Monday, November 24, 2008

Friday, November 21, 2008

WhiteHouse.gov SSL Error?

www.whitehouse.gov uses an invalid security certificate.

The certificate is only valid for a248.e.akamai.net

(Error code: ssl_error_bad_cert_domain)

Really?




In all fairness, this is not implying that the whitehouse.gov site is compromised. But it is poor SSL practice to have a mismatched domain name. And really, can't the white house spring the extra few bucks to get their own certificate?




UPDATE
Jan 24, 09

Looks like they fixed the above issue on Dec 22, 08. However, they introduced a new problem:

whitehouse.gov uses an invalid security certificate.

The certificate is only valid for www.whitehouse.gov

(Error code: ssl_error_bad_cert_domain)







-Michael Coates

Monday, November 10, 2008

Back from OWASP Portugal

I just recently returned from a great week in Portugal. The OWASP Europe Summit attracted nearly 100 of the top leaders in OWASP from around the world. In short, the conference was great! I highly encourage anyone involved in OWASP to keep their eyes out for future OWASP events.

The great thing about this conference was that it was almost exclusive to OWASP leaders and the objective was on building OWASP. The security talks were short, only 15 minutes, and focused on the results of the Summer of Code projects.

A large amount of time was dedicated to working sessions. During these 2 hour sessions, focused groups of application security experts tackled difficult issues facing the security community. I took part in two of the Intrinsic Security Working Group sessions (Browser Security, Framework Security). Both sessions were led by Arshan and I am looking forward to more work with this group.

The venue itself was very nice. I was fortunate enough to explore the town and a couple nearby citites. I'll try and get some pictures posted soon.

Overall, this conference was a huge step forward for OWASP. If you're not involved yet, its time to get your things together and check out this organization. There are some really great things coming down the pipe.

Lastly, a huge thanks to everyone on the OWASP Europe planning team (Dinis, Paulo, Sarah, Kate, Anna, Martin and a bunch more). They really worked hard and put together an amazing event.

-Michael