Web site security theatre

'Security theatre' is the term I've seen Bruce Schneier use for pointless things that are done mostly to make it look like you're doing something about security. Websites are especially prone to this disease, because everyone knows that the Internet and the web are insecure and overrun by hackers, right?

Today's shining example is the US Air Force Cheyenne Mountain public website, which seems to be pretty much a PR site (complete with cheesy photos). Despite this un-sensitive usage, Cheyenne Mountain has decided to make it a https based website. Just in case the Air Force doesn't want a hacker in the middle knowing which bits of their PR you browsed, or something.

What elevates this into true security theatre levels is that their SSL certificate expired September 6th, after a three year run (instead of the usual one year).

(And while I'm here, I must throw some brickbats in Firefox's direction for their certificate display; in this day and age, showing dates with unlabeled two-digit years is asking for it. Quick, was this entry written before or after '06/05/07'?)

These are my WanderingThoughts
(About the blog)

GettingAround
Full index of entries
Recent comments

This is part of CSpace, and is written by ChrisSiebenmann.

* * *

Atom feeds are available; see the bottom of most pages.

This is a DWiki.
(Help)

Categories: links, linux, programming, python, snark, solaris, spam, sysadmin, tech, unix, web

Search:
Written on 26 September 2006.
(Previous | Next)
Page tools: View Source, Add Comment.
Search:
Login: Password:
Atom Syndication: Recent Comments.
Last modified: Tue Sep 26 14:40:24 2006
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.