HackDig : Dig high-quality web security articles for hacker

Instagram’s SSL/TLS Certificate Just Expired, Security Warnings Pop Up

2015-04-30 13:20

The SSL/TLS certificate validating a trusted connection between Instagram clients and the service’s server has just expired, causing browsers to issue a warning about a possible risk of losing sensitive information.

A digital certificate is issued by a trusted authority known as Certificate Authority (CA), which guarantees that users connect to the legitimate owner of the domain.

They have an expiration date that needs to be renewed by the owner periodically by paying a fee to the root CA. Usually, companies set certificate management policies to expand validity and avoid service disruption.

Connection is still encrypted

However, in the case of Instagram, the certificate renewal process was not initiated and attempting to connect to the servers now generates a trust-related error in the web browser.

“This server could not prove that it is instagram.com; its security certificate expired 0 day(s) ago. This may be caused by a misconfiguration or an attacker intercepting your connection. Your computer's clock is currently set to Thursday, April 30, 2015,” reads the warning in Google Chrome.

The certificate is issued by DigiCert CA and the validity period was set from March 1, 2014, until April 30, 2015, at 12 PM UTC.

With expired certificates, the connection between the client and the server is still encrypted, but it is no longer recognized as trusted. As such, the green padlock in the browser address bar changes to reflect this aspect.

Mobile service is not affected

Some people have expressed on Twitter their worries of Instagram having been hacked, while many others have directed their messages to the service’s Twitter profile informing about the nature of the problem.

In the meantime, Instagram is silent on the microblogging platform and has yet to refresh its tweet feed, as at the moment of writing it shows that the last post was published about 19 hours ago.

It looks like the trouble is limited to the instagram.com website and has not affected the service for the mobile clients.

A similar incident occurred earlier this month with the certificate that validated the server managing email flow through the Gmail service. In that case, email clients returned error messages upon trying to send emails. At the time, Google solved the problem in about a couple of hours.

[UPDATE]: Instagram acted quickly and extended the validity of the certificate for instagram.com domain until October 15, 2015.

Instagram's SSL/TLS certificate renewed
Instagram's SSL/TLS certificate renewed

Source: GdhNWamlGdyV2QtMFTU1CTTNVLz1SbhJ3ZhR3cul0LzdXZu9SbvNmLhlGZlBHdm92cuM3dl52LvoDc0RHa/ca.ssr.dps

Read:2143 | Comments:0 | Tags:Security

“Instagram’s SSL/TLS Certificate Just Expired, Security Warnings Pop Up”0 Comments

Submit A Comment



Blog :

Verification Code:


Share high-quality web security related articles with you:)


Tag Cloud