Just received yet another email from a company claiming to do a "Security report" on a client's institutional website (no user interaction whatsoever).
They're pointing out some supposed serious issues, namely the lack of HTTP to HTTPS redirect and the use of a self-signed certificate.
They're urging immediate action to prevent "serious security problems."
It's a pity that the site has always had redirects in place and uses Let's Encrypt certificates.
A few years ago, everyone wanted to be "SEO consultants," even if they couldn't tell a blog from an e-commerce site. Nowadays, it seems like everyone's a security expert, but from what I can see, they can't even input an address into an automated tool. 😅
#Security #Website #SEO #LetsEncrypt #Infosec #IT #SysAdmin
Stefano Marinelli /
npub14c…j0nj8
2023-11-21 13:27:48
Author Public Key
npub14calwd6xg349ahf3nnhhyqem2w2e3gs66p7zctz2sna74u3tsddq7j0nj8Published at
2023-11-21 13:27:48Event JSON
{
"id": "c80ad128f63be334b80d85dd9ddf9a000c353e3161da311bb281e4772b291c3f",
"pubkey": "ae3bf73746446a5edd319cef72033b539598a21ad07c2c2c4a84fbeaf22b835a",
"created_at": 1700573268,
"kind": 1,
"tags": [
[
"t",
"security"
],
[
"t",
"website"
],
[
"t",
"seo"
],
[
"t",
"letsencrypt"
],
[
"t",
"infosec"
],
[
"t",
"it"
],
[
"t",
"sysadmin"
],
[
"proxy",
"https://mastodon.bsd.cafe/users/stefano/statuses/111448769749093174",
"activitypub"
]
],
"content": "Just received yet another email from a company claiming to do a \"Security report\" on a client's institutional website (no user interaction whatsoever). \nThey're pointing out some supposed serious issues, namely the lack of HTTP to HTTPS redirect and the use of a self-signed certificate. \nThey're urging immediate action to prevent \"serious security problems.\" \n\nIt's a pity that the site has always had redirects in place and uses Let's Encrypt certificates. \n\nA few years ago, everyone wanted to be \"SEO consultants,\" even if they couldn't tell a blog from an e-commerce site. Nowadays, it seems like everyone's a security expert, but from what I can see, they can't even input an address into an automated tool. 😅 \n\n#Security #Website #SEO #LetsEncrypt #Infosec #IT #SysAdmin",
"sig": "25ff347cd248584fb337a6a99746fcd1b998333924b5347ad65747dab469377143c2d12192d92ef3e4451755cf8edd74b3629062b2872a58bd38a11c297e4df6"
}