[ISN] US government fails to secure its websites

From: InfoSec News <alerts_at_private>
Date: Thu, 12 Aug 2010 02:08:52 -0500 (CDT)
http://www.theinquirer.net/inquirer/news/1727426/us-government-fails-secure-websites

By Lawrence Latif
The Inquirer
Aug 11 2010

GUARDIAN OF THE AMERICAN PEOPLE the Department of Homeland Security 
(DHS) is seemingly unable to set up a secure website correctly.

The website for the high profile cabinet department that is supposed to 
protect the US from terrorists and has a reported budget of $52 billion 
throws up errors when users try to access the secure site through the 
HTTPS protocol.

Browsers such as Firefox, Safari and Chrome issue warnings suggesting 
the site is not quite what it seems. The problem is down to the fact 
that while the certificate was issued for the official DHS domain name, 
the technological wunderkind in charge of matters forgot that hosting 
duties are actually farmed out to Akamai.

So when the content is loaded from Akamai's servers, which are not 
covered by the SSL certificate issued for the DHS domain, browsers 
rightly throw up a warning suggesting something dodgy is going on. While 
security warnings that the DHS website is some dodgy knock-off might be 
ironic, in the case of the State Department's website, it's of far 
greater concern.

[...]


--
Visit InfoSec News!
http://www.infosecnews.org/
Received on Thu Aug 12 2010 - 00:08:52 PDT

This archive was generated by hypermail 2.2.0 : Thu Aug 12 2010 - 00:17:16 PDT