this post was submitted on 29 Nov 2023
51 points (100.0% liked)

graybeard

239 readers
2 users here now

Stories, links, experiences from calculator manipulators with a few grays in their beard

founded 1 year ago
MODERATORS
 

Facepalm. That's all I can say.

The local authority declined to provide an answer on how the original advice to disable HTTPS was approved internally.

top 5 comments
sorted by: hot top controversial new old
[–] [email protected] 5 points 11 months ago (1 children)

I imagine that they were testing it internally and HSTS pinned cert was wrong and they figured out a way around it. It worked, so they shipped it

[–] [email protected] 1 points 11 months ago

But that's so wrong I wouldn't bet on 1st-2nd year students on making such conclusions. I understand that IT in general is a specific field and it requires a certain attitude towards tech, but failing to admit your own lack of knowledge/understanding/whathaveyou is baffling.

[–] [email protected] 4 points 11 months ago (1 children)

I have family that used to work for RBC. They love hiring managers that don't know stuff and overworking and forcing out staff that do know stuff.

[–] [email protected] 1 points 11 months ago

That's sad to hear. This sort of problem can only be solved from above.

[–] [email protected] 1 points 11 months ago

🤖 I'm a bot that provides automatic summaries for articles:

Click here to see the summaryBefore the fixed version went live this morning, the English local authority's online planning application portal had been offline due to "technical issues," an outage that had persisted for nearly a month.

Chrome has used HTTPS for its default navigation protocol since 2021, offering better load speeds for websites and protections from data interception or manipulation.

An intercepted HTTP request, which lacks encryption, could provide cybercriminals with sensitive information like passwords, potentially leading to more severe attacks.

While the likelihood of users submitting sensitive information on a council's website for planning applications is low, if they forget to re-enable HTTPS afterward, they could remain vulnerable to online attacks.

"We apologize for the obvious inconvenience and confusion caused and the portal should now be fully operational with no special action on the part of users being necessary."

UK public sector organizations, like Reading Borough Council, have access to the NCSC's Web Check service, which can audit a website and identify misconfigurations as well as whether HTTPS is in use or not.


Saved 64% of original text.