Posted: 10/2/2013 4:53:57 PM EDT
|
healthcare.gov has a $59/year Class 1 Comodo SSL Certificate? For a government website dealing in our individual most private information, it should have the absolutely most trusted SSL. A green Enhanced Verification bar or at the least be a business verified certificate. |
|
Quoted:
healthcare.gov has a $59/year Class 1 Comodo SSL Certificate? For a government website dealing in our individual most private information, it should have the absolutely most trusted SSL. A green Enhanced Verification bar or at the least be a business verified certificate. Should be easy to hack. Probably lots of Chinese Cyber Agents in there right now. |
|
Quoted: Should be easy to hack. Probably lots of Chinese Cyber Agents in there right now. Quoted: Quoted: healthcare.gov has a $59/year Class 1 Comodo SSL Certificate? For a government website dealing in our individual most private information, it should have the absolutely most trusted SSL. A green Enhanced Verification bar or at the least be a business verified certificate. 
|
|
Most likely, that was the low bidder or cheapest available from a pre-selected vendor list.
But from an objective standpoint, if you can demonstrate the Comodo certificate is sub-par by hacking it somehow whereas a Verisign cert would not be, I'll watch/listen. |
|
Quoted:
Most likely, that was the low bidder or cheapest available from a pre-selected vendor list. But from an objective standpoint, if you can demonstrate the Comodo certificate is sub-par by hacking it somehow whereas a Verisign cert would not be, I'll watch/listen. Dude!!!! Bcauz3y, subnet and a few others here probably could hack that shit before midnight. |
|
Quoted:
Dude!!!! Bcauz3y, subnet and a few others here probably could hack that shit before midnight. Quoted:
Quoted:
Most likely, that was the low bidder or cheapest available from a pre-selected vendor list. But from an objective standpoint, if you can demonstrate the Comodo certificate is sub-par by hacking it somehow whereas a Verisign cert would not be, I'll watch/listen. Dude!!!! Bcauz3y, subnet and a few others here probably could hack that shit before midnight. The SSL isn't the weak point though. The stored data and the people who manage it are the weakpoint. Or I should say the laptops they leave all over the place with the data. Who here has had free credit monitoring from the VA or the state DMV as a result of that scenario over the last few years? 
|
|
Quoted:
The SSL isn't the weak point though. The stored data and the people who manage it are the weakpoint. Or I should say the laptops they leave all over the place with the data. Who here has had free credit monitoring from the VA or the state DMV as a result of that scenario over the last few years? Quoted:
Quoted:
Quoted:
Most likely, that was the low bidder or cheapest available from a pre-selected vendor list. But from an objective standpoint, if you can demonstrate the Comodo certificate is sub-par by hacking it somehow whereas a Verisign cert would not be, I'll watch/listen. Dude!!!! Bcauz3y, subnet and a few others here probably could hack that shit before midnight. The SSL isn't the weak point though. The stored data and the people who manage it are the weakpoint. Or I should say the laptops they leave all over the place with the data. Who here has had free credit monitoring from the VA or the state DMV as a result of that scenario over the last few years? Eggzactly! |
|
Quoted:
Dude!!!! Bcauz3y, subnet and a few others here probably could hack that shit before midnight. Quoted:
Quoted:
Most likely, that was the low bidder or cheapest available from a pre-selected vendor list. But from an objective standpoint, if you can demonstrate the Comodo certificate is sub-par by hacking it somehow whereas a Verisign cert would not be, I'll watch/listen. Dude!!!! Bcauz3y, subnet and a few others here probably could hack that shit before midnight. I'll wait. |
|
Quoted:
The SSL isn't the weak point though. The stored data and the people who manage it are the weakpoint. Or I should say the laptops they leave all over the place with the data. Who here has had free credit monitoring from the VA or the state DMV as a result of that scenario over the last few years? Quoted:
Quoted:
Quoted:
Most likely, that was the low bidder or cheapest available from a pre-selected vendor list. But from an objective standpoint, if you can demonstrate the Comodo certificate is sub-par by hacking it somehow whereas a Verisign cert would not be, I'll watch/listen. Dude!!!! Bcauz3y, subnet and a few others here probably could hack that shit before midnight. The SSL isn't the weak point though. The stored data and the people who manage it are the weakpoint. Or I should say the laptops they leave all over the place with the data. Who here has had free credit monitoring from the VA or the state DMV as a result of that scenario over the last few years? This thread is about the SSL cert, not the goons who run Obamacare. |
|
Quoted:
This thread is about the SSL cert, not the goons who run Obamacare. Quoted:
Quoted:
Quoted:
Quoted:
Most likely, that was the low bidder or cheapest available from a pre-selected vendor list. But from an objective standpoint, if you can demonstrate the Comodo certificate is sub-par by hacking it somehow whereas a Verisign cert would not be, I'll watch/listen. Dude!!!! Bcauz3y, subnet and a few others here probably could hack that shit before midnight. The SSL isn't the weak point though. The stored data and the people who manage it are the weakpoint. Or I should say the laptops they leave all over the place with the data. Who here has had free credit monitoring from the VA or the state DMV as a result of that scenario over the last few years? This thread is about the SSL cert, not the goons who run Obamacare. I was pointing out that in the grand scheme of things the SSL cert is low on the data risk totem pole. |
|
I swear that site is coded by fucking toddlers.
Yesterday, the drop-downs were empty on the page that asked you to set your three security questions. Tonight, the fields are there but every time you try to set your security questions you get this as an error. 
And yes, I used three unique questions and answers. 
|
|
Quoted:
I swear that site is coded by fucking toddlers. Yesterday, the drop-downs were empty on the page that asked you to set your three security questions. Tonight, the fields are there but every time you try to set your security questions you get this as an error. http://www.ar15.com/media/viewFile.html?i=56520 And yes, I used three unique questions and answers.
Give em a break! They've only had YEARS to make the website. |
|
Quoted:
I'll wait. Quoted:
Quoted:
Quoted:
Most likely, that was the low bidder or cheapest available from a pre-selected vendor list. But from an objective standpoint, if you can demonstrate the Comodo certificate is sub-par by hacking it somehow whereas a Verisign cert would not be, I'll watch/listen. Dude!!!! Bcauz3y, subnet and a few others here probably could hack that shit before midnight. I'll wait. I said could , not would. |
|
Quoted:
I said could , not would. Quoted:
Quoted:
Quoted:
Quoted:
Most likely, that was the low bidder or cheapest available from a pre-selected vendor list. But from an objective standpoint, if you can demonstrate the Comodo certificate is sub-par by hacking it somehow whereas a Verisign cert would not be, I'll watch/listen. Dude!!!! Bcauz3y, subnet and a few others here probably could hack that shit before midnight. I'll wait. I said could , not would. I challenge the could statement. SSL certs are all signed the same way. the only difference between this one and others is the key used to sign. |
|
Quoted:
You're not seriously surprised are you? I use better certs on some of my home stuff. Why the fuck would you pay a third party to sign your home SSL certs instead of setting up a self signed cert or a personal CA and importing the public key of that CA to all your programs? |
|
Quoted:
I challenge the could statement. SSL certs are all signed the same way. the only difference between this one and others is the key used to sign. Quoted:
Quoted:
Quoted:
Quoted:
Quoted:
Most likely, that was the low bidder or cheapest available from a pre-selected vendor list. But from an objective standpoint, if you can demonstrate the Comodo certificate is sub-par by hacking it somehow whereas a Verisign cert would not be, I'll watch/listen. Dude!!!! Bcauz3y, subnet and a few others here probably could hack that shit before midnight. I'll wait. I said could , not would. I challenge the could statement. SSL certs are all signed the same way. the only difference between this one and others is the key used to sign. I'm tech illiterate but all I have to say is Stuxnet |
|
Quoted:
healthcare.gov has a $59/year Class 1 Comodo SSL Certificate? For a government website dealing in our individual most private information, it should have the absolutely most trusted SSL. A green Enhanced Verification bar or at the least be a business verified certificate. If it makes you feel any better, for that level of SSL they email the SSL cert in plain text to you when it is issued, along with the bridge and root certs as attachments. But hey, it's not like personal information is valuable to thieves and government emails have never been compromised. |
|
Quoted:
If it makes you feel any better, for that level of SSL they email the SSL cert in plain text to you when it is issued, along with the bridge and root certs as attachments. But hey, it's not like personal information is valuable to thieves and government emails have never been compromised. Quoted:
Quoted:
healthcare.gov has a $59/year Class 1 Comodo SSL Certificate? For a government website dealing in our individual most private information, it should have the absolutely most trusted SSL. A green Enhanced Verification bar or at the least be a business verified certificate. If it makes you feel any better, for that level of SSL they email the SSL cert in plain text to you when it is issued, along with the bridge and root certs as attachments. But hey, it's not like personal information is valuable to thieves and government emails have never been compromised. Here is a surprise, when you connect to the site the website just HANDS you over the plaintext SSL cert. OHH NOES!@$##@$ and wait for it, your web browser already has the chain and root certs stored on your computer, OHHH NOES@#$ Certs are public information. The only things that are private are the private key stored on the websites servers, and the private key used to sign the certificate signing request. SSL Certs are a scam. ETA: The only benefit of SSL certs is to stop that silly web browser warning that scares a bunch of people, I guess that might be worth something. /shrug |