SSL security on bom.gov.au website
Dear Bureau of Meteorology,
As one of the most frequently access government websites, it’s shocking that the website does not have HTTPS.
I’m looking for documents related to the reason why https cannot be enabled on bom.gov.au.
If possible, please consider processing this request administratively. If it can’t be processed in this fashion, please treat it as a formal FOI request.
Yours faithfully,
Ben Fairless
OFFICIAL
Ref: FOI30/137
Dear Ben Fairless,
1. We refer to and acknowledge receipt of your email dated 31 July
2024 to the Bureau of Meteorology ('the Bureau'), in which you request
access under the Freedom of Information Act 1982 (Cth) (‘FOI Act’) for the
following:
I’m looking for documents related to the reason why https cannot be
enabled on bom.gov.au.
(We refer to this as 'your request'.)
Timeframe:
2. The Bureau received your request on 31 July 2024.
3. Section 15(5)(b) of the FOI Act provides that the Bureau has 30
calendar days to deal with an access request. This means the decision on
your request is due by 30 August 2024.
4. The Bureau aims to provide accessible documents. If you need
this document in a different format or if you have any questions, please
contact [1][BOM request email].
Regards,
Freedom of Information
[2][BOM request email] | [3]www.bom.gov.au
[4]The Bureau of Meteorology logo. Text reads The Bureau of Meteorology.
Image is a stylised synoptic map of Australia.
[5]Facebook icon. Link to Bureau Facebook page. [6]Twitter icon. Link to
Bureau Twitter account. [7]YouTube icon. Link to Bureau YouTube
channel. [8]Instagram icon. Link to Bureau Instagram
account. [9]LinkedIn icon. Link to Bureau LinkedIn profile. [10]Stylised
synoptic map of Australia. Link to Bureau website,
[11]Aboriginal The Bureau of Meteorology acknowledges the Traditional
flag and Torres Custodians of Australia and their continuing connection to
Strait Islander land, sea and community.
flag
Important: This message may contain confidential or legally privileged
information. If you think it was sent to you by mistake, please delete all
copies and advise the sender.
[12]Banner. Scrolling ticker style with the text The Bureau of severe
weather warning, the harvest and Meteorology.
OFFICIAL
OFFICIAL
Ref: FOI30/137
Dear Ben Fairless,
1. We refer to your request and our previous correspondences.
2. Please find attached the Decision notice in relation to your request.
3. If you have any questions, please let us know by reply email.
Regards,
Freedom of Information
[1][BOM request email] | [2]www.bom.gov.au
[3]The Bureau of Meteorology logo. Text reads The Bureau of Meteorology.
Image is a stylised synoptic map of Australia.
[4]Facebook icon. Link to Bureau Facebook page. [5]Twitter icon. Link to
Bureau Twitter account. [6]YouTube icon. Link to Bureau YouTube
channel. [7]Instagram icon. Link to Bureau Instagram
account. [8]LinkedIn icon. Link to Bureau LinkedIn profile. [9]Stylised
synoptic map of Australia. Link to Bureau website,
[10]Aboriginal The Bureau of Meteorology acknowledges the Traditional
flag and Torres Custodians of Australia and their continuing connection to
Strait Islander land, sea and community.
flag
Important: This message may contain confidential or legally privileged
information. If you think it was sent to you by mistake, please delete all
copies and advise the sender.
[11]Banner. Scrolling ticker style with the text The Bureau of severe
weather warning, the harvest and Meteorology.
OFFICIAL
From: FOI <[12][BOM request email]>
Sent: Wednesday, August 7, 2024 8:57 AM
To: [13][FOI #11807 email]
Cc: FOI <[14][BOM request email]>
Subject: RE: Freedom of Information request - SSL security on bom.gov.au
website
OFFICIAL
Ref: FOI30/137
Dear Ben Fairless,
1. We refer to and acknowledge receipt of your email dated 31 July
2024 to the Bureau of Meteorology ('the Bureau'), in which you request
access under the Freedom of Information Act 1982 (Cth) (‘FOI Act’) for the
following:
I’m looking for documents related to the reason why https cannot be
enabled on bom.gov.au.
(We refer to this as 'your request'.)
Timeframe:
2. The Bureau received your request on 31 July 2024.
3. Section 15(5)(b) of the FOI Act provides that the Bureau has 30
calendar days to deal with an access request. This means the decision on
your request is due by 30 August 2024.
4. The Bureau aims to provide accessible documents. If you need
this document in a different format or if you have any questions, please
contact [15][BOM request email].
Regards,
Freedom of Information
[16][BOM request email] | [17]www.bom.gov.au
[18]The Bureau of Meteorology logo. Text reads The Bureau of Meteorology.
Image is a stylised synoptic map of Australia.
[19]Facebook icon. Link to Bureau Facebook page. [20]Twitter icon. Link
to Bureau Twitter account. [21]YouTube icon. Link to Bureau YouTube
channel. [22]Instagram icon. Link to Bureau Instagram
account. [23]LinkedIn icon. Link to Bureau LinkedIn
profile. [24]Stylised synoptic map of Australia. Link to Bureau website,
[25]Aboriginal The Bureau of Meteorology acknowledges the Traditional
flag and Torres Custodians of Australia and their continuing connection to
Strait Islander land, sea and community.
flag
Important: This message may contain confidential or legally privileged
information. If you think it was sent to you by mistake, please delete all
copies and advise the sender.
[26]Banner. Scrolling ticker style with the text The Bureau of severe
weather warning, the harvest and Meteorology.
OFFICIAL
Ben Fairless left an annotation ()
According to https://whynohttps.com/country/au it's the number one website in Australia that doesn't load securely. Kind of poor if you don't mind me saying.
CR left an annotation ()
This is deeply problematic. This potentially means that any forms submitted on the site (such as log in data or any part of the site that integrates with "Australia's defence capabilities") is not secure and susceptible to attacks. And I'm not talking about pro Russian hackers... I'm talking about -- in the right conditions -- a 13 year old can easily intercept and read all traffic being sent to and from the site to a client device.
This is likely due to some parts of the site being old and outdated and not supporting SSL.