this post was submitted on 29 Nov 2023
51 points (100.0% liked)

graybeard

239 readers
2 users here now

Stories, links, experiences from calculator manipulators with a few grays in their beard

founded 1 year ago
MODERATORS
 

Facepalm. That's all I can say.

The local authority declined to provide an answer on how the original advice to disable HTTPS was approved internally.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 1 points 11 months ago

๐Ÿค– I'm a bot that provides automatic summaries for articles:

Click here to see the summaryBefore the fixed version went live this morning, the English local authority's online planning application portal had been offline due to "technical issues," an outage that had persisted for nearly a month.

Chrome has used HTTPS for its default navigation protocol since 2021, offering better load speeds for websites and protections from data interception or manipulation.

An intercepted HTTP request, which lacks encryption, could provide cybercriminals with sensitive information like passwords, potentially leading to more severe attacks.

While the likelihood of users submitting sensitive information on a council's website for planning applications is low, if they forget to re-enable HTTPS afterward, they could remain vulnerable to online attacks.

"We apologize for the obvious inconvenience and confusion caused and the portal should now be fully operational with no special action on the part of users being necessary."

UK public sector organizations, like Reading Borough Council, have access to the NCSC's Web Check service, which can audit a website and identify misconfigurations as well as whether HTTPS is in use or not.


Saved 64% of original text.