14
Wilce
3d

>pentester
Raised an issue with a web application for out client that was weak TLS protocols/cipher suites in use on the sever hosting their application.

Then I was asked to confirm that reissuing the certificate was the correct remidial action for fixing this...

Man, it's scary to think non-technical project managers are in charge of fixing this stuff...

Comments
  • 10
    It could be worse, and often is...

    "What do you mean the site is insecure? no hppts? [Name], buy us a new address with an S right away!"
  • 1
    @Root don't forget to have a new server running for every website. Ah, forget it. For every new version of a website! Hardware versioncontrol
  • 1
    @Alice That sounds too much like my place! *shudders*
  • 1
    @root or even better "this is just because this is a test environment, it wouldn't be in production!"
    ... actually this is a problem in production too.. just checked...
  • 2
    Kinda impressive that they use HTTPS at all though, given that their site is maintained by such an idiot... There are much worse abominations of "server" and "sysadmin" indeed..

    @Alice Service separation is important though. Budget shouldn't stand in the way of security. If one site gets hacked you don't want the entire server and all of its websites to go tits up...
Your Job Suck?
Get a Better Job
Add Comment