Tech News

Google Brings Out Symantec’s Insecurity Issues

Google Brings Out Symantec’s Insecurity Issues

google brings out symantecs insecurity issues 2015 techSymantec web security certificates may soon be branded as insecure by Google. It’s hard to believe as Symantec is one of the largest security companies out there. But that is because Symantec has been using several domains as its testbed for pre-production security certificates. Google is one of those domains, and they’re not fond of the idea of being Symantec’s guinea pig.

Security certificates tell browsers and apps that certain websites that make use of SSL are safe to visit. Otherwise, an alert is issued by the browser that the website may be unsafe or are blocked even without internet security software.

Symantec has disclosed that it has issued less than 200 test certificates to 76 registered domains without their permission. Google found out later that the company issued over 2,000 more to unregistered domains. That in itself is a terrible offense in part of Symantec. It might as well be a breach in security in part of the affected domains. With such a practice, unscrupulous persons within Symantec can issue certificates for high-paying malware websites or even to Anonymous and open the gates of hell. One could imagine the damage to Symantec’s reputation within IT security circles. Symantec has since fired some of its staff in light of this issue and is working to downplay or reduce the damage. Google’s Online Security Blog post has blown this case wide open, though and is threatening that problems will arise on websites that use Symantec Security Certificates when using Google products such as the Chrome browser and Chromebooks.

This is bad news for Symantec which has just bounced back from being branded as bloated not just its products but as a company opening the way for other IT security vendors like Avast, Kaspersky, and AVG to get large chunks of the lucrative market. This issue of undermining the security of its clients will be a big blow to the company if it gets out to ordinary users. Norton Internet Security’s share is already as low as it is with Microsoft including free anti-virus products with Windows 8 and Windows 10. Even if the problem was unintentional, it doesn’t speak well for Symantec’s quality control. The company has promised Google and anyone else who complained that they will take steps to fix the problem. Google won’t have it though and laid down several rules detailed in the blog post.

Google requires Symantec that the company man up and issue a report on how and why the issue happened. They also request that Symantec provides steps and procedures that will prevent similar incidents from happening in the future and a timeline to boot. Google also wants the security company to undergo a 3rd party security audit and a Point-in-time Readiness Assessment. These are tough pills to swallow for a well-known IT security company but pills that the company must swallow to get out of the matrix of distrust.

Google isn’t rushing the company with these tough demands but warned that by June 1, 2016, security certificates from Symantec will only cause problems on Google products and for companies that use both Google products Symantec certificates if these demands aren’t met. Chrome will brand websites with Symantec Security certificates as unsafe if Symantec does not practice Certificate Transparency. Red letter warnings. Bad. But just recently, a Symantec spokesperson issued a statement to ZDNet stating:

“In September, we were alerted that a small number of test certificates for Symantec’s internal use had been mis-issued. We immediately began publicly investigating our full test certificate history and found others, most of which were for non-existent and unregistered domains. While there is no evidence that any harm was caused to any user or organization, this type of product testing was not consistent with the policies and standards we are committed to uphold… We confirmed that these test certificates have all been revoked or have expired, and worked directly with the browser community to have them blacklisted. To prevent this type of testing from occurring in the future, we have already put additional tool, policy and process safeguards in place, and announced plans to begin Certificate Transparency logging of all certificates. We have also engaged an independent third-party to evaluate our approach, in addition to expanding the scope of our annual audit.”

Exactly as Google asked and what most users would want to hear. That’s the new Google or Alphabet. They will do no more evil nor will they tolerate it.

Click to add a comment
Tech News

Our technology expert who knows a thing or two about the future, superheroes and Supernatural.

More in Tech News

Bill Belichick doesn't hate Microsoft surface just bad technology 2016 images

Bill Belichick doesn’t hate Microsoft Surface just bad technology

Shane MclendonOctober 22, 2016
behold the nintendo switch is here 2016 images

Behold, the Nintendo Switch has arrived

Marius MaronillaOctober 22, 2016
gaming weekly playstation vr and resident evil hd kills it 2016 images

Gaming Weekly: Playstation VR and Resident Evil HD kills it

Max SmithOctober 19, 2016
microsoft defends surface tablet after bill belichick trashes it 2016 images

Microsoft defends Surface Tablet after Bill Belichick trashes it

Chris MauriceOctober 19, 2016
gears of war 4 remins us what we always loved about it review 2016 images

REVIEW: ‘Gears of War 4’ reminds us what we always loved about it

Max SmithOctober 18, 2016
microsoft throws shade at ios security 2016 images

Microsoft throws shade at iOS security

Marius MaronillaOctober 18, 2016
twitter ramping up video beyond phones with periscope 2016 tech

Twitter ramping up video beyond smartphones with Periscope

Jeffrey LangOctober 16, 2016
galaxy note 7 recall costing samsung over $5 billion 2016 tech images

Galaxy Note 7 costing Samsung billions

Jeffrey LangOctober 16, 2016
samsung getting ahead of bad pr 2016 images.jpg

Samsung Getting Ahead of Bad PR

Marius MaronillaOctober 14, 2016

Subscribe to our Daily Newsletter

You will only receive one per day. You'll also get a free THE WALKING DEAD graphic novel with your subscription