Skip to content

More Symantec News

Chris Byrne writes on Facebook:

If you purchased a Symantec certificate (or a cert from any of their associated subsidiaries and partners) through a third party, from at least as far back as early 2013 until recently; their third party certificate generation, management, and retrieval API allowed those certificates… including in some cases private keys generated by third parties… to be retrieved without proper authentication, or in some cases any authentication at all.

I think Google has been pretty kind to Symantec with their reaction. This is a complete CA meltdown.

Published inHackerterrorcybercyber

One Comment

  1. Bernd Wachter

    Even before this one I think google was way too kind with Symantec, as well as other CAs. To protect users they should just remove trusting Symantec CA alltogether, now. Most operators are lazy, the ones who didn’t switch already (or didn’t go for symantec certificates in the first place) will not switch in time, no matter how long the grace period is. The only way to get them to switch is user complaints and loss of business. Which will only happen by removing the trust now.

Leave a Reply

Your email address will not be published. Required fields are marked *