The government cybersecurity website was left unsecured for a week

[Peon]

 

[|tera|]

View attachment 957523

That's what led to this
Sleeping on the job.

 

[r00igev@@r]

Nobody uses the site and no-one noticed.

MyBB does that for them.

 

[charlieharper]

$ sudo certbot --nginx

$ sudo certbot renew --dry-run

 

[RonSwanson]

How unsecured is that, really?
Encryption still works. You can still check the server name vs the cert name.

If you take a look at any decent CERT / CSIRT, secure communications is critical. Not only for sharing information with CSIRT members and trusted partners / other CSIRTs, but also in order to facilitate trust and confidence in the CSIRT itself. An information handling and exchange policy is fundamental to any CERT / CSIRT, and decent crypto is the basis of authenticity, integrity, confidentiality and trust. Remember also that a CSIRT may quite often deal with reports / incidents from unsophisticated people (Joe Public), and it needs to engender trust and facilitate secure comms for the CSIRT to be able to gather (sometimes sensitive) information. Another quality of a good CERT / CSIRT is that it will use whatever means it can to protect the premature disclosure of the incident. That's why they use the Traffic Light Protocol (TLP) to tag security incidents. Without this, net-savvy people become suspicious and will rather not report an incident, because they will have no assurance that the information is reaching the correct people, and be handled correctly.

RFC2350 (for the past 22 years) is still the accepted de facto standard for CERTS / CSIRTS.

3.4.3 Communication and Authentication​

You must have a policy which describes methods of secure and
verifiable communication that you will use. This is necessary for
communication between CSIRTs and between a CSIRT and its
constituents. The template should include public keys or pointers to
them, including key fingerprints, together with guidelines on how to
use this information to check authenticity and how to deal with
corrupted information (for example where to report this fact).

At the moment it is recommended that as a minimum every CSIRT have
(if possible), a PGP key available. A team may also make other
mechanisms available (for example PEM, MOSS, S/MIME), according to
its needs and the needs of its constituents. Note however, that
CSIRTs and users should be sensitive to local laws and regulations.
Some countries do not allow strong encryption, or enforce specific
policies on the use of encryption technology. In addition to
encrypting sensitive information whenever possible, correspondence
should include digital signatures. (Please note that in most
countries, the protection of authenticity by using digital signatures
is not affected by existing encryption regulations.)

tldr: Without secure comms, there is no CSIRT.

Edit: Here is the incident reporting page of the South African National CSIRT. Regardless of TLS working or not, can anyone spot the mistake?

 

[Kola_CT]

Why would anybody involve them in, or report to them on cyber security issues?

Just another pointless and clueless organization.