Thanks to Squawk 8888 for the ping!!
Posted on 12/13/2015 7:34:57 PM PST by Utilizer
No longer trusted.
Google's products will no longer trust Symantec's digital certificates used to secure internet data communications, the company said.
Starting 2 December Australian time, Symantec's Class 3 Public Primary Certificate Authority (CA) root certifcate is no longer trusted by Google in its Chrome web browser, Android mobile operating system and other products.
Google software engineer Ryan Sleevi explained (https://googleonlinesecurity.blogspot.co.nz/2015/12/proactive-measures-in-digital.html) over the weekend Symantec intended to use the root certificate for reasons other than creating publicly trusted credentials. The certificate also no longer complies with the industry Certificate Authority/Browser Forum baseline requirements for best practice, Symantec said.
As a result of the above, Sleevi said "Google is no longer able to ensure that the root certificate, or certificates issued from this root certificate, will not be used to intercept, distrupt, or impersonate the secure communications of Google's products or users".
(Excerpt) Read more at itnews.com.au ...
(((.)))
Dinosaur fight.
Would you pretend like you’re explaining this to your grandfather?
Thanks.
I was thinking those cheesy Japanese monster movies where the gigantic monsters would go at one another and the audience didn’t GAS which one won ;’}
To set up a “secure” internet connection such as one necessary for secure banking transactions, digital ‘certificates’ are provided by companies to keep others from falsely claiming to provide what they are not able to deliver.
For instance, you wish to purchase something from a company (Sears, Lowe’s, Colt Armaments, etc.) online so that company provides a digital certificate to ensure that you are truly dealing with them and not some fraud.
The article states that Google no longer trusts the Symantec digital certificates for certain reasons, which is notable since Symantec is a “security” company themselves.
The rest of the article gives more details.
Okay... so is the risk to a customer doing business with Symantec (e.g. renewing a Symantec 360 license) or is the risk to users of Symantec when they are buying something from Sears, e.g.?
Or is it limited to Symantec customers who use Google buying services (e.g Google wallet)?
Thanks for your patience.
“Google software engineer Ryan Sleevi explained over the weekend Symantec intended to use the root certificate for reasons other than creating publicly trusted credentials.”
Very interesting...
I haven’t trusted Symantec ever since their help desk moved to (some other country.)
What's up with this?
Thanks to Squawk 8888 for the ping!!
No worries. The risk is for a customer doing business with Symantec for any of their products.
The “Sears” reference was merely to place into perspective the importance of the Security Certificate. As far as I know, Sears Corp does not rely upon a Symantec Corp (a malware and virusware -etc.) cert for any of its offerings.
Unless SearsCo has a software sales division that offers Symantic products. Like OfficeMax or Staples would -but I am not that familiar with the Sears Product Lineups so I suppose it is technically possible.
I suppose it is related to “Google Wallet” as well since they determine who is a trustworthy vendor and who is not, but I have never used their services so I can offer no assurances in that regard.
Ahh Symantic the company that kept buying other companies software and making the software unusable. Haven’t had any dealings with them since early 90’s. Crapware company.
Symantec still owes me $20 on a rebate they cheated me out of.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.