

Should owners/operateros of certain web sites need a license? - bigmofo

Take for example, this healthcare provider that has an F rating on the crypto used for the site:<p>https:&#x2F;&#x2F;www.ssllabs.com&#x2F;ssltest&#x2F;analyze.html?d=mychartor.providence.org<p>This server is vulnerable to the POODLE attack against TLS servers. Patching required. Grade set to F.<p>This server is vulnerable to MITM attacks because it supports insecure renegotiation. Grade set to F.<p>This server uses SSL 3, which is obsolete and insecure. Grade capped to B.<p>This server uses RC4 with modern browsers. Grade capped to C.<p>This healthcare provider clearly should not be allowed on the web as they have no clue about security.
======
vortico
A license would be silly. However, an organization could be sued for the
equivalent of leaving personal identifiable information in the their waiting
root, if their website security is horrible enough.

