Here’s another common occurrence that pushes all the wrong buttons with me. Those so called “website developers” who insist that everything is nice and secure, when it isn’t. During a FOC investigation for a friend who’s website has recently gone live, I see this

Why are companies and design houses doing this ? Why are they allowed to get away with it ? Small businesses cannot afford dedicated security personnel, therefore, I help where I can. If a design company cannot even perform the basic steps to secure a website against something as simple as an insecure and (virtually) obsolete cipher, then what else have they missed ? Judging by the screenshot, several items. The certificate isn’t much better either