back to article GCHQ's infosec crew plans to 'scale up' Web Check to improve uk.gov site security

Efforts to improve the UK.gov's secure server setup are being ramped up through an expansion of a scheme from the National Cyber Security Centre, the infosec folk at British crypto and intel agency GCHQ. Car crash DVLA denies driving licence processing site is a security 'car crash' READ MORE The web certificate set-up and …

  1. Anonymous Coward
    Anonymous Coward

    Actually useful

    It's not brilliant and it produces a lot of false positives but we've already spotted a couple of issues in outlying school websites (schools are the wild west for this shit) and been able to resolve them using the service.

    So not perfect but for something that is free (at the point of delivery) I'm happy.

    In the past this would have been promised then delivered 5yrs late through CRAPITA, who would then have tried to bill us £20k a year to use it whilst abandoning all development.

    It's a bit of a novelty to get something that a) mostly works and b) doesn't cost anything

    1. Dabooka

      Re: Actually useful

      Useful you say? And generally fit for purpose?

      Strange times we live in, strange times indeed....

      1. Voland's right hand Silver badge

        Re: Actually useful

        Useful you say? And generally fit for purpose?

        Do not worry, not for long. It will be contracted out to Crapita in due course. So they check themselves.

  2. amanfromMars 1 Silver badge

    I Trust you are All Well Strapped in COSMIC Launches

    Would HMGovernment/NCSC's Web Check, part of Active Cyber Defence, launched last year as part of the National Cyber Security Strategy, a more comprehensive scheme that ultimately aims to thwart commodity cyber attacks, care to evaluate and improve upon Quantum Programming Projects being Offered to them here on El Reg with this Communication ....... here with Alice who has become Curiouser and Curiouser

    That's one of those Mafioso Type Offering when a Refusal rather than an Mutually Beneficial Agreement is Offensive and Unwarranted.

    And anyway, what's there not to like AIDrivering NEUKlearer HyperRadioProACTive Augmented Virtual Reality Systems for Universal Command with Control, and Perfecting Future Controls for Present Current Commands........... which anyone visiting here may be inclined to be HyperRadioProACTive in in order to Self-Actualise the Realisation of the Virtualisation as a Presentation for Media Production ... Sharing Tales from the Future of All that Can Be ...... with an Almighty Users' Guide and Comprehensive WorkShop Manual to Boot as a Valuable Added Bonus.

    I think that says all that needs to be said just for now. Now we wait, ..... for cogent replies.

    https://youtu.be/lfa8fC93Pds .. Build it, and they will come

  3. JaitcH
    WTF?

    National Cyber Security Centre Is One You Might NOT Want Messing Around With Your 'Jewels'

    Letting an associate of what is, essentially, the 'enemy' (GCHQ-NSA-Echelon), might raise concerns such as those leveled at Kaspersky, HuaWei and ZTE.

    Another case of foxes and chicken-houses.

    I would trust the Chinese more than the UK government.

    1. amanfromMars 1 Silver badge

      Re: National Cyber Security Centre Is One You Might NOT Want Messing Around With Your 'Jewels'

      Quite so, JaitcH, I agree. The National Cyber Security Centre Is One You Might NOT Want Messing Around With Your 'Jewels'. So you BetaTest their Systems and Administrations/Machines and Orders for Vital Competences which be Representative of Suitability for Future Greater IntelAIgent Game Purposes.

      The Simple Revelation of what is Before and Confronting them, and Inviting a Cogent Response in Reply, can be quite an APT Revolutionary ACT and Persistent Advanced Cyber Threat which very quickly reveals all that needs to be known to a Prime Partner/Premium Adversary/Prize Competitor/SMARTR Being.

      And if one is ever surprised or disappointed in the response, which can be something as simple and ignorant as a non-showing, the cupboard is bare, no reply, do Exotic Near and Far East and Erotic Middle Kingdoms Beckon with the Prospect of IntelAIgent Opportunities that Provide All Necessary Succour and Safe Haven/Secured Centres for Future Greater IntelAIgent Game Purpose. For the West is the East an Alien Space Place to Explore and Marvel at the Wonders Stored and Shared There.

      Such a BetaTest of NCSC Future Utility and Facility is running in the above shared I Trust you are All Well Strapped in for COSMIC Launches

    2. NeverMindTheBullocks

      Re: National Cyber Security Centre Is One You Might NOT Want Messing Around With Your 'Jewels'

      What makes you think they are not "messing" anyway?

      If you are on the web and are of even a passing interest to the security services then this has been done to you already, they just haven't told you what they found. In this case they will tell you, and how to fix it, but only if you are a Public Sector body.

      The service is essentially the same as you would get if you paid a professional testing company to do an external scan of your services, it's just been automated a bit and made available to Public Sector organisations for free. Along the lines of the Qualys SSLLabs service but with extra advice and guidance on how to fix whats found.

      If you're looking for an excuse to break out the tinfoil headgear, this isn't it.

  4. Anonymous Coward
    Anonymous Coward

    Reasons for poor security

    Good web site and web application security requires web / application and security expertise. The majority of local and in some cases central gov 'expertise' will be too general and aligned to network security (we've got a firewall yeah?), which is of very little use although arguably more useful if it's an actively managed NGFW with some threat prevention capability. These guys and gals are still operating network security at the five-tuple level which is flippin useless when its 80/443 from anywhere which of course includes every script kiddie, botnet and hacker on t'internet.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020