== Web site security theatre

'Security theatre' is the term I've seen [[Bruce Schneier
http://www.schneier.com/index.html]] use for pointless things that are
done mostly to make it look like you're doing something about security.
Websites are especially prone to this disease, because everyone knows
that the Internet and the web are insecure and overrun by hackers, right?

Today's shining example is the US Air Force [[Cheyenne Mountain
public website https://www.cheyennemountain.af.mil/]], which
seems to be pretty much a PR site (complete with [[cheesy photos
https://www.cheyennemountain.af.mil/coolpics05.htm]]). Despite this
un-sensitive usage, Cheyenne Mountain has decided to make it a _https_
based website. Just in case the Air Force doesn't want a hacker in the
middle knowing which bits of their PR you browsed, or something.

What elevates this into true security theatre levels is that their SSL
certificate expired September 6th, after a three year run (instead of
the usual one year).

(And while I'm here, I must throw some brickbats in Firefox's direction
for their certificate display; in this day and age, showing dates
with unlabeled two-digit years is asking for it. Quick, was this
entry written before or after '06/05/07'?)