Web site security theatre
'Security theatre' is the term I've seen Bruce Schneier use for pointless things that are done mostly to make it look like you're doing something about security. Websites are especially prone to this disease, because everyone knows that the Internet and the web are insecure and overrun by hackers, right?
Today's shining example is the US Air Force Cheyenne Mountain
public website, which
seems to be pretty much a PR site (complete with cheesy photos). Despite this
un-sensitive usage, Cheyenne Mountain has decided to make it a https
based website. Just in case the Air Force doesn't want a hacker in the
middle knowing which bits of their PR you browsed, or something.
What elevates this into true security theatre levels is that their SSL certificate expired September 6th, after a three year run (instead of the usual one year).
(And while I'm here, I must throw some brickbats in Firefox's direction for their certificate display; in this day and age, showing dates with unlabeled two-digit years is asking for it. Quick, was this entry written before or after '06/05/07'?)
|
|