from the it's-the-little-things dept
With all the news about the ongoing government shutdown and the big messes it has caused, it’s creating lots of little messes with potentially big impact as well. For example, scammers and robocallers have upped their game during the shutdown, knowing that (1) there’s no one investigating these scams right now, and (2) as I discovered when I tried to report one, the FTC has literally shut down the web portal where you used to be able to submit complaints.
Another one, however, pointed out last week by Netcraft, is the fact that government website security certificates are expiring… and there’s no one around to renew them:
Dozens of U.S. government websites have been rendered either insecure or inaccessible during the ongoing U.S. federal shutdown. These sites include sensitive government payment portals and remote access services, affecting the likes of NASA, the U.S. Department of Justice, and the Court of Appeals.
With around 400,000 federal employees currently furloughed, more than 80 TLS certificates used by .gov websites have so far expired without being renewed. To compound the situation, some of these abandoned websites can no longer be accessed due to strict security measures that were implemented long before the shutdown started.
As Netcraft notes, some of those sites you can’t even get around the security warning, such as certain DOJ sites:
There are some government websites that you can click through on, but as Netcraft notes, this could allow for man-in-the-middle attacks or other security risks:
This introduces some realistic security concerns, as task-oriented users are more likely to ignore these security warnings, and will therefore render themselves vulnerable to man-in-the-middle attacks.
If the shutdown continues for a while, this problem could get significantly worse. I know that Wall Street put pressure on the government to make certain IRS employees suddenly deemed “essential” to help Wall Street keep functioning smoothly, perhaps someone might want to deem the people renewing security certs similarly essential? Or, you know what, maybe just re-open the damn government.