The Inquirer-Home

US government fails to secure its websites

A matter of national hilarity
Wed Aug 11 2010, 10:11

GUARDIAN OF THE AMERICAN PEOPLE the Department of Homeland Security (DHS) is seemingly unable to set up a secure website correctly.

The website for the high profile cabinet department that is supposed to protect the US from terrorists and has a reported budget of $52 billion throws up errors when users try to access the secure site through the HTTPS protocol.

Browsers such as Firefox, Safari and Chrome issue warnings suggesting the site is not quite what it seems. The problem is down to the fact that while the certificate was issued for the official DHS domain name, the technological wunderkind in charge of matters forgot that hosting duties are actually farmed out to Akamai.

dhs-ssl-fail

So when the content is loaded from Akamai's servers, which are not covered by the SSL certificate issued for the DHS domain, browsers rightly throw up a warning suggesting something dodgy is going on. While security warnings that the DHS website is some dodgy knock-off might be ironic, in the case of the State Department's website, it's of far greater concern.

That site is used by travellers all over the world applying for visas to enter the US. Not surprisingly, those applications require a great deal of personal information to be entered and such a warning is likely to scare users off.

In our unscientific tests we found other US government websites with the same problem, including The White House, Internal Revenue Service (IRS) and even the Federal Bureau of Investigation (FBI) all throwing SSL errors. However US citizens can rest easy as the Central Intelligence Agency (CIA) website has been done right.

Give the diagnosis is so simple, it beggars belief that such embarrassing mistakes can happen. It seems that the notion of palming off web hosting duties to a commercial entity blinded the bureaucrats in charge into forgetting the trifling matter of ensuring their security. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Dead electronic devices to be banned on US-bound flights

Will the new rules banning uncharged devices be effective?