The SSL certificate of Barack Obama’s website has expired during the Government shutdown in the United States.
While commentators claimed
that the shutdown will not affect national security despite 31,000 of the Department of Homeland Security’s 231,000 staff not being at work, it does seem that priorities on website security may have lapsed.
According to Netcraft
, as well as Obama’s 12 month SSL certificate expiring, there are at least 30 US Government sites still using SSL certificates that are scheduled to expire before Friday. Also expired were the SSL certificates for the US Patent and Trademark Office, which now redirects to a webmail login page, while no website was found for the State of Tennessee domain.
Security blogger Graham Cluley, said: “Let’s hope that any security-related work being done to harden these websites from malicious attack was not interrupted by the government shutdown, and fingers crossed that no new critical patches come out that are needed to protect them from exploits and hackers.”
Paul Tourret, managing director of GlobalSign EMEA, said: “Until US Congress resumes services it is inevitable that we will see expired certificates, and this example just goes to show how vulnerable organisations who are susceptible to shutdown can be.
“We predict that over 600 SSL Certificates currently securing a .gov domain due to expire in October will be potentially affected. To minimise the impact, current automated SSL Certificate lifecycle management tools can help in terms of best practice when managing SSL reliance during unforseen outages.”