RT Cunningham


United States Military Websites - No One Can Hack Into Some of Them

United States Military WebsitesMost United States military websites work flawlessly. Every once in a while, I try to access one that won’t let me in no matter what I do. The best Chinese hackers can’t get in if authorized users can’t even get in. In case you’re not aware of it, a military website ends with “.mil” at the end of the address.

Military websites have a lot of authorized users including active duty members, retirees, reservists, dependents and certain classes of veterans.

Today’s United States Military Website - My Ordeal

My daughter-in-law, Cathy, lost (or misplaced) her dependent ID card. Her husband and my son, Jon, attempted (through me) to get her a replacement online. Despite all my best efforts, I couldn’t do it because the website is broken. Perhaps there’s some secret sauce the average military member is supposed to know, but somehow I doubt it.

I searched Google for “rapids self-service” and arrived at the correct website. I created an account for Jon and logged in. After going through all the screens to request the replacement ID card, I had to re-authenticate. The response was “authentication failed, password verified”. One page kept giving me a connection error, requiring me to reload the page to connect.

After going through these routines several times, I decided to fire up Windows and use Jon’s CAC reader. The CAC is a smart card, which obviously isn’t as smart as it’s supposed to be. I went through all the motions, only to find out Java was required. Who else but the military still uses Java? The only web browser I could find in short order that supported it was Internet Explorer 11. Really?

Wait - There’s More to the Story

After I installed Java, I had to whitelist the website address the error I previously received. Then, I found out that some form of middleware had to be installed. It turned out to be something called “ActivClient”, which I could only get at another military website. I installed it and tried again.

The next attempt told me it was the wrong kind of smart card for the reader. That message came from ActivClient. The very next attempt stopped me because every time I reloaded the bad page I mentioned above, the ActivClient required his PIN and then the page failed repeatedly.

The Last Straw

I spent three hours trying to get this taken care of in the “self-service” kind of way. Since it was impossible, I found the RAPIDS site at Schofield Barracks and made an appointment for two weeks from now. It was the first appointment available.

If I couldn’t get the job done with all that I did, I’m positive no other authorized users have ever been able to get it done either. I wonder if the webmaster (or whoever’s responsible) is aware of it. I have no idea who I would even contact to report it.

A real web programmer would have ditched the technologies being used years ago. They’re probably still using Windows servers and active server pages. As I mentioned to Jon, I would be more than happy to volunteer my time in making something way better. It might not be the best but at least it would work.

Photo Attribution:

Share: Facebook | Twitter

By RT Cunningham
May 22, 2020
United States, Web Development