Information technology workers who manage to find employment at the Federal Bureau of Investigation may want to make their first task improving the security certificate used on FBIJobs.gov.
This is the kind of information I would have never noticed had I been conforming with millions of Internet Explorer users or hundreds of thousands of Firefox devotees. Instead, when checking out the new techie job listings (paying $35,452 to $135,136 per year) at FBIJobs.gov in Opera 8.51, Opera tossed up a window interrupting my browsing:
Low encryption level
How low could it go? I’ve never seen Opera complain about a secured site before, so I decided to check the certificate’s details. Here’s they are in a nutshell:
https://www.fbijobs.gov/
Connection : TLS v1.0 128 bit ARC4 (RSA/MD5)
128 bit encryption using RSA. That was the pinnacle of site security…about six years ago. Compare that to the standard security used by a major American bank’s website:
Connection : TLS v1.0 256 bit AES (1023 bit RSA/SHA)
AES replaced Triple-DES a few years ago. As for ARC4 as used by the FBI, well, the algorithm behind ARC4 has been publicized and known for over a decade.
Anyway, the FBI wants to hire more computer scientists and engineers, and IT specialists and project managers, Computerworld reported. I don’t know what work the FBI has planned for its new hires, but having one of those new specialists implement a more modern security certificate, and perhaps spending some quality time on Bruce Schneier’s website should be a job requirement as well…for whoever put the ARC4 certificate in place.
—
Email the author here.
Add to document.write(“Del.icio.us”) | DiggThis | Yahoo My Web
David Utter is a staff writer for murdok covering technology and business.
