The official website of the Kwara State Government, kwarastate.gov.ng, is currently unsafe for visitors due to its expired security layer certificate.
Leading reporters learnt that the website’s Secure Socket Layer (SSL) certificate expired on Monday and its administrators are yet to renew it.
When FIJ first visited the website on Tuesday to gather some information concerning a report, the browser stated, “Your connection is not private. Attackers might be trying to steal your information from kwarastate.gov.ng (for example, passwords, messages, or credit cards).”
By Wednesday, we found that the issues with the website were still the same: connection was not private and the site was unsafe for visitors.
The SSL is standard technology for securing an internet connection by encrypting data sent between a website and a browser to protect user privacy. It also prevents hackers from seeing or stealing any information transferred, including personal or financial data.
Checks through the site information for kwarastate.gov.ng showed that its one-year SSL certificate was issued on January 27, 2024, at 10:46:26 pm, and it expired on January 27.
The state government’s failure to secure the site by renewing this certificate violates Section 7.3.3 of the standards and guidelines for government websites set down by the National Information Technology Development Agency (NITDA).
A portion of the section reads: “In ensuring the security of Web Content, Government Institutions shall: i. Commit to a continuous process of maintaining the security of Web Servers to ensure continued security. ii. Use authentication and cryptographic technologies as appropriate to protect certain types of sensitive data with differing access privileges. It is recommended that SSL be used for any cryptographic implementation.”
In a previous FIJ report published in July 2024, Francis Ihejirika, a software developer, revealed that renewing an SSL could be free or cost between $5 and $59.
Ihejirika had told FIJ that leaving the website without renewing the SSL certificate exposes users to certain security risks.
“If one is sending sensitive information via a form or any other means on the site, a bad actor can intercept that data and cause havoc with it. If they leave the site like that, everyone who visits will see the error and will be vulnerable to leaks,” the software developer said.
FIJ called Rafiu Ajakaye, the chief press secretary to the state government, but his number was unreachable. At press time, he had not responded to the WhatsApp and text messages sent to him.
Source: FIJ
