Privacy Blog

"Friends don’t let friends get spied on.' – Richard Stallman, President of the Free Software Foundation and longtime advocate of privacy in technology.

At Least 200 Federal Websites Have Expired SSL Certificates

UPDATE: A few hours after this article was published, an agreement to allow unpaid Federal workers to go back to work and be paid was announced. Obviously, that is great news even though it is only a temporary agreement. However, do not expect immediate resolution of the problems detailed in this article. The employees face a big backlog of work to be done that probably will require days, or even weeks, to resolve at a time when the same employees are also trying to handle normal, day-to-day business requirements. Resolution will require some time.

We all know the familiar story of the 800,000+ U.S. workers, and the millions of contractors, who are not receiving paychecks. There is one aspect of this story that is not as well known, however. The problem is that no one is renewing SSL and TLS security certificates on web sites. Even worse, most of the web sites are also unmonitored. That means if a hacker or a spy does manage to break into one of these government web sites, nobody will notice and there is no one available to react to block the continued access.

SSL (and its updated version TLS) are standard encryption technologies that ensure information passed between Internet users and the websites they visit is secure. Without SSL and TLS, your data (including credit card or other personal information) could easily be intercepted by hackers. There are now at least 200 US government websites whose SSL certificates have expired.

Will this affect you? If you are a U.S. citizen or even a citizen of another country but one who resides in the U.S., the answer is “probably.” These government web sites contain a lot of information about you: tax and financial information, family details, address history, travel history, work history, and more. Some of these government web sites have been hacked before, often exposing the personal information of hundreds of thousands of taxpayers. Now 200 or more US government websites have no security certificates. Even worse, for most government web sites, if a site is attacked and breached, there is no one monitoring the sites and taking measures to lock them up after a breach occurs.

It is an open holiday for hackers and spies. I suspect that most hackers and spies are aware of the “unlocked gates” and are attempting to steal anything and everything they can.

Your tax dollars (not) at work!

You can read more about this issue in Simon Black’s Sovereign Man web site at:

Categories: Current Affairs, Online Privacy & Security

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.