SPOTTED: 2 Weeks After Expiration, State House Website’s Security Certificate Not Renewed
The security certificate of the State House’s website (www.statehouse.gov.ng) expired about two weeks ago, but the government has failed to renew it.
The Press noticed on April 23 that the website’s security certificate had expired, as an error message popped up when our reporter visited. The message read:
“Your connection is not private. Attackers might be trying to steal your information from statehouse.gov.ng (for example, passwords, messages or credit cards).”
Website users feel more comfortable when they are sure that they are visiting a genuine and secure site. As an official information channel of the Nigerian government and perhaps the country, many local and foreign journalists, researchers and even citizens rely on the website to obtain relevant data and some other content.
The State House, which is the country’s seat of power, maintains the website as an official medium of communication, providing information relating to policies and programmes, including the president’s local and foreign trips.
On April 18, 2024, the security feature expired, and today marks the twelveth day since the website has been insecure.
The domain address, which was registered on December 25, 2008, is in good shape. But the expiration of its transport layer security (TLS), according to Sucuri, a website scanner, has exposed it to a medium security risk.
TLS helps to ensure security of data exchanges and communication between the different layers and points of a website. Once it expires, attackers can easily decrypt the data on the website, making users vulnerable through their personal information that can be stolen through the medium.
Public institutions in Nigeria have an unenviable record of showcasing a lukewarm attitude to digital information management. On April 14, FIJ reported how the portal designated by the Nigeria Police Force for reporting cybercrime was insecure.
The Press also recently investigated how XpressVerify, a dodgy website, was having access to and selling millions of Nigerians’ personally identifiable information stored in the National Identity Database under the control of the Nigerian Identity Management Commission (NIMC).
All of this happened despite the guidelines approved for government offices by the National Information Technology Development Agency (NITDA) on safe and secure web management practices.
FIJ