Slashdot Mirror
UK Universities Caught With Weak SSL Security
judgecorp writes "UK Universities have been found using weak SSL security implementations on their websites. An investigation by TechWeekEurope found 17 of the top 50 British universities scored C or worse on the SSL Labs tool launched by the Trustworthy Internet Movement earlier this year, which grades SSL security. Contacted by the site, most have put upgrades in place to improve security."
In the end, Unis don't want web services to be their core business.
Where once Sysadmins managed the web, now it is run by project managers,
consultants, standardised, virtualised, outsourced or offshored.
The nerds get marginalised and the job gets dumbed down.
Quality falls, hilarity ensues. Everybody dies.
TechWeekEurope found 17 of the top 50 British universities scored C or worse on the SSL Labs tool
All right, which of you tossers went and buggered the curve?
This is hilarious. "Weak SSL Security Settings" is what pentesters write to pad out their report when they run out of useful findings. Universities have the poorest computer security of any type of organisation, period. Now, there are a lot of reasons for that - one of which is the inherent conflict between running an "open" network and keeping things secure. But if "poor SSL security settings" is the worst security issue a uni has, they are doing incredibly well.
Weak SSL security is something you exploit if a) you're a government, or b) you're screwing around with people in a coffee shop. Most of the published attacks are academic, and the only tool people regularly use is sslstrip or attacks along those lines. Hell, most users click through certificate warnings anyway.
But hey, even though SSL is "not usually the actual problem", these things should be fixed. If you want to test your own site, head over to: https://www.ssllabs.com/ssltest/index.html and plug in your domain name. If you're just running a "1 apache site", that satisfying green bar or "A grade" is just a few config stanzas and a restart away.