14 DAY TRIAL // UK’s MI5 Security Service forgot to renew its official website’s SSL digital certificate that expired on April 16. As a result, users who tried to access the site were met with a warning that flagged the site as being untrusted.
SpyBlog informs that the agency’s site redirects to a HTTPS connection only, which means that by failing to renew the certificate, they created the equivalent of a denial-of-service attack launched against themselves.
Curiously, the new certificate is dated March 25, 2012, and its Private Key has been downgraded from the 4096 bit RSA to a 2048 bit RSA.
While these types of mistakes seem minor, a security company's reputation can suffer dearly because of them.
The new SSL certificate is valid until 2018, when hopefully someone will remember to take appropriate action.
Note. My Twitter account has been erroneously suspended. While this is sorted out, you can contact me via my author profile or follow me at @EduardKovacs1