Gmail certificate expiry snafu follows security upgrade
Print storyWebmail service POP losses its fizzle
Posted in Enterprise Security, 30th July 2008 15:22 GMT
VMware whitepaper - The business case for Virtualization
Update Google allowed one of its Gmail SSL certificates to expire days after promising users improved webmail security.
Because Google's certificate for IMAP/POP traffic expired on Tuesday users were confronted by a potentially confusing "invalid certificate" warning. In some cases users may also have been left unable to send email. Google fixed the problem within hours on Tuesday afternoon (US time).
The snafu comes less than a week after Gmail improved security by making sure users of the popular web mail service go through a secure connection each time they access their account online.
Forgetting to renew a digital certificate can happen to any organisation, as Microsoft and HSBC (among many others) are able to testify. Even though a certificate is out of date a secure connection with a site can still be established. Google makes it its business to index all the world's data so its own failure to manage a key domain is an embarrassing faux pas even though no harm, or much inconvenience, was caused.
Reg reader Peter Houppermans, who brought the slip-up to our attention, drily notes that users are now so well trained to blithely click on past invalid certificates, so that this sort of thing should present no great problem. ®
An improved architecture for high-efficiency, high-density data centers
The Business Case for Virtualization
Distribute the workload for greater efficiency and power
HP and VMware take the cost and complexity out of IT
Rethink virtualization in business terms
Scareware mongers hitch free ride on Microsoft.com and others
Home Office death list 'stops ID fraud'
Boffin brings 'write once, run anywhere' to Cisco hijacks
Electronic votes mysteriously vanish in Ohio election