The government cybersecurity website was left unsecured for a week

|tera|

Master of Messengers
Joined
Mar 31, 2006
Messages
25,576
Yep. I've got a diploma in IT.......
Let me access my email....
Open Google. Google own email address.
Btch when can't access email account.

No jokes. This happened years ago when I worked in a retail store with an Internet café. I had to force myself not to burst out laughing when the dudes IT diploma needed to be photocopied. Just showed me that even paper isn't worth sht.
So glad I don't deal with people like this.
 

MeestaR

Expert Member
Joined
Sep 17, 2016
Messages
1,260
Eish ja, I wonder who was in charge of the certificates/website?
Can they call themselves a "cybersecurity" team if they let the site run for a week with a expired certificate?
Iemand het wakker geskrik, 'n week later...
smh...
 

|tera|

Master of Messengers
Joined
Mar 31, 2006
Messages
25,576
Current certificate was issued on 11th nov. So why the expiry?

Did they switch SSL providers?
It's probably a renewal.
They might have done changes and didn't think to reinstall the cert.
We won't know for sure.

I've seen this happen a few times from various companies worldwide.
Irrespective of how ironic it is.
 

RonSwanson

Executive Member
Joined
May 21, 2018
Messages
5,802
Most decent CSIRTs provide PGP keys to ensure the reporting of sensitive incidents. These guys cannot even manage an x.509 cert.
 

keru

Well-Known Member
Joined
Aug 6, 2003
Messages
448
If you have interacted with these guys you will know why this state of affairs.
 

Sinbad

Honorary Master
Joined
Jun 5, 2006
Messages
76,331
How unsecured is that, really?
Encryption still works. You can still check the server name vs the cert name.
 

|tera|

Master of Messengers
Joined
Mar 31, 2006
Messages
25,576
How unsecured is that, really?
Encryption still works. You can still check the server name vs the cert name.
According to the article it was left expired. So it doesn't make much sense since bratwurst said it was issued on the 11th.
 

j4ck455

Executive Member
Joined
Jan 2, 2006
Messages
6,531
Additionally, its “Awareness Portal” is labelled “South African CyberSecurity Awareness 2017” – which elicits questions regarding how often this website is updated.
Probably once every three years.
 

Danie_V

Well-Known Member
Joined
Apr 15, 2010
Messages
202
Top