Still fuming over HTTPS mishap, Google gives Symantec an offer it can’t refuse

[Samfisher]

Source : http://arstechnica.com/security/2015/10/still-fuming-over-https-mishap-google-gives-symantec-an-offer-it-cant-refuse/

 

 

 

 

 

Google has given Symantec an offer it can't refuse: give a thorough accounting of its ailing certificate authority process or risk having by many measurements the world's most popular browser—Chrome—issue scary warnings when end users visit HTTPS-protected websites that use Symantec credentials. The ultimatum, made in a blog post published Wednesday afternoon, came five weeks after Symantec fired an undisclosed number of employees caught issuing unauthorized transport layer security certificates. The misissued certificates made it possible for the holders to impersonate HTTPS-protected Google webpages.

 

 

 

Symantec first said it improperly issued 23 test certificates for domains owned by Google, browser maker Opera, and three other unidentified organizations without the domain owners' knowledge. A few weeks later, after Google disputed the low number, Symantec revised that figure upward, saying it found an additional 164 certificates for 76 domains and 2,458 certificates for domains that had never been registered. The misissued certificates represented a critical threat to virtually the entire Internet population because they made it possible to cryptographically impersonate the affected sites and monitor communications sent to and from the legitimate servers.

 

Holy crap that's a big ass hole Symantec is in now.  Unauthorized HTTPS certs to Google domains, and over 2.5k total certs issued by now former employees.  Good on Google to put this out publicly, and to force Symantec to do something on their part or risk having users' Chrome browsers to spew HTTPS errors and warnings for ALL newly-issued HTTPS certs by Symantec.

[QueenDemetria]

[Syntaxvgm]

Can Symantec die? Please?

[iamdarkyoshi]

Can Symantec die? Please

This ^^

[Samfisher]

Can Symantec die? Please

They still do a pretty good job of security analysis, just like Kaspersky.  Their AV might suck but their other businesses are pretty good.

[Syntaxvgm]

They still do a pretty good job of security analysis, just like Kaspersky.  Their AV might suck but their other businesses are pretty good.

Their Av business is downright wrong and borderline a scam. Have you bought a consumer PC lately? 

Their shit is reloaded with a  free trial and you have to use a removal tool to get rid of it. Which leads regulars uses to believe that they need to renew it or deal with it's popups. 

Been their tactic for years

Fuck them. They can die out. 

Lenovo too. 

[Samfisher]

Their Av business is downright wrong and borderline a scam. Have you bought a consumer PC lately? 

Their shit is reloaded with a  free trial and you have to use a removal tool to get rid of it. Which leads regulars uses to believe that they need to renew it or deal with it's popups. 

Fuck them. They can die out. 

Lenovo too. 

I know they do.  That's why I specifically said their AV business is crap, everything else they do is decent.

[Dabombinable]

Norton, which is made by Symantec, is shit, so by extension, Symantec is shit.

[Guest]

Even if Symantec is being a fucking asshat, why didn't google validate it's certs with ICANN.

[Syntaxvgm]

I know they do.  That's why I specifically said their AV business is crap, everything else they do is decent.

 

Norton, which is made by Symantec, is shit, so by extension, Symantec is shit.

If I shoot a kid in the face once a week, but I also do a bunch of amazing things for millions of people, I'm still terrible person. I still shoot kids in the face. 

Symantec still pushes Norton.

[Guest]

Also, to any one saying their AV is bad; it isn't. its the way they market it.

 

https://www.av-test.org/en/antivirus/home-windows/windows-7/august-2015/norton-norton-security-2015-153228/

[Syntaxvgm]

Also, to any one saying their AV is bad; it isn't. its the way they market it.

 

https://www.av-test.org/en/antivirus/home-windows/windows-7/august-2015/norton-norton-security-2015-153228/

no shit 

[Dabombinable]

If I do a bunch of amazing things for millions of people but I also shoot a kid in the face once a week, I'm terrible person. I still shoot kids in the face. 

Symantec still pushes Norton.

They pushed Nortan on both of the discs for my Asus H87M Pro and Z97 Sabertooth MKII, they pushed it on my old laptop from 2003, they pushed it on my newer laptop from 2009. And I've yet to see an instance where their AV hasn't been a bloated POS that keeps on missing things.

[Guest]

no shit 

Yeah.

 

Symantec is a shit company, but my response to the OP:

 

Why didn't Google Authenticate their certs with ICANN.

[Samfisher]

They pushed Nortan on both of the discs for my Asus H87M Pro and Z97 Sabertooth MKII, they pushed it on my old laptop from 2003, they pushed it on my newer laptop from 2009. And I've yet to see an instance where their AV hasn't been a bloated POS that keeps on missing things.

Every AV in existence, past and future, will miss things. 

 

 

 

Yeah.

 

Symantec is a shit company, but my response to the OP:

 

Why didn't Google Authenticate their certs with ICANN.

 

I believe very few companies actually have the authority to issue certs, and those certs are universally trusted cos the companies that have the authority are generally trusted.  Who knows

[Clyne]

Ehh at least their AV does something

 

Also, to any one saying their AV is bad; it isn't. its the way they market it.

 

https://www.av-test.org/en/antivirus/home-windows/windows-7/august-2015/norton-norton-security-2015-153228/

Free Norton 360 from Comcast for me...so basically 2 scumbag companies that other people think but i'm fine with.

[SurvivorNVL]

Norton and Kaspersky both did the same thing once upon a time to my x58 and x79 builds--the anti-virus screwed, attacked itself after an update, and then somehow corrupted and killed the USB drivers, video drivers, and sound drivers.  

Oddly enough that has happened to a few people I know as well.  Might be Florida luck, but ESET and F-Secure never fail me.

Make them squirm - Google overlords.  Make. Them. Squirm.

[Dabombinable]

Every AV in existence, past and future, will miss things. 

 

 

 

 

I believe very few companies actually have the authority to issue certs, and those certs are universally trusted cos the companies that have the authority are generally trusted.  Who knows

I've had free Antivirus pick up what Norton missed.

[Samfisher]

I've had free Antivirus pick up what Norton missed.

 

And it would miss something else that Norton will not, there's 0 AV in the world that can catch everything.

[Guest Generallee]

Can Symantec die? Please?

 

They also do security analysis

 

and they're pretty good at it

 

Their AV can just go die in a hole*

[bobhays]

Their Av business is downright wrong and borderline a scam. Have you bought a consumer PC lately? 

Their shit is reloaded with a  free trial and you have to use a removal tool to get rid of it. Which leads regulars uses to believe that they need to renew it or deal with it's popups. 

Been their tactic for years

Fuck them. They can die out. 

Lenovo too. 

What's wrong with lenovo?

[Samfisher]

What's wrong with lenovo?

They had this adware/spyware bundled in their systems.

[Nowak]

Norton, which is made by Symantec, is shit, so by extension, Symantec is shit.

Symantec's security research and analysis half is good, but their business half... ugh, I'd rather use the built-in antivirus in Windows 8/10.

[QueenDemetria]

They had this adware/spyware bundled in their systems.

And have got caught twice now.

[Nexxus]

What's wrong with lenovo?

The thinkpad 2-1 I had was also bar none the worst computer ive ever used with its faults and not working as it should.