Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Shutdown Shuts Down More Than 80 Government Websites

January 16, 2019

Naked Security reported on January 14th that government websites are shutting down as their TLS certificates expire. Internet security and statistics company Netcraft says that more than 80 websites using the .gov domain have been made insecure or inaccessible thanks to expired certificates.

TLS certificates are used by websites communicating over encrypted, HTTPS connections. A certificate is used to sign a website’s public encryption key, which ensures that your communication with that website is private and secure: you know which site you’re talking to, and that nobody else is listening in.

The website’s certificate is itself signed for by a CA (Certificate Authority) that your browser trusts. Site owners have to renew their certificates every so often, to prove that they’re still the legitimate owners of the site’s encryption keys. If you visit a site with an expired certificate then your browser will notice and issue a strong warning.

The US government isn’t doing anything deemed nonessential under the current shutdown, and that seems to include renewing TLS certificates. As they expire, sites are beginning to throw expired certificate warnings, and in many cases become unavailable altogether.

Manipulating search results is likely to be a lot easier for attackers if government websites shut down completely. It will be easier to increase the ranking for a fake site with the same name as a government site if search engines can no longer reach the real site.

The other worry facing government website users is that they may stay available, but not be updated. While still technically accessible online, multiple federal sites have explained that they will not be maintained during the shutdown. Sigh. So much for government "help."

Be wary when visiting US government sites that display a certificate error. Just because a certificate warning allows you to click through to a site doesn’t mean that you should. Better safe than sorry.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

Shutdown Shuts Down More Than 80 Government Websites

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer