Government Shutdown Means Government Website Security Certs Aren't Being Renewed
from the it's-the-little-things dept
With all the news about the ongoing government shutdown and the big messes it has caused, it’s creating lots of little messes with potentially big impact as well. For example, scammers and robocallers have upped their game during the shutdown, knowing that (1) there’s no one investigating these scams right now, and (2) as I discovered when I tried to report one, the FTC has literally shut down the web portal where you used to be able to submit complaints.
Another one, however, pointed out last week by Netcraft, is the fact that government website security certificates are expiring… and there’s no one around to renew them:
Dozens of U.S. government websites have been rendered either insecure or inaccessible during the ongoing U.S. federal shutdown. These sites include sensitive government payment portals and remote access services, affecting the likes of NASA, the U.S. Department of Justice, and the Court of Appeals.
With around 400,000 federal employees currently furloughed, more than 80 TLS certificates used by .gov websites have so far expired without being renewed. To compound the situation, some of these abandoned websites can no longer be accessed due to strict security measures that were implemented long before the shutdown started.
As Netcraft notes, some of those sites you can’t even get around the security warning, such as certain DOJ sites:
There are some government websites that you can click through on, but as Netcraft notes, this could allow for man-in-the-middle attacks or other security risks:
This introduces some realistic security concerns, as task-oriented users are more likely to ignore these security warnings, and will therefore render themselves vulnerable to man-in-the-middle attacks.
If the shutdown continues for a while, this problem could get significantly worse. I know that Wall Street put pressure on the government to make certain IRS employees suddenly deemed “essential” to help Wall Street keep functioning smoothly, perhaps someone might want to deem the people renewing security certs similarly essential? Or, you know what, maybe just re-open the damn government.
Filed Under: encryption, government shutdown, https, security certificates, tls
Comments on “Government Shutdown Means Government Website Security Certs Aren't Being Renewed”
Or they could automate the renewal with thing like “lets encrypt”
of course that would not solve all problems, but it would need less human intervention
Re: Re:
I’d have to question whether that’s even possible given the differences in registration requirements between .com and .gov.
Either way, there are many examples of similar issues in the private sector, they’re just normally not directly due to a spoiled toddler having a tantrum.
Re: Re: Re:
Re: certificates
Honestly, who has time to manually pull certs? There are quite a few scripts out there to do this from every provider for almost every type of cert.
Re: Re: certificates
I’d imagine automation is something that’s slow to be approved in the public sector. I wouldn’t even be surprised if such a thing is explicitly prevented in order to allow for contract renegotiation, etc. or so as not to imply favouritism toward a specific supplier.
Also, never underestimate the power of management who will favour an inferior solution due to a brand name or because they know a paid solution will give them an out when their incompetence is revealed.
Re: Re: Re: certificates
I’d imagine automation is something that’s slow to be approved in the public sector.
Not just slow, but likely to never happen. The UK gov sites we admin are managed by an elaborate paper driven procedure agreed when Edward was on the throne. It’s triggered by an internal Business Team that asks the Technical Team to generate their certificate request files, upon which they then obtain the necessary certs from the providers. Once obtained, they hand them over to an internal Security Team, who audit/vet them before handing them to the Technical Team for implementation. And that’s the simple version; there are other internal/external Business Units and external Security Teams in the loop.
2 weeks minimum. It’s like ‘Yes Minister’, on steroids.
Re: Re: Re:2 certificates
That’s what I imagined. I’ve never really worked in the public sector, but I’ve seen the bureaucracy in some larger corporate environments in action and have seen no reason to assume that government work would be more streamlined.
Hopefully some thinking people in the US will take this as a warning, though – if something as predictable and easily automated as certificate renewal is failing, just imagine what else is getting ready to collapse.
I’m all for re-opening the damn government.
Re: Re:
The longer it stays shut down, the longer people have to realize that the benefits of having it don’t outweigh the negatives. They will reopen before too long or else find themselves replaces with a working one.
Re: Re: Re:
I would love to believe this is true, but the people who probably should be learning this lesson are likely people who voted into office the man responsible for the shutdown.
Re: Re: Re: Re:
The way this cycle goes is that the people who have just been voted in get blamed for not fixing the damage quickly enough, rather than the people who burned it to the ground in the first place. It’s a sad truth, but sadly a truth.
Re: Re: Re:2 Re:
Given the problem is from before the new House took hold, and Trump is simply not negotiating nor putting someone in charge of negotiating, this is simply China Tariffs 2.0 and most people do know who caused the problem.
Re: Re: Re:3 Re:
I think his saying, out loud and in front of cameras, that he would take the blame for the shutdown may have played a role too.
Re: Re: Re:4 Blame
He also said – quite loudly when someone else was in office, that only the president can be blamed for a shutdown.
Also:
Wall = silliness.
Press releases about it = lies and misstatements. Something thinking people fact-check everytime he opens his lie-hole.
Re: Re: Re:
How’s that paint tasting, Chip?
Re: Re:
Seconded.
Too bad it’s not affecting Trump’s Twitter account too.
Government Actually Gets Things Done -- Who Knew?
Isn’t there a certain class of USian who regularly claims that Government never gets things right and always gets in the way?
Yet here you are, take away the Government for just a few days, and suddenly everybody starts to miss it.
Re: Government Actually Gets Things Done -- Who Knew?
By “everybody” I think you mean “government employees who have been furloughed and a small handful of others”. The rest of us haven’t really noticed a difference. In fact, it seems to me that the government could shut down every year for all but maybe a couple weeks out of the year and we’d all get to pay less in taxes.
At least there is no new terrible legislation going through right now.
Re: Re: Government Actually Gets Things Done -- Who Knew?
You may not notice anything yet but the problem is as this continues you will come to wish the government did operate. Also that the damage to the country will become more permanent.
Yes there are things that can be trimmed from current operations. The problem with a shutdown is that it is like using a chainsaw instead of a scalpel when doing the trimming. You end up losing a lot more than just fat and the opening won’t heal correctly either.
Re: Re: Government Actually Gets Things Done -- Who Knew?
Re: Re: Re: Government Actually Gets Things Done -- Who Knew?
“functioning” is being a bit (ok, a lot) generous. They may still receive paychecks but spending too much time doing anything other than trying to find a way to end the shutdown would be a terrible PR move.
Re: Re: Re:2 Government Actually Gets Things Done -- Who Knew
So no change from before the shutdown then.
Re: Re: Government Actually Gets Things Done -- Who Knew?
I like how you have the audacity to speak for some 327 million people. Makes me think your balls are much, much bigger than your brains.
Re: Re: Re: Government Actually Gets Things Done -- Who Knew?
You have no idea.
Re: Re: Re:2 Government Actually Gets Things Done -- Who Knew
Raisins vs a currant.
Re: Re: Re:3 Government Actually Gets Things Done -- Who
That’s being too generous im thinking more like mustard seeds and grains of sand for his brain.
Re: Re: Government Actually Gets Things Done -- Who Knew?
“The rest of us haven’t really noticed a difference”
Oh, but you will. I’m sorry to see that you’re so incapable of critical thinking that you have to wait for the damage to hit you personally, rather than take easy preventative measures to stop it from happening.
“we’d all get to pay less in taxes.”
Yet, you apparently support something that’s guaranteed to cost you billions, at minimum. Strange.
I’ve been enjoying this government shutdown. Like the national parks having the gates left open and forgoing the $35 entrance fee, free camping, etc. (though by now trash may be getting oppressive) Unlike the Obama shutdown, which went out of its way to force shut everything on federal lands from parks to bike trails to major highways.
But it makes no sense why the can’t government do any labor-shifting, in much the same way that companies routinely handle strikes by sending the executives and engineers to work the assembly lines? The vast majority of the federal government does not do anything that’s essential on a daily basis, and the fully-funded parts, such as the military, could easily switch to other duties.
Re: Re:
“the fully-funded parts, such as the military, could easily switch to other duties.”
I don’t know what’s more sad. The fact that you freely admit that the insane amount of money that you spend on your military would be better spent elsewhere. Or, the fact that you believe that your government doesn’t hire anyone with any actual professional knowledge or experience since they’re so easily replaced.
Re: Re: Re:
By “sad” I presume you mean “inherently obvious”.
Re: Re:
I wonder if you’re also a fan of all the vandalism, too.
Re: Re:
Who let the dinosaurs out?
Re: Re:
I don’t know about you, but I’m terrified that more government workers aren’t classified as essential. Safety inspectors for the FAA are currently furloughed. That means inspections just aren’t happening. Think about that for a minute. Hell, I’m glad I’m not an airline investor. Between the lack of inspections and the lack of pay for air traffic controllers this shutdown is turning air travel into the worst game of Russian roulette ever. Then again if there is a crash that can be traced to the shutdown as the root cause maybe the airlines will soon be wealthy if they can sue the government for negligence.
Re: Re: Re:
The inspectors verify that the airlines have done their jobs. If the airlines can blame-shift their negligence onto the inspectors because they didn’t do the inspection it will be a sad day for us all.
Blame where it’s due. In software we don’t blame our Quality Assurance people when they fail to catch a bug written by Engineering. We praise them when they do but Engineering is at fault for bugs. Always. No difference in other industries.
Re: Re: Re: Re:
In software we don’t blame our Quality Assurance people when they fail to catch a bug written by Engineering.
This is how we can tell you’re lying.
Re: Re: Re: Re:
“If the airlines can blame-shift their negligence onto the inspectors because they didn’t do the inspection it will be a sad day for us all.”
Yet, that’s what they’ll do. Quite often, these things are there because companies cut corners to save money. Plenty of middle management types spend their days raging at people who won’t let them put margins over and above peoples’ safety, because they always believe they know better and the precautions are not necessary.
Now they can take shortcuts and blame the lack of oversight when problems aren’t caught – and you think this won’t happen?
“In software we don’t blame our Quality Assurance people when they fail to catch a bug written by Engineering”
I somehow doubt you’ve ever worked in industry, certainly not for a larger corporate entity.
Re: Re:
Please. Oh PLEASE give me an example. This is your libertarian wet dream. A society without a government telling you what to do.
I am giving you the power. Who do you behead to never return?
Oh please tell me oh wise one who never needs to see a paycheck again?
Please tell me what services are not important enough.
Re: Re: Re:
“Please. Oh PLEASE give me an example.”
Just to name one, HUD, the Department of Housing and Urban Development, would be high on my list of “federal agencies that are not just useless, but counter-productive.”
Much of the gargantuan federal government is basically a “workfare” program for minorities. Perhaps it served a real need back in the 1960s when Johnson’s “Great Society” programs were born, but today serves as a lingering remnant of the kind of socialism that even hardline socialist countries abandoned.
Re: Re: Re: Re:
I found the racist!
Re: Re: Re: Re:
Having given an example, please verify the example. What data do you have indicating that the Dept. of Housing and Urban Development is useless and counter-productive?
Re: Re: Re:2 Re:
https://www.nbcnews.com/politics/white-house/because-shutdown-more-1-000-affordable-housing-contracts-have-expired-n955971
Quite to the contrary they’re very useful in propping up our corporate overlords who choose not to pay a living wage by subsidizing their serfs’ housing costs. At least under feudalism the vassals would house their serfs.
Re: Re: Re: Re:
Ah, the classic “this thing that is working has worked, so we don’t need it anymore!” stupidity.
Re: Re: Re:
It’s also a dream of the Republicans who favor smaller government. At least in theory.
Re: Re: Re: Re:
Yeah they also claimed to want a balanced budget then went and passed a bad tax cut bill that will cause the US to go even greater into debt.
Re: Re: Re:2
Party A wants a balanced budget when Party B is in office, and vice versa.
Re: Re:
That’s a real nice butbutbutObama you got there bro. Also you’ve obviously never been in a strike or have the remotest clue how a business runs during one.
Re: Re:
You know I wouldn’t let a doctor work on my car and I sure as shit wouldn’t want a GI inspecting my food or trying to monitor air quality or hell, being a project manager at the VA. I don’t know what fantasy world you live in where mid level managers know how to drop an engine block into a car or demolitions expert can run IRS tax software.
Re: Re:
https://en.wikipedia.org/wiki/United_States_federal_government_shutdown_of_2013
That was the GOP’s fault; the idea was to derail the Affordable Care Act.
For all you know they may be doing some labor-shifting, but the upper level appointees are probably bogged down doing the lower level work that’s required for them to do their executive work. Manning the entry booth at a national park doesn’t qualify.
There’s probably also some civil service regulations to prevent Civil Service work being done by appointees. Otherwise it would be too easy to terminate employees for political reasons.
I wish the Dems would pass a bill with a border wall, but also with everything from Student Loan forgiveness to DACA and other immigration reforms. Give Pres. Trump a choice: either a clean bill with no wall, or a bill that funds his symbolic pork-barrel, but forces him to accept a significant part of their agenda in return. At a minimum, roll back some of the Trump corp and high-income tax cuts to “pay for the wall”.
Oh, and explicitly fund the Mueller investigation to the end of the FY, so the new DoJ leadership doesn’t play games with their budget.
Re: Re:
Everything after this assumes the Senate would pass the same bill and force Trump into making a decision. Since Mitch McConnell would probably rather die that put Trump in the path of a Sophie’s Choice like yours (and a could-be-successful override vote in the Senate if he chooses to veto), I doubt that would happen.
Re: Re:
Nah that is bad form. It allows Trump/GOP to completely change the conversation and rightfully flip the argument so the Dems are trying to play politics with the budget. that they are being the stubborn ones by only accepting a bill with X additions. Everyone with half a brain sees the only stubborn one is Trump here. Adding in the political wishlist for the Dems flips that argument.
Commentary
Proposal: make all government functions non-essential.
Prediction: threat of imminent collapse will galvanize unanimous response.
Warning: response will have high likely-hood of unintended consequences.
Optimism: UBI(universal basic income) utopia
Pessimism: new dark age dictatorship
Re: Commentary
UBI would not result in Utopia. At all.
What it would do is force the likes of me to pay more tax so the idle rich could have pocket money.
Re: Re: Commentary
Perhaps, but the cost of means testing would exceed the benefits.
I’m okay with paying more in taxes to make sure nobody starves. If that means pocket change for the idle rich, that’s a price I’m willing to pay. Just as I don’t mind paying for rich kids to go to public school, should their parents so choose.
Incompetence, not shutdown.
The certificate for the example you show (ows2.usdoj.gov) expired on December 17, before the shutdown started.
Re: Incompetence, not shutdown.
If that’s true, that makes one wonder if there isn’t a conspiracy to make it look worse than it is.
One would presume that it would have been noticed before the shutdown if it was expired… but it seems everyone noticed it after the shutdown started.
Was it reverted to the older cert after the shutdown?
Re: Re: Incompetence, not shutdown.
“One would presume that it would have been noticed before the shutdown if it was expired”
Who says it wasn’t?
“but it seems everyone noticed it after the shutdown started.”
By “everybody” you mean Netcraft and by “after the shutdown started”, you mean “after the certificates expired” (most of which examined having expired after the shutdown).
“Was it reverted to the older cert after the shutdown?”
Occam’s razor does help with most such conspiracy theories. Which is more likely – relatively mundane repetitive tasks are simply not being done by a department which is shut down for the second time in the space of a year, or that people are deliberately reinstalling expired certificates in order to make it look like they’re more important than they are?
Re:
Verified:
The certificate expired on December 17, 2018, 6:34 PM. The current time is January 15, 2019, 10:56 AM. (my time zone is UTC+1)
Re: Re: Re:
It’s not quite as damning with that in mind, but pretending those dates mean the certificate expiry has nothing to do with the shutdown is probably just as disingenuous as saying there were no other factors.
Re: Incompetence, not shutdown.
Well done, you located a date mentioned in the linked article. There are others mentioned, with more recent expiry dates.
Over the past 2 years Trump has proven he’s incapable of doing the job of POTUS. Now, he’s unwilling to even go through the motions. Since he refuses to work, he should just be fired.
Of course he’s a Russian agent. It’s been clear for some time that his goal is to ruin this country.
Just shut him down and put a wall around him–four walls actually… like a prison cell? (you know, for treason).
Re: Re:
Your first point is inaccurate.
Trump proved his complete incompetence at presidenting beyond all reasonable doubt long before his election.
The two years after have merely been putting adamantine reinforcement on it.
Re: Re: Re:
He promised to run the government like one of his businesses. Those who voted for him just didn’t bother to do the research to see that the way he did that was by running them into bankruptcy and stiffing contractors.