The government cybersecurity website was left unsecured for a week

[Bradley Prior]

The government cybersecurity website was left unsecured for a week

The South African government's Cybersecurity Hub, which is tasked with dealing with cybersecurity issues reported by South African residents, left its website's security certificate in an expired state for a week.

 

[Solitude]

Hilarious.

 

[|tera|]

Yep. I've got a diploma in IT.......
Let me access my email....
Open Google. Google own email address.
Btch when can't access email account.

No jokes. This happened years ago when I worked in a retail store with an Internet café. I had to force myself not to burst out laughing when the dudes IT diploma needed to be photocopied. Just showed me that even paper isn't worth sht.
So glad I don't deal with people like this.

 

[DailyTech]

Yet another BEE rip off site/dept

 

[borro]

Make probe.

 

[r00igev@@r]

Eish!

 

[TEXTILE GUY]

On 19 November, the Cybersecurity Hub team confirmed that it was aware the certificate was expired and was working to resolve the issue.

 

[Gravedigger]

Eish ja, I wonder who was in charge of the certificates/website?
Can they call themselves a "cybersecurity" team if they let the site run for a week with a expired certificate?
Iemand het wakker geskrik, 'n week later...
smh...

 

[Adenoid Hynkel]

Current certificate was issued on 11th nov. So why the expiry?

Did they switch SSL providers?

 

[|tera|]

Current certificate was issued on 11th nov. So why the expiry?

Did they switch SSL providers?

It's probably a renewal.
They might have done changes and didn't think to reinstall the cert.
We won't know for sure.

I've seen this happen a few times from various companies worldwide.
Irrespective of how ironic it is.

 

[system32]

Inspiring confidence

 

[Binary_Bark]

We are talking about the biggest thieves in SA, that is good for ****all.

 

[RonSwanson]

Most decent CSIRTs provide PGP keys to ensure the reporting of sensitive incidents. These guys cannot even manage an x.509 cert.

 

[keru]

If you have interacted with these guys you will know why this state of affairs.

 

[Sinbad]

How unsecured is that, really?
Encryption still works. You can still check the server name vs the cert name.

 

[|tera|]

How unsecured is that, really?
Encryption still works. You can still check the server name vs the cert name.

According to the article it was left expired. So it doesn't make much sense since bratwurst said it was issued on the 11th.

 

[j4ck455]

Additionally, its “Awareness Portal” is labelled “South African CyberSecurity Awareness 2017” – which elicits questions regarding how often this website is updated.

Probably once every three years.

 

[Willie Trombone]

Current certificate was issued on 11th nov. So why the expiry?

Did they switch SSL providers?

Could have been revoked.

 

[Danie_V]

The government cybersecurity website was left unsecured for a week

The South African government's Cybersecurity Hub, which is tasked with dealing with cybersecurity issues reported by South African residents, left its website's security certificate in an expired state for a week.

You either have security or you don't have ... there is no such thing as "we are 65% secure"

 

[|tera|]

You either have security or you don't have ... there is no such thing as "we are 65% secure"

I completely agree.
Good P.O.V. That's how it 'should' work.