(Jan 16) PolicyKit could allow unintended access.
Comment
(Jan 16) PolicyKit could allow unintended access.
(Jan 16) An update for python-django is now available for Red Hat OpenStack Platform 13.0 (Queens). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
(Jan 16) An update for pyOpenSSL is now available for Red Hat OpenStack Platform 13.0 (Queens). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
Dozens more U.S. government websites have become inaccessible since last week, when Netcraft highlighted the impact of security certificates expiring during the federal shutdown.
As of today, more than 130 TLS certificates used by U.S. government websites have expired without being renewed. Some of these sites are now completely inaccessible in modern browsers due to their strict transport security policies.
The latest sites to be affected include some particularly prominent examples.
Take https://manufacturing.gov, for instance. While Trump is keen to highlight the performance of U.S. manufacturing during his administration, the shutdown has meant that nobody was available to renew the site’s TLS certificate when it expired on 14 January 2019. Consequently, https://manufacturing.gov is dead in the water, along with https://manufacturingusa.com which shares the same certificate.
Furthermore, as https://manufacturing.gov appears in Chromium’s HSTS preload list, visitors are unable to bypass the browser’s security warnings, rendering the site unreachable.
manufacturing.gov appears in Chromium’s HSTS preload list, which ensures that the website’s strict transport policy will always be enforced, even when a browser has never visited the site before. www.manufacturing.gov uses a different certificate, which is currently valid.
A White House subdomain at https://pages.mail.whitehouse.gov has also become unreachable. The certificate used by this site expired on 15 January 2019 and has not been renewed. This site is also covered by an effective preloaded HSTS policy.
White House security warnings in Mozilla Firefox.
Other notable websites to have been affected by expired certificates over the past five days include two FAA (Federal Aviation Authority) websites, a National Archives customer portal, the FFIEC (Federal Financial Institutions Examination Council) Anti-Money Laundering Infobase, several Department of Agriculture sites, and several governmental remote access services.
When the federal government restarts, the White House will need to renew its certificate for pages.mail.whitehouse.gov. The list price for a replacement DigiCert organisation validated certificate — similar to the expired one — could be up to $399 per year, or about 70 Big Macs.