back to article Instagram's HTTPS cert expires, millions of crap photographers panic

Instagram's SSL certificate has expired, showing the urine-filled-swimming-goggles-vision site's supposed commitment to security seems to have been a bit of a filter-job. Instagram first rolled out HTTPS in 2014 when a vulnerablity was reported by InfoSec specialist Mazin Ahmed. Ahmed used Wireshark to captured unencrypted …

  1. pixl97

    I have to admit that I've let certs expire on some small easily missed sites before, but how the hell do you let a cert expire that has millions of people hitting it? You don't have to wait to the last day to put the new cert in. In general I'll replace the cert a full 30 days before it expires in case the cert provider decides it needs to take a while to review your account for one reason or another.

    1. This post has been deleted by its author

    2. ElReg!comments!Pierre
      Meh

      *grumble* Get offa me lawn *grumble* *grumble*

      Perhaps because Instagram is as serious about security as they are about photography?

      As a person who thinks highly of both security and photography I can't help but feel the Schadenfreunde urge. I'm not myself very good at photo, but at least I'm trying not to be overly cheesy. I'm not perfect at security either, but I challenge y'all to prove me that "perfect security" ain't an oxymoron in this day and age.

      A toy-photo app/site is proven to have toy-like IT support. Big surprise.

      I'm a lot more concerned when I hear of major IT players with enterprise-grade contracts happen to make the same mistake. Which, worryingly enough, happens way too often.

    3. Phil O'Sophical Silver badge

      how the hell do you let a cert expire that has millions of people hitting it?

      My guess is that the certificate was registered to fred.bloggs@instagram.com and no-one though to change that to fred.bloggs@facebook.com, so the reminder email never arrived. Maybe Fred Bloggs didn't even stay after the acquistion?

  2. clocKwize

    Rookie mistake.

  3. Anonymous Coward
    Anonymous Coward

    More funding needed

    Facebook officials announce a new Series Z funding round to bring in $1 Trillion in additional funds to improve security.

    "After our $1 Billion acquisition, we discovered some infrastructure issues that need to be resolved" said the head of Facebook security. Part of the Trillion dollars will go toward building a Centralized Certificate Monitoring Facility, staffed with 1500 trained certificate expiration experts who will daily monitor the current date and leap into action with the $50 renewal payment well before expiration.

    The CCMF center will be located in India and will be a source of quality jobs for Mumbai residents, although it will be incorporated in Ireland for tax reasons.

  4. John 104
    FAIL

    Inexcusable

    Completely inexcusable. Certs can be bought for next to nothing and can have expiration dates that span years. We all know this. How is it that no one at IG noticed that this certificate was expiring? Bad management, rookie admins, and overall unprofessional work ethic.

    Then again, what do you expect from the likes of social media megas like FB and their minions. Somehow these business are surviving with one of the most pathetic products I've ever seen. FB reminds me of the web in the 90s...

  5. Anonymous Coward
    Anonymous Coward

    > "millions of crap photographers panic"

    You made my day with that, thank you.

    > "the urine-filled-swimming-goggles-vision site"

    Then you surpassed even yourselves with that fine gem! Thanks Reg!

  6. Anonymous Coward
    Anonymous Coward

    Well I have had this from Paypal and both my banks over the years, so overall I don't take a businesses committment to security very highly....

    Then again, I tried to renew my own signing certificate, and found it almost impossible - in the end went somewhere else and got a new one, by that time the old one was well expired. So maybe I shouldn't be first to hurl stones

  7. Mark 85

    Here's the problem....

    "At the moment Facebook accepts the risk of parts of Instagram communicate over HTTP and not HTTPS.

    What risk is faced by Facebook and Instagram. It's the users.. err... product... that get the headaches and problems.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like