Google Slams Symantec for Failures in SSL/TLS Certificate Process

  /     /     /  
Publicated : 22/11/2024   Category : security


Google Slams Symantec for Failures in SSL/TLS Certificate Process


Google Chrome engineers railed on Symantec for allegedly issuing thousands of security certificates that had not been properly validated.



Google Chrome engineers this week called out Symantec for failing to properly validate SSL/TLS digital certificates it has issued.
In a scathing 
blog post
, Google Chrome engineers said that since Jan. 19 they have been investigating a series of failures by Symantec Corporation to properly validate certificates and that Googles investigation into 127 Symantec-issued certificates ballooned into at least 30,000.
Symantec fired back in a 
statement
, saying Googles statements about our issuance practices and the scope of our past mis-issuances are exaggerated and misleading.
According to Google Chromes Root Certificate Policy, root certificate authorities are expected to ensure that server certificates receive domain control validation, frequently audit logs to monitor for any evidence of unauthorized certificate issuance, and guard their infrastructure against the issuance of fraudulent certificates.
On the basis of the details publicly provided by Symantec, we do not believe that they have properly upheld these principles, and as such, have created significant risk for Google Chrome users, Google said in its post.
Google plans to reduce the validity period of a newly released Symantec-issued certificate to nine months or less, and called for Symantec to gradually revalidate and replace its currently trusted certificates on various Chrome releases. In addition, Google said it intends to remove the recognized Extended Validation status for at least one year on Symantec-issued digital certificates.
These changes will result in compatibility issues, Google warned, which will likely cause problems for users and website operators. Site operators will be forced to use certificates from other companies that have authority to issue certificates and users, as a result, will face a substantial number of errors until operators make the switch to other certificate authorities.  
 

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Google Slams Symantec for Failures in SSL/TLS Certificate Process