Security problem at Whitehouse website [telecom]

The wrong cert is from Akamai, a provider that many (most?) busy web sites use to spead out the load so they respond faster. The SSL cert problem is a longstanding issue and they're painfully aware of it.

R's, John

I don't care if they're *aware* of it. I care that they're allowing the site to remain online without *fixing* it.

Good grief - it's the damned White House website! Are the people in charge of the President's public image so inured to imcompetence in the civil service that they think it's OK to expect taxpayers to ignore warnings about possible man-in-the-middle attacks?

Twenty-six hours, and counting.

Bill Horne Moderator

If there were a straightforward fix, they'd fix it. If you click through the browser warnings, you end up at the non-SSL whitehouse.gov which is also hosted at Akamai but your browser doesn't complain.

R's, John

They don't need to fix it: the White House can simply order Akamai to turn off https access. It is a *public* website, intended to distribute (I hope) *public* information. I wouldn't be offended by a message saying "Whitehouse.gov is optimized for quick response, so https is not supported": I only came across it by accident, after I typed the domain name while already on a secure site. However, if the website responds, I think I'm entitled to have it work properly.

This is not a technical problem: it's a political one. Someone is sending a message that they don't care if the President's statements get through to the electorate.

Bill Horne Moderator

Most likely they are using the same incompetent website engineers that tried writing the Obamacare web site.

I can see it now, a large board room filled with political hacks, and the decision is... Move them over to the White House project so we can use the "national security" blanket to keep them away from the media.