Even the largest companies, that have bullet-proof security systems and are well-know for their attention to details, make mistakes in their servers configuration. Most of the downtime periods are transparent to users due to extended use of redundant server/network architecture, but every other day errors surface to the front page of the websites.
It’s been a few weeks since I spotted this particular misconfiguration on the GMail website: use any modern browser and point it to https://www.gmail.com/. You will get a Security Alert saying that there is a problem with the certificate used by GMail.
While it is not a big deal in itself (the certificate is valid for https://mail.google.com/) the recently released version of Firefox 3 makes it harder for a user to access the website as you need to add an exception for this particular rule.
Last time I checked a SSL certificate costs just a few hundred dollars, which I believe that Google can afford to spend every year, right? My opinion: GMail – Get Your SSL Certificates Right! as the service provided until now has been really good!
Leave a Reply!