Gmail certificate expiry snafu follows security upgrade
Print storyWebmail service POP losses its fizzle
Posted in Enterprise Security, 30th July 2008 15:22 GMT
Free Download - Security Web 2.0
Update Google allowed one of its Gmail SSL certificates to expire days after promising users improved webmail security.
Because Google's certificate for IMAP/POP traffic expired on Tuesday users were confronted by a potentially confusing "invalid certificate" warning. In some cases users may also have been left unable to send email. Google fixed the problem within hours on Tuesday afternoon (US time).
The snafu comes less than a week after Gmail improved security by making sure users of the popular web mail service go through a secure connection each time they access their account online.
Forgetting to renew a digital certificate can happen to any organisation, as Microsoft and HSBC (among many others) are able to testify. Even though a certificate is out of date a secure connection with a site can still be established. Google makes it its business to index all the world's data so its own failure to manage a key domain is an embarrassing faux pas even though no harm, or much inconvenience, was caused.
Reg reader Peter Houppermans, who brought the slip-up to our attention, drily notes that users are now so well trained to blithely click on past invalid certificates, so that this sort of thing should present no great problem. ®
Implementing Energy Efficient Data Centers [WP114]
An Improved Architecture for High-Efficiency, High-Density Data Centers [WP126]
The Register Guide to Extended Validation
The Botnet Threat
The Perfect (Virtual) Marriage
Inmate hacked prison network, broke into employee database
Miscreants hijacking machines via (freshly patched) Adobe flaw
Martial law planned for Craigslist's red-light district
Cocaine addicted IT manager hacks ex-employer's mail servers