Government Shutdown Brings Certificate Lapse Woes

  /     /     /  
Publicated : 23/11/2024   Category : security


Government Shutdown Brings Certificate Lapse Woes


Among the problems: TLS certificates are expiring and websites are becoming inaccessible.



The partial shutdown of the federal government is having an impact in ways both anticipated and not. One that probably falls under the latter is expiring TLS certificates that leave some .gov websites marked as unsafe or completely inaccessible from most browsers.
Websites from NASA, the Department of Justice, and the Court of Appeals are among those using one of the 80 certificates that have not been renewed since the beginning of the shutdown.
The government shutdown has left a mark on the digital world. Several government websites now greet users with a CERT_DATE_INVALID warning in place of the website itself. At best, this isnt a good look for the departments concerned. At worst, the thousands of Americans who rely on these websites are left cut off from the services they need, says Martin Thorpe, enterprise architect for Venafi.
Some experts say the issue goes beyond mere Web page inaccessibility. I think the biggest risk is far beyond expired SSL certificates. How many critical governmental systems are currently unmaintained, outdated, and thus vulnerable? asks High-Tech Bridge CEO Ilia Kolochenko. It seems to be a great opportunity for nation-state hacking groups to exploit US momentary weakness to steal or alter extremely sensitive information.  
Franklyn Jones, CMO at Cequence Security, agrees with Kolochenko and points to specific risks in the moment. It creates a great opportunity for bad actors to launch automated bot attacks, testing previously stolen credentials to gain access to private accounts on government sites, he explains.
Read more 
here
and
here
.

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Government Shutdown Brings Certificate Lapse Woes