The government shutdown, now in its 22nd day, appears to be having an affect on the security of federal websites. Netcraft, a UK-based web security company, found dozens of US government websites operating with expired security certificates, a situation that could put visitors at risk. The affected websites range from that of the Department of Justice to NASA’s site, Netcraft said. Some of the sites are payment portals, potentially jeopardizing the personal information of visitors, the company said, though CNET couldn’t independently verify this. If the shutdown drags on, more certificates are likely to expire, because they can require employees to renew them. As a result, “[T]here could be some realistic opportunities to undermine the security of all US citizens,” Paul Mutton, a security researcher at Netcraft, wrote in a company blog post Thursday. Netcraft’s findings underscore the toll taken on US government cybersecurity by the protracted shutdown, which has left hundreds of thousands of federal employees and contractors furloughed. Security certificates, which use a cryptographic key to verify that a website is legitimate, are crucial tools for the safe operation of the web. The certificates let websites tap tools that encrypt the information the sites send to, and receive from, visitors. If a website’s certificates aren’t valid, the security tools won’t work. That leaves the information — think passwords and credit card numbers — vulnerable to hackers. What’s more, hackers could stealthily direct visitors to download malicious software masquerading as an everyday file, such as a PDF of an… [Read full story]
You are here: / / Shutdown: Government sites with lapsed security certificates pose risk
CNET is an American media website that publishes reviews, news, articles, blogs, podcasts and videos on technology and consumer electronics globally.