Least they get value for money given what they pay. :(
MI5 stinks up website with dead SSL certificate
Blighty's intelligence agency MI5 forgot to replace the expired digital certificate for its website over the weekend. The schoolboy error meant anybody trying to securely access the Security Service's site - perhaps to report suspected terrorist activity - would have been warned by their browser that the connection was …
-
-
Monday 16th April 2012 13:07 GMT My Alter Ego
Re: The problem must be
Bad excuse, our most recent certificate was created on the 19th December 2011, and expires on the 12 January 2015, replacing the previous cert that expired on the 12 January 2012.
You should always be able to start using the new cert before the old one expires, meaning your IT staff can can enjoy an alcohol fuel weekend.
-
Monday 16th April 2012 16:24 GMT ElNumbre
Re: The problem must be
I assume the digital certificate procurement consultant didn't hand the issued certificate to the secure certificate logistics consultant who could then pass it to certified digital certificate installation consultant.
You know the old saying - "Hire Capita*, get consultants".
* or any of the other outsourcing IT companies.
-
-
Monday 16th April 2012 12:57 GMT LinkOfHyrule
"Since the MI5 website redirects to an SSL/TLS HTTPS-only version, they have effectively created a Denial of Service attack on themselves,"
They better bloody arrest themselves then and do some self waterboarding (instructions are available on certain adult websites) and then ask the US if they can be extradited and sent to gitmo.
Theirs is the orange boilersuit.
-
Monday 16th April 2012 15:30 GMT koolholio
Use of terminology
Denial of service is classed as a DDoS, Comms blocking or disconnection.
An alert is not a denial of service, it is purely a programmatical/human/weekend working error!
An expired SSL certificate (used mainly in HTTPS connections) are rarely a 'secure' method using consumer based cryptography, as multiple protocol level exploits and stolen certificates have proved!
-
Tuesday 17th April 2012 14:32 GMT Trollololololol'd?
Re: Use of terminology
DoS stands for Denial of Service. If you can't use the service, then it is a Denial of Service condition, regardless of the cause.
DDoS stands for Distributed Denial of Service and it means that the DoS was caused by multiple sources. A DDoS is a type of DoS.
You give off the perception that you are throwing around terms that you don't understand to try to sound smart.
If someone was willing to click through regardless of the SSL error then they could still get the service and it wasn't a DoS condition, but if some people were not clicking through then they weren't getting service and it is fair to say there was a DoS condition.
-
-
Monday 16th April 2012 19:05 GMT Anonymous Coward
"'This connection is untrusted' web browser warnings do not give the impression of professional competence and respect for internet confidentiality, which potential users of their SSL/TLS encrypted 'Reporting suspected threats' web form should expect, and upon which their lives and the lives of potential British targets may depend on."
The last "on" is redundant as, I suspect, is their reputation.
-
This post has been deleted by its author