I have to admit that I've let certs expire on some small easily missed sites before, but how the hell do you let a cert expire that has millions of people hitting it? You don't have to wait to the last day to put the new cert in. In general I'll replace the cert a full 30 days before it expires in case the cert provider decides it needs to take a while to review your account for one reason or another.
Instagram's HTTPS cert expires, millions of crap photographers panic
Instagram's SSL certificate has expired, showing the urine-filled-swimming-goggles-vision site's supposed commitment to security seems to have been a bit of a filter-job. Instagram first rolled out HTTPS in 2014 when a vulnerablity was reported by InfoSec specialist Mazin Ahmed. Ahmed used Wireshark to captured unencrypted …
COMMENTS
-
-
This post has been deleted by its author
-
Thursday 30th April 2015 15:11 GMT ElReg!comments!Pierre
*grumble* Get offa me lawn *grumble* *grumble*
Perhaps because Instagram is as serious about security as they are about photography?
As a person who thinks highly of both security and photography I can't help but feel the Schadenfreunde urge. I'm not myself very good at photo, but at least I'm trying not to be overly cheesy. I'm not perfect at security either, but I challenge y'all to prove me that "perfect security" ain't an oxymoron in this day and age.
A toy-photo app/site is proven to have toy-like IT support. Big surprise.
I'm a lot more concerned when I hear of major IT players with enterprise-grade contracts happen to make the same mistake. Which, worryingly enough, happens way too often.
-
Thursday 30th April 2015 16:39 GMT Phil O'Sophical
how the hell do you let a cert expire that has millions of people hitting it?
My guess is that the certificate was registered to fred.bloggs@instagram.com and no-one though to change that to fred.bloggs@facebook.com, so the reminder email never arrived. Maybe Fred Bloggs didn't even stay after the acquistion?
-
-
Thursday 30th April 2015 14:58 GMT Anonymous Coward
More funding needed
Facebook officials announce a new Series Z funding round to bring in $1 Trillion in additional funds to improve security.
"After our $1 Billion acquisition, we discovered some infrastructure issues that need to be resolved" said the head of Facebook security. Part of the Trillion dollars will go toward building a Centralized Certificate Monitoring Facility, staffed with 1500 trained certificate expiration experts who will daily monitor the current date and leap into action with the $50 renewal payment well before expiration.
The CCMF center will be located in India and will be a source of quality jobs for Mumbai residents, although it will be incorporated in Ireland for tax reasons.
-
Thursday 30th April 2015 15:11 GMT John 104
Inexcusable
Completely inexcusable. Certs can be bought for next to nothing and can have expiration dates that span years. We all know this. How is it that no one at IG noticed that this certificate was expiring? Bad management, rookie admins, and overall unprofessional work ethic.
Then again, what do you expect from the likes of social media megas like FB and their minions. Somehow these business are surviving with one of the most pathetic products I've ever seen. FB reminds me of the web in the 90s...
-
Thursday 30th April 2015 20:33 GMT Anonymous Coward
Well I have had this from Paypal and both my banks over the years, so overall I don't take a businesses committment to security very highly....
Then again, I tried to renew my own signing certificate, and found it almost impossible - in the end went somewhere else and got a new one, by that time the old one was well expired. So maybe I shouldn't be first to hurl stones