We should get “all green” all the time: poor IT management leads to unnecessary alerts
You know the routine: you visit a secure Web site and are presented with a “security alert” warning you that something is wrong with a site’s security certificate.
What do you do? After all, in the current climate of worries about viruses, worms, spyware and security bearches, you would be forgiven for being a tad cautious. To my surprise, on a couple of occasions that I contacted the webmasters of the services concerned, the reply – from the (nearly always technical) support person is often: “Oh, it’s OK, you can ignore that”.
Well, no, I don’t think it is OK. Who manages the security certificates anyway? Is it a purely technical issue, or should an organisation or company’s management be more intimately involved? What are the implications, if following the lame advice above, you find that you have been scammed or that the site really was compromised in some way: your fault of course for clicking through the alert and ignoring the warnings.
The alert is there for a reason: it is a good indication on any site that someone has been doing their job right, or not… In too many cases, left purely in the hands of the (otherwise competent) technical implementers, poor management is undermining security, and our sense of confidence in the security infrastructures that are in place.