand the issued certificate to the secure certificate logistics consultant who could then pass it to certified digital certificate installation consultant.
  
  You know the old saying - "Hire Capita*, get consultants".
  
  * or any of the other outsourcing IT companies.
  
  0 0
Monday 16th April 2012 12:51 GMT My Alter Ego

Perhaps it was deliberate

Training people to get used to clicking continue whenever they see an invalid certificate warning means they can MITM SSL connections a lot easier.

Mine's the one with the tin foil hood.

1 0
Monday 16th April 2012 12:57 GMT LinkOfHyrule

"Since the MI5 website redirects to an SSL/TLS HTTPS-only version, they have effectively created a Denial of Service attack on themselves,"

They better bloody arrest themselves then and do some self waterboarding (instructions are available on certain adult websites) and then ask the US if they can be extradited and sent to gitmo.

Theirs is the orange boilersuit.

5 0
Monday 16th April 2012 13:03 GMT Anonymous Coward

I reckon it's a trick.

Anyone who clicks through is automatically deemed too stupid to have a job.

1 0
Monday 16th April 2012 13:47 GMT mike2R

"The digital paperwork expired on Sunday, 16 April, and a new one was installed on Monday morning. "

Just to point out that today is Monday, 16th April. Sunday was the 15th.

0 0
1. Monday 16th April 2012 14:02 GMT AlexS
  
  Ahh that's it
  
  MI5 are using the same Calendar software as The Register. Clearly it doesn't handle leap years.
  
  1 0
2. Monday 16th April 2012 16:44 GMT mike2R
  
  I see the article has been updated.
  
  But what does this mean? Is there a weakness in the Gregorian calender?
  
  WE SHOULD BE TOLD!?!
  
  0 0
Monday 16th April 2012 15:30 GMT koolholio

Use of terminology

Denial of service is classed as a DDoS, Comms blocking or disconnection.

An alert is not a denial of service, it is purely a programmatical/human/weekend working error!

An expired SSL certificate (used mainly in HTTPS connections) are rarely a 'secure' method using consumer based cryptography, as multiple protocol level exploits and stolen certificates have proved!

0 0
1. Tuesday 17th April 2012 14:32 GMT Trollololololol'd?
  
  Re: Use of terminology
  
  DoS stands for Denial of Service. If you can't use the service, then it is a Denial of Service condition, regardless of the cause.
  
  DDoS stands for Distributed Denial of Service and it means that the DoS was caused by multiple sources. A DDoS is a type of DoS.
  
  You give off the perception that you are throwing around terms that you don't understand to try to sound smart.
  
  If someone was willing to click through regardless of the SSL error then they could still get the service and it wasn't a DoS condition, but if some people were not clicking through then they weren't getting service and it is fair to say there was a DoS condition.
  
  0 0
Monday 16th April 2012 19:05 GMT Anonymous Coward

"'This connection is untrusted' web browser warnings do not give the impression of professional competence and respect for internet confidentiality, which potential users of their SSL/TLS encrypted 'Reporting suspected threats' web form should expect, and upon which their lives and the lives of potential British targets may depend on."

The last "on" is redundant as, I suspect, is their reputation.

0 0
1. Tuesday 17th April 2012 20:52 GMT Chris Sake
  
  Yes, it is a hanging preposition.
  
  0 0
Monday 16th April 2012 20:04 GMT Anonymous Coward

What, nobody making the obvious comment?

Nobody taking the obvious comment? then I shall:

Do you trust ANY government's web sites? Valid cert or no....

0 0
Monday 16th April 2012 20:58 GMT Daniel B.

Someone made a doo-doo

If the cert is valid since 25 March, 2012 ... someone didn't do their job. You should be replacing the cert as soon as you get the new one (and it's valid) instead of waiting 'till the very last moment.

0 0
Monday 16th April 2012 22:06 GMT Anonymous Coward

Utter fail

Like, its not as if you can't know up front how long your certificate will be valid....

0 0
Tuesday 17th April 2012 04:49 GMT Christian Berger

Luckily

Since terrorism is more of a figment of the sick imagination of some rulers than an actual problem (meaning there are _far_ worse actual problems), it's not a problem if the site is down for a bit.

0 1
Tuesday 17th April 2012 07:20 GMT David Gale

Why?

Why are they buying third party certificates?

0 0
1. Tuesday 17th April 2012 09:36 GMT dajames
  
  Re: Why?
  
  "Why are they buying third party certificates?"
  
  They have their own CA, I'm sure ... but if you knew their root cert they might have to shoot you!
  
  0 0
This post has been deleted by its author