Stories
Slash Boxes
Comments

SoylentNews is people

posted by n1 on Monday April 24 2017, @07:31AM   Printer-friendly
from the one-step-forward,-two-steps-back dept.

The USPTO (Patent and Trademark Office) has updated its Public Patent Application Information Retrieval (Public-PAIR) service so that it no longer supports HTTPS (secure) access. From the announcement with emphasis added:

Public PAIR Maintenance and Outage

The USPTO will be performing maintenance on the Public Patent Application Information Retrieval (Public Pair) beginning at 12:01 a.m., Friday, April 21 and ending at 2 a.m., Friday, April 21 ET.

During the maintenance period, Public PAIR will be unavailable.

Immediately after the maintenance, users will only be able to access Public PAIR through URLs beginning with HTTP, such as http://portal.uspto.gov/pair/PublicPair. Past URLs using HTTPS to access Public Pair, such as https://portal.uspto.gov/pair/PublicPair, will no longer work.

Can anyone explain why there would be this seemingly backwards move to insecure communications?


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Informative) by Leebert on Monday April 24 2017, @11:23AM (4 children)

    by Leebert (3511) on Monday April 24 2017, @11:23AM (#498775)

    You're overthinking the threat model here. I'll give you a "for instance": Get onto a Southwest Airlines flight, connect to (and pay for) their wifi, and marvel at them injecting JavaScript into every single HTTP request.

    Starting Score:    1  point
    Moderation   +2  
       Insightful=1, Informative=1, Total=2
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4  
  • (Score: 1, Insightful) by Anonymous Coward on Monday April 24 2017, @11:51AM (3 children)

    by Anonymous Coward on Monday April 24 2017, @11:51AM (#498780)

    1. Sue them for interfering with a communication channel

    2. Use a VPN

    • (Score: 0) by Anonymous Coward on Monday April 24 2017, @01:29PM (1 child)

      by Anonymous Coward on Monday April 24 2017, @01:29PM (#498819)

      2. Use a VPN

      Wait, you mean people actually use those public wifi services without using VPNs?

      I guess people really are that stupid...

      • (Score: 1, Insightful) by Anonymous Coward on Monday April 24 2017, @07:51PM

        by Anonymous Coward on Monday April 24 2017, @07:51PM (#499024)

        No, people are ignorant not stupid. As a saavy tech user it is really easy to dismiss stuff we see as simple and easy to figure out. For most people setting up their browser to use a VPN is a very difficult and technical task. That is even if they know what a VPN is or that public wifi connections are really that dangerous!

    • (Score: 2) by Immerman on Monday April 24 2017, @01:40PM

      by Immerman (3985) on Monday April 24 2017, @01:40PM (#498829)

      (1) is kind of difficult when they said they'd do as much on page 57 subparagraph 12 of the fine print you agreed to when accessing their service (I'm assuming it's in there, if not it would be added as soon as the first lawsuit was filed)

      Https offers a technical solution so that they and their ilk don't have the option in the first place.