AOH :: ISNQ6842.HTM

US government fails to secure its websites

US government fails to secure its websites
US government fails to secure its websites


http://www.theinquirer.net/inquirer/news/1727426/us-government-fails-secure-websites 

By Lawrence Latif
The Inquirer
Aug 11 2010

GUARDIAN OF THE AMERICAN PEOPLE the Department of Homeland Security 
(DHS) is seemingly unable to set up a secure website correctly.

The website for the high profile cabinet department that is supposed to 
protect the US from terrorists and has a reported budget of $52 billion 
throws up errors when users try to access the secure site through the 
HTTPS protocol.

Browsers such as Firefox, Safari and Chrome issue warnings suggesting 
the site is not quite what it seems. The problem is down to the fact 
that while the certificate was issued for the official DHS domain name, 
the technological wunderkind in charge of matters forgot that hosting 
duties are actually farmed out to Akamai.

So when the content is loaded from Akamai's servers, which are not 
covered by the SSL certificate issued for the DHS domain, browsers 
rightly throw up a warning suggesting something dodgy is going on. While 
security warnings that the DHS website is some dodgy knock-off might be 
ironic, in the case of the State Department's website, it's of far 
greater concern.

[...]


--
Visit InfoSec News!
http://www.infosecnews.org/

Site design & layout copyright © 1986- CodeGods