Tech News

Google Brings Out Symantec’s Insecurity Issues

Google Brings Out Symantec’s Insecurity Issues

google brings out symantecs insecurity issues 2015 techSymantec web security certificates may soon be branded as insecure by Google. It’s hard to believe as Symantec is one of the largest security companies out there. But that is because Symantec has been using several domains as its testbed for pre-production security certificates. Google is one of those domains, and they’re not fond of the idea of being Symantec’s guinea pig.

Security certificates tell browsers and apps that certain websites that make use of SSL are safe to visit. Otherwise, an alert is issued by the browser that the website may be unsafe or are blocked even without internet security software.

Symantec has disclosed that it has issued less than 200 test certificates to 76 registered domains without their permission. Google found out later that the company issued over 2,000 more to unregistered domains. That in itself is a terrible offense in part of Symantec. It might as well be a breach in security in part of the affected domains. With such a practice, unscrupulous persons within Symantec can issue certificates for high-paying malware websites or even to Anonymous and open the gates of hell. One could imagine the damage to Symantec’s reputation within IT security circles. Symantec has since fired some of its staff in light of this issue and is working to downplay or reduce the damage. Google’s Online Security Blog post has blown this case wide open, though and is threatening that problems will arise on websites that use Symantec Security Certificates when using Google products such as the Chrome browser and Chromebooks.

This is bad news for Symantec which has just bounced back from being branded as bloated not just its products but as a company opening the way for other IT security vendors like Avast, Kaspersky, and AVG to get large chunks of the lucrative market. This issue of undermining the security of its clients will be a big blow to the company if it gets out to ordinary users. Norton Internet Security’s share is already as low as it is with Microsoft including free anti-virus products with Windows 8 and Windows 10. Even if the problem was unintentional, it doesn’t speak well for Symantec’s quality control. The company has promised Google and anyone else who complained that they will take steps to fix the problem. Google won’t have it though and laid down several rules detailed in the blog post.

Google requires Symantec that the company man up and issue a report on how and why the issue happened. They also request that Symantec provides steps and procedures that will prevent similar incidents from happening in the future and a timeline to boot. Google also wants the security company to undergo a 3rd party security audit and a Point-in-time Readiness Assessment. These are tough pills to swallow for a well-known IT security company but pills that the company must swallow to get out of the matrix of distrust.

Google isn’t rushing the company with these tough demands but warned that by June 1, 2016, security certificates from Symantec will only cause problems on Google products and for companies that use both Google products Symantec certificates if these demands aren’t met. Chrome will brand websites with Symantec Security certificates as unsafe if Symantec does not practice Certificate Transparency. Red letter warnings. Bad. But just recently, a Symantec spokesperson issued a statement to ZDNet stating:

“In September, we were alerted that a small number of test certificates for Symantec’s internal use had been mis-issued. We immediately began publicly investigating our full test certificate history and found others, most of which were for non-existent and unregistered domains. While there is no evidence that any harm was caused to any user or organization, this type of product testing was not consistent with the policies and standards we are committed to uphold… We confirmed that these test certificates have all been revoked or have expired, and worked directly with the browser community to have them blacklisted. To prevent this type of testing from occurring in the future, we have already put additional tool, policy and process safeguards in place, and announced plans to begin Certificate Transparency logging of all certificates. We have also engaged an independent third-party to evaluate our approach, in addition to expanding the scope of our annual audit.”

Exactly as Google asked and what most users would want to hear. That’s the new Google or Alphabet. They will do no more evil nor will they tolerate it.

Tech News
@movietvtechgeek

Our technology expert who knows a thing or two about the future, superheroes and Supernatural.

More in Tech News

yahoo warns on more hack attacks 2017 images

Yahoo warns users on more hack attacks

Jeffrey LangFebruary 16, 2017
From Russia with Love, Take Edward Snowden 2017 images

From Russia with Love, Take Edward Snowden

Marius MaronillaFebruary 16, 2017
Nokia 3310 Memories and the Phone’s Rumored Return 2017 images

Nokia 3310 Memories and the Phone’s Rumored Return

Marius MaronillaFebruary 16, 2017
india online gaming big business 2017

India seeing the rise of online gaming leagues as big business

Jeffrey LangFebruary 16, 2017
samsung chromebook could change everything for google 2017 images

Samsung Chromebook could change everything for Google

Jeffrey LangFebruary 14, 2017
The Era of Thin May be Over Technological Anorexia Part 2 2017 images

The Era of Thin May be Over: Technological Anorexia Part 2

Marius MaronillaFebruary 10, 2017
now we have to worry about our printers spying on us 2017 images

Now we have to worry about our printers spying on us

Marius MaronillaFebruary 7, 2017
google helping microsoft get more windows 10 upgrades 2017 images

Google helping Microsoft get more Windows 10 upgrades

Marius MaronillaFebruary 7, 2017
Apple’s First Good News of the Year 2017 images

Apple’s First Good News of the Year

Marius MaronillaFebruary 3, 2017

Subscribe to our Daily Newsletter

You will only receive one per day. You'll also get a free THE WALKING DEAD graphic novel with your subscription