The government cybersecurity website was left unsecured for a week

|tera|

Master of Messengers
Joined
Mar 31, 2006
Messages
23,533
Yep. I've got a diploma in IT.......
Let me access my email....
Open Google. Google own email address.
Btch when can't access email account.

No jokes. This happened years ago when I worked in a retail store with an Internet café. I had to force myself not to burst out laughing when the dudes IT diploma needed to be photocopied. Just showed me that even paper isn't worth sht.
So glad I don't deal with people like this.
 

MeestaR

Senior Member
Joined
Sep 17, 2016
Messages
995
Eish ja, I wonder who was in charge of the certificates/website?
Can they call themselves a "cybersecurity" team if they let the site run for a week with a expired certificate?
Iemand het wakker geskrik, 'n week later...
smh...
 

bratwurst

Expert Member
Joined
Oct 15, 2008
Messages
4,300
Current certificate was issued on 11th nov. So why the expiry?

Did they switch SSL providers?
 

|tera|

Master of Messengers
Joined
Mar 31, 2006
Messages
23,533
Current certificate was issued on 11th nov. So why the expiry?

Did they switch SSL providers?
It's probably a renewal.
They might have done changes and didn't think to reinstall the cert.
We won't know for sure.

I've seen this happen a few times from various companies worldwide.
Irrespective of how ironic it is.
 

RonSwanson

Expert Member
Joined
May 21, 2018
Messages
3,714
Most decent CSIRTs provide PGP keys to ensure the reporting of sensitive incidents. These guys cannot even manage an x.509 cert.
 

keru

Well-Known Member
Joined
Aug 6, 2003
Messages
435
If you have interacted with these guys you will know why this state of affairs.
 

Sinbad

Honorary Master
Joined
Jun 5, 2006
Messages
73,680
How unsecured is that, really?
Encryption still works. You can still check the server name vs the cert name.
 

|tera|

Master of Messengers
Joined
Mar 31, 2006
Messages
23,533
How unsecured is that, really?
Encryption still works. You can still check the server name vs the cert name.
According to the article it was left expired. So it doesn't make much sense since bratwurst said it was issued on the 11th.
 

j4ck455

Executive Member
Joined
Jan 2, 2006
Messages
6,112
Additionally, its “Awareness Portal” is labelled “South African CyberSecurity Awareness 2017” – which elicits questions regarding how often this website is updated.
Probably once every three years.
 

Danie_V

Well-Known Member
Joined
Apr 15, 2010
Messages
102
Top