Breaking news
Huawei founder says firm does not spy for China -
Vegan activist ‘tackled’ by police -
Grave fears held for missing teen -
Inside the US Navy’s ship of shame -
Kenya terror attack: Who are al Shabaab? -
Filppula's OT goal lifts surging Islanders past Blues 2-1 -
Booker returns but Suns routed by Pacers -
Rare Singapore Hotel site gets record US$415m bid -
India's Ishan set for new football journey with Nastic -

Shutdown: Government sites with lapsed security certificates pose risk - CNET

Shutdown: Government sites with lapsed security certificates pose risk - CNET
Shutdown: Government sites with lapsed security certificates pose risk - CNET
Patra Kongsirimongkolchai/Getty Images

The government shutdown, now in its 22nd day, appears to be having an affect on the security of federal websites.

Netcraft, a -based web security company, found dozens of US government websites operating with expired security certificates, a situation that could put visitors at risk.

The affected websites range from that of the Department of Justice to NASA's site, Netcraft said. Some of the sites are payment portals, potentially jeopardizing the information of visitors, the company said, though CNET couldn't independently verify this.

If the shutdown drags on, more certificates are likely to expire, because they can require employees to renew them. As a result, "[T]here could be some realistic opportunities to undermine the security of all US citizens," Paul Mutton, a security researcher at Netcraft, wrote in a company blog post Thursday.

Netcraft's findings underscore the toll taken on US government cybersecurity by the protracted shutdown, which has left hundreds of thousands of federal employees and contractors furloughed.

Security certificates, which use a cryptographic key to verify that a website is legitimate, are crucial tools for the safe operation of the web. The certificates let websites tap tools that encrypt the information the sites send to, and receive from, visitors. If a website's certificates aren't valid, the security tools won't work.

That leaves the information -- think passwords and credit card numbers -- vulnerable to hackers. What's more, hackers could stealthily direct visitors to download malicious software masquerading as an everyday file, such as a PDF of an important document.

That's what's called a "man in the middle" attack," said Marc Rogers, who runs cybersecurity at Okta, a company that manages workplace logins. Rogers said the tactic has been used by both criminals and spy agencies to fool internet users and compromise computers.

Such attacks can be very sophisticated, with hackers hijacking what visitors see even when they type in the correct website address. Hackers can then show visitors a fraudulent version of the website they were trying to reach.

Netcraft found more than 80 expired security certificates for US government websites, but the company isn't saying hackers have actually taken advantage of vulnerable sites.

Some of the expired certificates have knocked subdomains, or offshoots of major websites, off the web. A NASA subdomain, rockettest.nasa.com, currently isn't accessible, which Netcraft said is because of a lapsed certificate. According to the Internet Archive, the page is for the space exploration agency's Rocket Propulsion Test Program. The site's security certificate expired Jan. 5, according to Netcraft.

NASA didn't immediately respond to a request for comment.

More than ever, websites are using security certificates and thus enabling an encrypted connection. A push by internet security experts and major Silicon Valley companies, including Google and Mozilla, has made it simpler for website owners to get certificates. It's so common, in fact, that fraudsters have started encrypting their websites too, in order to look legitimate.

Rogers said the threat posed by expired certificates should prompt lawmakers and department heads to plan better for the next government shutdown.

"We need to ask, what are the things that we need to protect?" Rogers said. "So that when these lapses happen, criminals don't take advantage."

Security:  Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.

Election security: Everything you need to know about election security in the 2018 US midterm elections.

Dear Visitor you already read Shutdown: Government sites with lapsed security certificates pose risk - CNET in our website shamelnews and it has been published this article CNET and it is originally related to the original publisher of this article and you can Visit the source of this article by clicking this link CNET

Get the latest news delivered to your inbox

Follow us on social media networks

PREV Pakistan declares Panj Tirath Hindu religious site as national heritage
NEXT ‘Ghastly’ scene as nine injured in car ramming in Tokyo