Facepalm. That’s all I can say.
The local authority declined to provide an answer on how the original advice to disable HTTPS was approved internally.
🤖 I’m a bot that provides automatic summaries for articles:
Click here to see the summary
Before the fixed version went live this morning, the English local authority’s online planning application portal had been offline due to “technical issues,” an outage that had persisted for nearly a month.
Chrome has used HTTPS for its default navigation protocol since 2021, offering better load speeds for websites and protections from data interception or manipulation.
An intercepted HTTP request, which lacks encryption, could provide cybercriminals with sensitive information like passwords, potentially leading to more severe attacks.
While the likelihood of users submitting sensitive information on a council’s website for planning applications is low, if they forget to re-enable HTTPS afterward, they could remain vulnerable to online attacks.
“We apologize for the obvious inconvenience and confusion caused and the portal should now be fully operational with no special action on the part of users being necessary.”
UK public sector organizations, like Reading Borough Council, have access to the NCSC’s Web Check service, which can audit a website and identify misconfigurations as well as whether HTTPS is in use or not.
Saved 64% of original text.
I have family that used to work for RBC. They love hiring managers that don’t know stuff and overworking and forcing out staff that do know stuff.
I imagine that they were testing it internally and HSTS pinned cert was wrong and they figured out a way around it. It worked, so they shipped it
But that’s so wrong I wouldn’t bet on 1st-2nd year students on making such conclusions. I understand that IT in general is a specific field and it requires a certain attitude towards tech, but failing to admit your own lack of knowledge/understanding/whathaveyou is baffling.