We have been remiss in not keeping the controversial, allegedly "secure and anonymous" whistleblowing website WikiLeakS.org under proper scrutiny recently.
Their Secure Sockets Layer (or Transport Layer Security encryption web server Digital Certificate for https://secure.wikileaks.org has expired over 2 weeks ago, on 16th May 2008.
Some details from the Digital Certificate:
IssuerCN = Equifax Secure Global eBusiness CA-1
O = Equifax Secure Inc.
C = USValidity
Not Before
16/05/2007 14:43:49
(16/05/2007 13:43:49 GMT)Not After
16/05/2008 14:43:49
(16/05/2008 13:43:49 GMT)Subject
CN = secure.wikileaks.org
OU = Domain Control Validated - RapidSSL(R)
OU = See www.rapidssl.com/resources/cps (c)07
OU = GT46622659
O = secure.wikileaks.org
C = US
Neither of the issuing Trusted Third Parties i.e. RapidSSL and Equifax, now have any legal duty to guarantee the integrity of an expired Digital Certificate. Most web browser software will pop up warning messages, which will, inevitably, either put some people off from reading the website or from submitting new documents.
Since even the Talk pages require the use of https://secure.wikileaks.org, there is now no method of submitting comments or analyses "securely" either.
Remember that WikiLeakS.org only published PGP public key encryption and digital signing key for wikileaks@wikileaks.org (ID: 0x11015F80), has also expired since 2nd November 2007.
This gives a poor impression of the competence and trustworthiness of the WikiLeakS.org project.
See: Discussion on the lack of a current WikiLeakS.org PGP public encryption key
Technically you can still use these expired encryption credentials to send messages or documents to WikiLeakS.org, but why should anyone trust them ?
Even a self-signed, but valid Digital Certificate, (with appropriate documentation as to why you should trust it) , would be preferable to a standard commercial Digitial Certificate, which has obviously expired. By convention and common usage, such an invalid Digital Certificate, and by extension the formerly "secure" webserver on which it resides, and can no longer to be trusted.
Recent Comments