Four of the Five Biggest Defense Contractors in the World lack Encryption
Lockheed Martin, Northrop Grumman, Boeing and Raytheon all have unencrypted websites.
Four of the five biggest defense contractors in the world – Lockheed Martin, Northrop Grumman, Boeing and Raytheon – all lack basic web encryption, according to a report by Motherboard. The four companies combined received over $95-billion in government funds last year.
We preach all the time that encryption is no longer optional. The list of reasons for this is long, but the crux of it is that the browsers are making encryption mandatory, and what they say goes. Google has already begun the push in earnest by marking websites with text fields on HTTP pages “Not Secure” in its Chrome browser. Eventually, sometime in 2018, every HTTP site will be marked “Not Secure.” The other browsers will follow suit.
Encryption is coming whether you like it or not.
But, the fact that it’s only just becoming mandatory, doesn’t excuse these companies. Not only is much of the subject matter that these four companies touch sensitive, the people they deal with high-level and the work they do often classified–these are often prime targets for phishing.
I’m not naive enough to think that you can get much access to sensitive information from their main sites, and if you could, SSL wouldn’t really help with that anyway. But if there are any login portals it could be possible to steal login credentials. You could conduct a Man-in-the-Middle attack. You can track users across the pages they visit. It’s just bad security hygiene. Made all the more ironic by the fact that some pages purportedly hold advice on cyber security.
More than anything, this is just a bad look. What does it say about your overall security posture when your most public-facing website isn’t even secured. This is low-hanging fruit. Grab it!
These companies, which are definitely major targets for phishing by virtue of their standing and relationships, need an Extended Validation certificate. People sometimes question the usefulness of EV, but this is one case where there’s little debate. These websites need unequivocal proof that they are the legitimate article and a standard DV SSL certificate isn’t going to accomplish that.
It’s time for companies like Boeing, Northrop Grumman, Raytheon and Lockheed Martin to encrypt. Hopefully a little bit of external pressure will push them into making the smart security decision.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018
in Hashing Out Cyber SecurityHow to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chrome
in Everything EncryptionRe-Hashed: How to Fix SSL Connection Errors on Android Phones
in Everything EncryptionCloud Security: 5 Serious Emerging Cloud Computing Threats to Avoid
in ssl certificatesThis is what happens when your SSL certificate expires
in Everything EncryptionRe-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message
in Hashing Out Cyber SecurityReport it Right: AMCA got hacked – Not Quest and LabCorp
in Hashing Out Cyber SecurityRe-Hashed: How to clear HSTS settings in Chrome and Firefox
in Everything EncryptionRe-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithms
in Everything EncryptionThe Difference Between Root Certificates and Intermediate Certificates
in Everything EncryptionThe difference between Encryption, Hashing and Salting
in Everything EncryptionRe-Hashed: How To Disable Firefox Insecure Password Warnings
in Hashing Out Cyber SecurityCipher Suites: Ciphers, Algorithms and Negotiating Security Settings
in Everything EncryptionThe Ultimate Hacker Movies List for December 2020
in Hashing Out Cyber Security Monthly DigestAnatomy of a Scam: Work from home for Amazon
in Hashing Out Cyber SecurityThe Top 9 Cyber Security Threats That Will Ruin Your Day
in Hashing Out Cyber SecurityHow strong is 256-bit Encryption?
in Everything EncryptionRe-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3
in Everything EncryptionHow to View SSL Certificate Details in Chrome 56
in Industry LowdownPayPal Phishing Certificates Far More Prevalent Than Previously Thought
in Industry Lowdown