Wandering Thoughts archives

2006-09-26

WebsiteSecurityTheatre

Web site security theatre

'Security theatre' is the term I've seen Bruce Schneier use for pointless things that are done mostly to make it look like you're doing something about security. Websites are especially prone to this disease, because everyone knows that the Internet and the web are insecure and overrun by hackers, right?

Today's shining example is the US Air Force Cheyenne Mountain public website, which seems to be pretty much a PR site (complete with cheesy photos). Despite this un-sensitive usage, Cheyenne Mountain has decided to make it a https based website. Just in case the Air Force doesn't want a hacker in the middle knowing which bits of their PR you browsed, or something.

What elevates this into true security theatre levels is that their SSL certificate expired September 6th, after a three year run (instead of the usual one year).

(And while I'm here, I must throw some brickbats in Firefox's direction for their certificate display; in this day and age, showing dates with unlabeled two-digit years is asking for it. Quick, was this entry written before or after '06/05/07'?)

WebsiteSecurityTheatre written at 14:40:24; Add Comment

(Previous day | Next day)
By day for September 2006: 5 9 21 26; before September; after September.

These are my WanderingThoughts
(About the blog)

Full index of entries
Recent comments

This is part of CSpace, and is written by ChrisSiebenmann.
Twitter: @thatcks

* * *

Categories: links, linux, programming, python, snark, solaris, spam, sysadmin, tech, unix, web

This is a DWiki.
GettingAround
(Help)

Search:
Page tools: See As Normal.
Search:
Login: Password:
Atom Syndication: Recent Pages, Recent Comments.
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.