ssl apocalypse, anyone ?From: ano...@anon.com
Tue, 3 Mar 2020 21:13 UTC
the corona virus for the internet, in good sync with the real thing.
let's watch the whole thing collapse...suckers...just use tor, lol
Millions of websites face 'insecure' warnings
3 March 2020
Share Image copyright Getty Images
Some well-known websites could stop functioning properly on Wednesday, 4 March, after a bug was found in the digital certificates used to secure them.
The organisation that issues the certificates revealed that three million need to be immediately revoked.
Visitors to affected sites will be greeted with an alert warning them the site is insecure.
One expert said the issue could result in a "loss of trust".
The internet security research group (ISRG) is the non-profit organisation behind the project, Let's Encrypt, and last month celebrated issuing its billionth certificate.
The project has some high-profile backers, including Cisco, Facebook and Google, and is widely credited as one of the driving forces behind businesses securing their websites.
In a notification email to its clients, the organisation said: "We recently discovered a bug in the Let's Encrypt certificate authority code.
"Unfortunately, this means we need to revoke the certificates that were affected by this bug, which includes one or more of your certificates. To avoid disruption, you'll need to renew and replace your affected certificate(s) by Wednesday, March 4, 2020. We sincerely apologise for the issue."
Digital certificates are basically small pieces of code created by using sophisticated mathematics that ensure that communication between devices or websites are sent in an encrypted manner, and are therefore secure.
They play an essential role in keeping IT infrastructure up and running safely and are issued by certificate authorities, who electronically verify that the certificates are genuine. When issued, these certificates are given an expiration date of anything between a few months and several years.
Visitors to those websites not able to renew their certificate by this date will see security warnings telling them that the site is insecure.
On a community forum, one website manager, based in New Zealand, complained he had only received "75 minutes" notice of the need to update, which he said was "unacceptable".
Alan Woodward, a professor of computer science at Surrey University, told the BBC: "Let's Encrypt is a significant part of the security infrastructure of the web."
He said that while it had "responsibly" revealed the bug, its clients faced uncertainty.
"Nobody knows how they will deal with it. Businesses will have to apply for a new certificate so there could be an interruption to services which will result in a loss of trust. Users will experience websites that say they have a security problem."
While the organisation has issued a list of the certificate numbers, it has not made public the names behind them but Prof Woodward said it would probably affect "well-known" websites.
Posted on def4
Re: ssl apocalypse, anyone ?From: Retro ...@rslight.i2p
Tue, 3 Mar 2020 22:44 UTC
And here's the email, which I just received:
rocksolid light 0.6.6
We recently discovered a bug in the Let's Encrypt certificate authority code,
Unfortunately, this means we need to revoke the certificates that were affected
by this bug, which includes one or more of your certificates. To avoid
disruption, you'll need to renew and replace your affected certificate(s) by
Wednesday, March 4, 2020. We sincerely apologize for the issue.
If you're not able to renew your certificate by March 4, the date we are
required to revoke these certificates, visitors to your site will see security
warnings until you do renew the certificate. Your ACME client documentation
should explain how to renew.
If you are using Certbot, the command to renew is:
certbot renew --force-renewal
If you need help, please visit our community support forum:
Please search thoroughly for a solution before you post a new question. Let's
Encrypt staff will help our community try to answer unresolved questions as
quickly as possible.
Posted on Rocksolid Light