|
|
|
|
|
|
by jimmcslim
2247 days ago
|
|
|
> After that I as a consultant get access to the network and apart from some test that a developer stood up nothing matches the glossy talk. Or in my case recently... someone has generated a root certificate for the internal CA that uses an insecure crypto scheme, and Chrome still throws up a security error requiring users to click past the warnings to access the site. "Can you generate and roll out a new cert please? This isn't really 'security'?" "Oh we will get to it, can you just use the one you already have?" |
|
|
Cue 2 years going by. Same situation, except that the certificate has been regenerated with the same insecure crypto scheme.