White House site security error is more 'embarrassing' than worrying

Posted on Feb 3 2017 - 1:11am by Huzoor Bux



Whitehouse.gov is under scrutiny.

Image: AP/REX/Shutterstock

For days now, folks have tweeted about receiving a “connection is not private” warning when trying to access whitehouse.gov. 

It’s an alarming thing to read when you’re just trying to get some information from the site of the world’s most powerful government, but experts say the issue is more “embarrassing” than it is worrying.

First reported by The Washington Post, the site prompts Google Chrome and other browsers to warn users that “attackers might be trying to steal your information from messages.whitehouse.gov, for example passwords, messages or credit cards.”

The issue appears to be that the security certificate for whitehouse.gov was revoked back in May of 2016, meaning the issue didn’t originate with the Trump administration. The lack of security certificate isn’t a gross oversight, but it leaves a few question marks.

“It could be nothing,” said Kenneth Geers, a senior research scientist at the cybersecurity firm Comodo. However, “you wonder what else is wrong underneath the hood.”

Without a secure connection, Geers said viewers are more susceptible to nefarious folks watching their internet activity on whitehouse.gov. Parts of the site are also rendered less secure than they should be, making whitehouse.gov at least marginally more susceptible to attacks. 

“The room for saying ‘I’m sorry’ isn’t a lot, because you should understand the nature of the threat,” Geers said. “There’s no excuse for it.”

Trump talked a good amount about improving the nation’s cybersecurity during his campaign, but observers remain skeptical about how committed he is and how knowledgeable he is about what needs to be done.

His first big cybersecurity move was to bring on former New York City Mayor Rudy Giuliani as a cyber advisor, though Giuliani doesn’t appear to know much about cybersecurity. The president was also expected to sign a cybersecurity executive order earlier this week, but those plans were postponed. 



Source link