The majority of DHS subdomains vulnerable to Man in The Middle attacks

On 17th september there were 18 .dhs.gov entries in badssl, 11 of which vulnerable to Man in The Middle attacks and 4 to Poodle (TLS) attack;

United States Government Accountability Office has meanwhile found other issues which are probably bigger(?) than that, as the $6B firewall which seems hitting an impressive 6% of the total vulnerabilities selected for review:

More specifically, for the five client applications we reviewed (Adobe Acrobat, Flash, Internet Explorer, Java, and Microsoft office), the NCPS intrusion detection signatures provided some degree of coverage for approximately 6 percent of the total vulnerabilities selected for review.

...by the way, here are the (SSL/TLS) facts about DHS as of today:




Comments

Popular posts from this blog

SSLLabs SSL Test on 716 .gov https sites

Het is moeilijk mensen te vertrouwen in een monetair systeem

Bad SSL: security awareness in interesting times (1)