20th Century Tech v A 21st Century World!

One of the biggest smiles of the day was for this:

I smile, because it identifies a core problem, in that companies often have to be “forced” to change their ways. “Go, on make me”, they might say. “Well”, says the CTO, “We passed our audit/compliance review with flying colours, and everything is okay”.

The tweet says that perhaps Chrome is wrong. As a Professor who teaches cyber security, I agree with Chrome, and say that the accesses to the main Web site are insecure, and that users cannot determine if there’s a man-in-the-middle, or if this is a fake site. Someone capturing the network traffic will also be able to examine of the contents of the accesses to the site.

If an organisation such as the TV Licensing authority — and which is in great danger of being a target for fake sites — think that not having proper identification of their main site … for the cost of zero dollars (with Let’s Encrypt) … we really must worry: