Re: Achievements from S Moonesamy on 2015-05-22 (Mauritius Internet Users mailing list)

From: S Moonesamy <sm+mu_at_elandsys.com>
Date: Fri, 22 May 2015 09:13:36 -0700

Hi Ish,
At 01:55 22-05-2015, Ish Sookun wrote:
>You have some humour when discussing security
>issues. I do not think CERT-MU or the National
>Computer Board would understand either the
>security issue or the humour quotient of the message.

You might have misunderstood that message. The
discussion was related to
http://arstechnica.com/security/2013/09/nsa-attains-the-holy-grail-of-spying-decodes-vast-swaths-of-internet-traffic/

>CERT-MU[1] has failed to properly address the
>issues of web security in Mauritius. Is the NCB
>or CERT-MU concerned about a local bank having
>its website running on wix.com alongside others
>selling nail polish? Are they concerned about the SSL certificate[2]?

The local bank is also running alongside a web site selling erotic services.

>I sent an email to a government official just a
>while ago and I received an email delivery failure from gov.mu.

I gather that you mean "govmu.org". I did not
get a delivery failure when I sent an email to "govmu.org" this afternoon.

>Received: from C11-EX-SVR-MBX4.gov.mu (192.168.6.24) by C11-EX-SVR-MBX3.gov.mu
>Â (192.168.6.23) with Microsoft SMTP Server (TLS) id 15.0.995.29; Fri, 22 May
>Â 2015 11:49:26 +0400
>Received: from mxmail1.gov.mu (192.168.6.72) by C11-EX-SVR-MBX4.gov.mu
>Â (192.168.6.24) with Microsoft SMTP Server id 15.0.995.29 via Frontend

I see why you thought that the delivery failure
was from "gov.mu". Why is the government still using "gov.mu"?

>Will CERT-MU be interested to investigate the
>same? I have reported incidents to them in the
>past and did not receive any reply. It does not
>encourage me to contact them when I see misconfigurations now.

On 23 April, you mentioned that you received
replies from CERT-MU when you reported some
incidents. In the above, you mentioned that you did not receive any reply.

From https://www.cca.mu/press_pki_06122010.htm

   "Pursuant to this MoU, the Root Certification
Authority of India will also be
    used to digitally sign the public key certificates of all licensed CAs in
    Mauritius. This operation will be undertaken by the Indian CCA on behalf of
    the Mauritian CCA."

Please see
https://www.elandsys.com/~sm/niccca-nic-in-revocation.png
Did CERT-MU investigate that?

CERT-MU does not have adequate knowledge in
matters relating to internet security. That
opinion is based on the following:
http://www.elandsys.com/~sm/cert-mu-improved-framework-incident-review.html

Regards,
S. Moonesamy
Received on Fri May 22 2015 - 16:22:06 PST

This archive was generated by hypermail 2.3.0 : Fri May 22 2015 - 16:27:05 PST