INSUBCONTINENT EXCLUSIVE:
Image copyrightGetty ImagesImage caption
Companies need to set themselves reminders to update digital certificates, say
experts
Some well-known websites could stop functioning properly on Wednesday, 4 March, after a bug was found in the digital
certificates used to secure them.The organisation that issues the certificates revealed that three million need to be immediately
revoked.Visitors to affected sites will be greeted with an alert warning them the site is insecure.One expert said the issue could result in
a "loss of trust".The internet security research group (ISRG) is the non-profit organisation behind the project, Let's Encrypt, and last
month celebrated issuing its billionth certificate.The project has some high-profile backers, including Cisco, Facebook and Google, and is
widely credited as one of the driving forces behind businesses securing their websites.In a notification email to its clients, the
organisation said: "We recently discovered a bug in the Let's Encrypt certificate authority code."Unfortunately, this means we need to
revoke the certificates that were affected by this bug, which includes one or more of your certificates
To avoid disruption, you'll need to renew and replace your affected certificate(s) by Wednesday, March 4, 2020
We sincerely apologise for the issue."Digital certificates are basically small pieces of code created by using sophisticated mathematics
that ensure that communication between devices or websites are sent in an encrypted manner, and are therefore secure.They play an essential
role in keeping IT infrastructure up and running safely and are issued by certificate authorities, who electronically verify that the
When issued, these certificates are given an expiration date of anything between a few months and several years.Visitors to those websites
not able to renew their certificate by this date will see security warnings telling them that the site is insecure.On a community forum, one
website manager, based in New Zealand, complained he had only received "75 minutes" notice of the need to update, which he said was
"unacceptable".Alan Woodward, a professor of computer science at Surrey University, told the TheIndianSubcontinent: "Let's Encrypt is a
significant part of the security infrastructure of the web."He said that while it had "responsibly" revealed the bug, its clients faced
uncertainty."Nobody knows how they will deal with it
Businesses will have to apply for a new certificate so there could be an interruption to services which will result in a loss of trust
Users will experience websites that say they have a security problem."While the organisation has issued a list of the certificate numbers,
it has not made public the names behind them but Prof Woodward said it would probably affect "well-known" websites.
