Cobweb 'fesses up to failure to renew SSL certificate
It was a 'technical' issue
Cloudy service provider Cobweb Solutions has 'fessed up to failing to renew its SSL certificate, leaving a number of its customers potentially exposed.
The lack of a protocol for secure communication only came to light after one of Cobweb's customers got in touch to report the issue.
Adrian Smith, security consultant, informed Cobweb's support team of the blunder. But because he wasn't the specific account-holder, he was told the issue could not be logged.
Smith is a customer of Cobweb, and noticed the issue as the blunder had a knock-on effect on the security of his own customers' sites.
He said: "The main concern was that as customers were able to bypass the SSL, they were then sending unencrypted traffic, which is highly worrying, particularly for regulated firms."
Smith noted that the company had also experienced major problems with its email several weeks ago, an issue that also affected several of his customers.
A spokesman from Cobweb got back to El Reg several hours after we approached it for comment, only to say the problem had now been fixed.
"We experienced a technical issue with a SSL certificate renewal for one service, this morning," he said.
"The issue was rectified as soon as possible and all systems are working normally now, with a very small handful of customers having been affected. At no point was customer data at risk, or any connection insecure," he added.
The certificate expired at midnight yesterday, and was only hastily renewed early this afternoon. ®
Sponsored: Becoming a Pragmatic Security Leader