Which SSL Reviews

SSL Certificates

Government Websites Vulnerable With Expired SSL Certificates

October 25, 2013 | By Editor 

SSL For Gov Websites

A huge list of US government websites displays a warning whenever users try to log in. The warning reveals the user that incorporated SSL Certificates have expired and choosing to enter the website is at one’s own risk.

“Security experts opine that if malware developers or attackers try to access any of these websites, they will hardly come across any obstacles.”

The middleman which is the secure sockets layer that is responsible for defending attacks, data theft or virus injection going missing is an issue that one needs to look forward to. The importance of using SSL encryption solutions should be learnt and implemented by all government websites, according to the reports revealed by security companies. A valid and working certificate is responsible because it is mandatory for Transport Layer Security TLS to establish a proper connection with the website with which it is trying to communicate.

Another reason that led to the SSL Certificates being expired on over two hundred websites is that US government shutdown. As almost every department was not working, the renewals and expiry dates were not notified to the respective authority. The users are being given the option to bypass the security warning, chances are high that people will get used to it and will allow a better chance of malware attackers to gain access to their data.

SSL trusted website might be turned into a hostile page once malware developers inject a trojan, virus or bug into specific links or the complete website. This will in turn affect users and lead to massive breaches because government websites are accessed by a huge group of citizens every other day to gain integral information. Moreover, they will hardly suspect these websites as they come from a legitimate source and trustworthy on the long run.

Sometimes, even web browsers fail to show this warning.

“While major browsers like Firefox and Chrome are most likely to send a proper warning message indicating that the SSL Certificates have expired, others may not do so. “

Some government websites write their own certificates which can be impersonified by attackers at times and people will hardly be able to distinguish those wrong certs from the legal ones. After the shutdown ended just a day ago, it is expected that the organizations responsible for this security flaw will take immediate steps and renew themselves within the least possible turnaround time. Fixing it is mandatory to help those loyal citizens.

Be part of an IT community with thousands of subscribers. Get the latest news, blogs, and thought leadership articles. Subscribe now
Email *

Posted in SSL Certificates

Be Sociable, Share!

Leave a Comment


 


* fields are mandatory