Web site security theatre

September 26, 2006

'Security theatre' is the term I've seen Bruce Schneier use for pointless things that are done mostly to make it look like you're doing something about security. Websites are especially prone to this disease, because everyone knows that the Internet and the web are insecure and overrun by hackers, right?

Today's shining example is the US Air Force Cheyenne Mountain public website, which seems to be pretty much a PR site (complete with cheesy photos). Despite this un-sensitive usage, Cheyenne Mountain has decided to make it a https based website. Just in case the Air Force doesn't want a hacker in the middle knowing which bits of their PR you browsed, or something.

What elevates this into true security theatre levels is that their SSL certificate expired September 6th, after a three year run (instead of the usual one year).

(And while I'm here, I must throw some brickbats in Firefox's direction for their certificate display; in this day and age, showing dates with unlabeled two-digit years is asking for it. Quick, was this entry written before or after '06/05/07'?)

Written on 26 September 2006.
« Some reactions to a dual monitor X setup
Why people still like TCL/TK »

Page tools: View Source, Add Comment.
Search:
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Tue Sep 26 14:40:24 2006
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.