I think Google's actually being too lenient here. The mis-issued certificates represented a potentially critical threat to virtually the entire Internet population because they made it possible for the holders to cryptographically impersonate the affected sites and monitor communications They have similar agreements with MS and Mozilla. Submit a False Positive Report a suspected erroneous detection (false positive). my review here
United States Products Threat Protection Information Protection Cyber Security Services Website Security Small Business CustomerOne Products A-Z Services Business Critical Services Consulting Services Customer Success Services Cyber Security Services Education Services The ultimatum, made in a blog post published Wednesday afternoon, came five weeks after Symantec fired an undisclosed number of employees caught issuing unauthorized transport layer security certificates. And while CAs are required to undergo a security audit every year or so, the added requirements spelled out by Sleevi are likely to make the next audit cost additional money By the letter of these agreements, any of these browsers could legitimately stop trusting the Symantec root CA certificates. http://www.symantec.com/connect/forums/end-point-protection-blocking-my-chrome
Details of each of the failures to uphold the relevant Baseline Requirements and EV Guidelines and what they believe the individual root cause was for each failure. That Symantec employees could not use the tool in question to obtain certificates for which the employee controlled the private key. More immediately, we are requesting of Symantec that they further update their public incident report with: A post-mortem analysis that details why they did not detect the additional certificates that we Symantec Connect User-to-user forums, blogs, videos, and other community resources on Symantec Connect.
If anything, we should be blasting MS for not taking similar action. Don't have a SymAccount? He went on to require that, beginning in June, Symantec publicly log all certificates it issues or risk having Chrome flag them as potentially unsafe. Malwarebytes In the world of crypto there is only consequences and these need to be severe enough to ensure that CA's and others behave responsibly because they are putting others at risk
We have also engaged an independent third-party to evaluate our approach, in addition to expanding the scope of our annual audit. Internet Explorer The mis-issued certificates made it possible for the holders to impersonate HTTPS-protected Google webpages. Symantec first said it improperly issued 23 test certificates for domains owned by Google, browser maker Opera, and three other unidentified organizations without the domain owners' knowledge. By offering a remedy, Google is doing them a favor.
Promoted Comments petardArs Scholae Palatinae jump to post UnnDunn wrote:If Microsoft issued an ultimatum like this, they'd be blasted for 'abusing monopoly status.'Nope. Clicking on the icon displays the following message: "Your connection to
That Symantec’s audit logging mechanism is reasonably protected from modification, deletion, or tampering, as described in Section 5.4.4 of their CPS. this page Full stop. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of Condé Nast. I actually think they're derelict in their duty by not doing so. Download Google Chrome
If Symantec is too incompetent to be a CA then their root certs should be pulled. Hey, that rhymes.Oh, definitely not. If Symantec had issued these for windows update servers instead of google servers, do you think we might see more movement from MS? 937 posts | registered Oct 24, 2003 gmerrickArs http://blogeurope.net/google-chrome/google-chrome-error-105.php They have similar agreements with MS and Mozilla.
I think Google's actually being too lenient here. The demand for a "point-in-time readiness assessment," meanwhile, can be seen as the certificate-authority equivalent of a misbehaving student being sent to the principal's office. Error The Site identity icon in Google Chrome is grey with a yellow triangle.
The message is clear. Full stop. No Yes Close Biz & IT Tech Science Policy Cars Gaming & Culture Forums Navigate Videos Features Reviews Ars Approved RSS Feeds Mobile Site About Ars Staff Directory Contact Us Advertise Cause This warning is generated when browsing to a Web site that is hosted over a Secure Sockets Layer (SSL) encrypted Hypertext Transfer Protocol Secure(HTTPS) connection when some of the content
Create a SymAccount now!' The Google Chrome browser indicates the Symantec Endpoint Protection Manager Web console includes resources which are not secure TECH225218 October 3rd, 2014 http://www.symantec.com/docs/TECH225218 Support / The Google Not out of altruism, of course, but because enough sites have Symantec certificates that flagging all of them would seriously inconvenience their users.No one would bat an eye at Symantec being Not out of altruism, of course, but because enough sites have Symantec certificates that flagging all of them would seriously inconvenience their users.No one would bat an eye at Symantec being useful reference Translated Content This is machine translated content Login to Subscribe Please login to set up your subscription.
End of story. I actually think they're derelict in their duty by not doing so. Google is using its considerable influence as the maker of the world's most popular browser to warn them that there will be some extremely unpleasant consequences for future violations (though in fairness, Mitt kontoSökMapsYouTubePlayNyheterGmailDriveKalenderGoogle+ÖversättFotonMerWalletDokumentBloggerKontakterHangoutsÄnnu mer från GoogleLogga inDolda fältSök efter grupper eller meddelanden
If a CA issues certificates for a domain to people who don't control that domain, that CA should no longer be trusted by browsers that are relying on it to bind Google has offered a reasonable but generous compromise.It's quite simple. Education Services Maximize your product competency and validate technical knowledge to gain the most benefit from your IT investments. MySymantec Create and manage cases, manage licensing and renewals, submit threats, and enroll with Symantec Rewards.