Shell's TechBlabber

…ShelLuser blogs about stuff ;)

Computer security is NOT a product

At the time of writing I can’t access one of my favorite tech fora, which is the FreeBSD forum, because their certificate has expired. Seems somewhat sloppy indeed. However, what really upset me here was learning how my browser of choice (Opera) was now treating me like some sort of idiot.

It refused to give me access to the website because it deemed it “not private”. Which is not necessarily true because even an expired certificate can still be used for setting up an encrypted connection. But because the website opted for “HSTS” (which stands for HTTPS Strict Transport Security) it is impossible to access it anymore because most major browsers have opted to remove the feature which allows us to override this.

Which I think is utterly stupid. In fact: I think this nonsense can easily have the opposite effect of what was intended. I believe we’re in a period where many people seem to have a complete misconception about what security actually is and how it is achieved and maintained.

Continue reading

Advertisements

June 15, 2018 Posted by | Editorial, InterNet, Security | , , , | Comments Off on Computer security is NOT a product