Website crypto problems on the Spanish online voting registration website are causing it to generate all manner of security warnings. Attempts to visit the sede.ine.gob.es site – run by Spain’s National Statistics Institute and introduced this year for municipal/regional elections – typically lead to users being confronted with a security warning. However, the warnings vary depending on the operating system and browser a surfer is using. Such website problems are sadly common, but the flaws in the Spanish voter registration website are more than normally important, since the site requests that users upload personal information, including copies of passports, ID cards and marriage certificates. El Reg learnt of the problem from reader Kulvinder Singh, who blogged about the topic.
IT security consultant Paul Moore said that the site’s certificate is not self-signed, contrary to Singh’s initial conclusion. Moore does agree with Singh that the site is beset with crypto problems, however, as evidenced by the poor rating from SSL Labs. The site scores an F.
Ivan Ristic, a software engineer and founder of SSL Labs, said that the site has been “left without a valid certificate”.
“Having a valid certificate is a crucial first step in securing any website, let alone one that is used for voter registration,” Ristic told El Reg. He added that a lack of support for modern TLS standards was one of the site’s main problems.
Full Article: Spanish election site in security cert warning screwup snafu • The Register.