
Doesn't surprise me.
I'm amazed it doesn't simply ask you to download a form and fax it to them.
UK.gov's judiciary website has had its security compromised after bungling administrators failed to renew a security certificate. The judiciary.gov.uk site is designed to provide information on Blighty's top legal bods and information on judgments. It represents the Judicial Office, which reports to the Lord Chief Justice and …
"A spokesman from the Judicial Office told El Reg that people wanting to access their site should do so by clicking past the security warning."
Good grief!
"... just because a certificate has expired does NOT mean that the communications are no longer encrypted"
No, but it may as well. If I can't be sure who gave me the info, or who I'm giving it to, it hardly matters that it's encrypted at all!
Because you now can't tell the difference between a certificate which expired this morning and a false certificate which has been set up to expire early this morning set up by a MITM, both pop up the same warning.
It really should make clear that the identity is correct but the certificate expired a little while ago instead of saying 'ARGH, I don't like this certificate at all'. But then again, this shouldn't really have happened in the first place, the site owner should take certificates seriously. In that way a huge great honking warning when something's wrong is the correct way to get site owners into compliance.
One of them must be that they're using actual SSL instead of TLS. I'd not use them for anything I could avoid it.
I can't get any https pages from them to load at all, and the only reason I can think of is that I have old-school SSL completely disabled in both Firefox and Windows.