Tech News

Google Brings Out Symantec’s Insecurity Issues

Google Brings Out Symantec’s Insecurity Issues

google brings out symantecs insecurity issues 2015 techSymantec web security certificates may soon be branded as insecure by Google. It’s hard to believe as Symantec is one of the largest security companies out there. But that is because Symantec has been using several domains as its testbed for pre-production security certificates. Google is one of those domains, and they’re not fond of the idea of being Symantec’s guinea pig.

Security certificates tell browsers and apps that certain websites that make use of SSL are safe to visit. Otherwise, an alert is issued by the browser that the website may be unsafe or are blocked even without internet security software.

Symantec has disclosed that it has issued less than 200 test certificates to 76 registered domains without their permission. Google found out later that the company issued over 2,000 more to unregistered domains. That in itself is a terrible offense in part of Symantec. It might as well be a breach in security in part of the affected domains. With such a practice, unscrupulous persons within Symantec can issue certificates for high-paying malware websites or even to Anonymous and open the gates of hell. One could imagine the damage to Symantec’s reputation within IT security circles. Symantec has since fired some of its staff in light of this issue and is working to downplay or reduce the damage. Google’s Online Security Blog post has blown this case wide open, though and is threatening that problems will arise on websites that use Symantec Security Certificates when using Google products such as the Chrome browser and Chromebooks.

This is bad news for Symantec which has just bounced back from being branded as bloated not just its products but as a company opening the way for other IT security vendors like Avast, Kaspersky, and AVG to get large chunks of the lucrative market. This issue of undermining the security of its clients will be a big blow to the company if it gets out to ordinary users. Norton Internet Security’s share is already as low as it is with Microsoft including free anti-virus products with Windows 8 and Windows 10. Even if the problem was unintentional, it doesn’t speak well for Symantec’s quality control. The company has promised Google and anyone else who complained that they will take steps to fix the problem. Google won’t have it though and laid down several rules detailed in the blog post.

Google requires Symantec that the company man up and issue a report on how and why the issue happened. They also request that Symantec provides steps and procedures that will prevent similar incidents from happening in the future and a timeline to boot. Google also wants the security company to undergo a 3rd party security audit and a Point-in-time Readiness Assessment. These are tough pills to swallow for a well-known IT security company but pills that the company must swallow to get out of the matrix of distrust.

Google isn’t rushing the company with these tough demands but warned that by June 1, 2016, security certificates from Symantec will only cause problems on Google products and for companies that use both Google products Symantec certificates if these demands aren’t met. Chrome will brand websites with Symantec Security certificates as unsafe if Symantec does not practice Certificate Transparency. Red letter warnings. Bad. But just recently, a Symantec spokesperson issued a statement to ZDNet stating:

“In September, we were alerted that a small number of test certificates for Symantec’s internal use had been mis-issued. We immediately began publicly investigating our full test certificate history and found others, most of which were for non-existent and unregistered domains. While there is no evidence that any harm was caused to any user or organization, this type of product testing was not consistent with the policies and standards we are committed to uphold… We confirmed that these test certificates have all been revoked or have expired, and worked directly with the browser community to have them blacklisted. To prevent this type of testing from occurring in the future, we have already put additional tool, policy and process safeguards in place, and announced plans to begin Certificate Transparency logging of all certificates. We have also engaged an independent third-party to evaluate our approach, in addition to expanding the scope of our annual audit.”

Exactly as Google asked and what most users would want to hear. That’s the new Google or Alphabet. They will do no more evil nor will they tolerate it.

Tech News
@movietvtechgeek

Our technology expert who knows a thing or two about the future, superheroes and Supernatural.

More in Tech News

ajit pai fcc wants to kill net neutrality finally

Net neutrality back under fire from Donald Trump administration

Jeffrey LangApril 27, 2017
animal boxing game dx

What I’m Playing Now: Table Top Racing, Animal Boxing and Far Cry 4 still

Max SmithApril 22, 2017
samsung galaxy s8 gives you more of everything 2017 images

Samsung Galaxy S8 gives you more of everything

Jeffrey LangApril 20, 2017
snes classic mini coming for holiday season 2017

SNES Classic Mini: Nintendo’s Second Cash Cow or Frustrating Bull to Gore Fans?

Marius MaronillaApril 20, 2017
what im paying now far cry 4 zelda wind waker and sports champions 2017 images

What I’m Playing Now: Far Cry 4, Zelda Wind Waker and Sports Champions

Max SmithApril 19, 2017
Microsoft to Take on Chromebooks 2017 images

Microsoft to Take on Chromebooks

Marius MaronillaApril 19, 2017
cortana pi and minty pi 2017 images

Cortana Pi and Minty Pi

Marius MaronillaApril 18, 2017
nintendo feeds eight bit nostalgia with two bit decision on nes classic edition 2017 images

Nintendo feeds eight-bit nostalgia then kills it with two-bit decision

Marius MaronillaApril 17, 2017
austin russell luminar bringing safety to self driving cars 2017 images

Austin Russell’s Luminar bringing safety to self-driving cars

Jackie WarnerApril 13, 2017

Subscribe to our Daily Newsletter

You will only receive one per day. You'll also get a free THE WALKING DEAD graphic novel with your subscription