Here’s a side-effect of the government’s continuing shutdown that many people had not anticipated: Expiring TLS Certificates used for web security. Most people clearly see the impacts of national parks closing and the like.
It’s worth remembering that the government’s IT staffed as been classified as ‘non-essential’ too, which means they’re currently sitting at home twiddling their thumbs, waiting for the politicians to decide what’s next and get the doors of government opened up again.
Unfortunately, that’s beginning to have an impact on the vast collection of websites the government maintains. TLS certificates are beginning to expire. Currently, there are more than 80 government websites are either insecure or inaccessible due to expired certificates.
If you visit a website with an expired certificate, depending on the browser you’re using you’ll get some type of highly visible warning, and may not even be able to proceed to the site. Even if you are, know that doing so carries added risk. Sites without certificates, or sites with expired ones are much more vulnerable.
Among a great many others, this has impacted the Department of Justice website, NASA’s rocket testing site, and one of the sites used by the US Court of Appeals. As the shutdown grinds on, this list will only expand and grow.
Worse, the longer the shutdown lasts, the more likely it is that some governmental sites will simply go offline. When that happens, it opens a big door to hackers to spoof government sites and begin causing all sorts of trouble.
The bottom line is that for the foreseeable future, take an added measure of care when navigating to government websites. Thanks to the shutdown, many of them are not as secure as they could be, and the problem is certain to worsen over time. Be careful with internet for a while.
