logo
Just in:
Quality HealthCare Partners with eHealth to Enhance Patient Treatment Efficiency // Leading with Compliance, ZUHYX Earns the Canadian MSB License // Supreme Court asks EC 4 questions on how VVPATs work // Lai & Turner Law Firm PLLC Welcomes Eric Strocen as Director of Family Law Division // Migrity Business Talent Academy Announces Innovative AI Entrepreneurship // LUX Celebrates A Century Of Unmatched Fragrance With “Still There” Campaign // UAE and Ecuador Set Course for Economic Pact // Landmark Border Deal Between Azerbaijan and Armenia Welcomed by UAE // Dubai Airport Back in Business After Floods Disrupt Operations // Hong Kong Unveils April 30 Launch for Landmark Crypto ETFs // UAE Scrutinizes Report on Racial Discrimination Treaty // Leading the innovation in cryptocurrency trading, Qmiax Exchange has updated its OTC fiat exchange process // Congress in firefighting mode amid row over Pitroda remarks // ESG Achievement Awards 2023/2024 is Open for Application, Celebrating Innovative Sustainable Practices and Responsible Risk Management // Astana International Exchange Connects with Regional Markets Through Tabadul Hub // Central Bank of Nigeria Debunks Rumors of Crypto Account Freeze // Octa crypto snapshot: investors behavior predictions after Bitcoin halving // Andertoons by Mark Anderson for Wed, 24 Apr 2024 // Sharjah Census Gears Up for Final Enumeration Phase // China Railway Construction Corporation: Breakthroughs in Early 2024 Drive the Railways Modernisation //
Biz Tech
0 likes

Symantec revokes faulty security certificates

1485156386 macsymantec

macsymantec.jpg

Symantec

Symantec has confirmed that the company has once again been forced to revoke a batch of faulty certificates.

Last week, SSLMate’s Andrew Ayer publicly revealed the discovery of misissued Symantec certificates, which were issued for domains including example.com and a variety of test.com certificates, such as test1.com, test2.com, and test.com.

ADVERTISEMENT

In an advisory, Ayer said that “with the exception of test4.com and test8.com, these domains are registered to different entities and appear to be wholly unrelated with one another in both ownership and operation,” which suggested it would be “unlikely” the domain owners worked together to authorize the certificates, used to verify digital identities on the web and force domains to adhere to particular security standards.

According to the developer, Symantec issued the faulty test.com certificates in October and November last year.

On Saturday, Symantec product manager Steve Medin acknowledged the problem, claiming that the listed Symantec certificates “were issued by one of our WebTrust audited partners,” and as a consequence, the business partner’s privileges to issue certificates have been revoked, pending an inquiry.

“We revoked all reported certificates which were still valid that had not previously been revoked within the 24 hour CA/B Forum guideline — these certificates each had “O=test”,” Medin said. “Our investigation is continuing.”

See also: Symantec SSL certificates now free, reflecting true value

The Symantec executive also said that the company will work to discover what happened at WebTrust which resulted in the misissued certificates and will “report our resolution, cause analysis, and corrective actions once complete,” as noted by The Register.

This is not the first time the antivirus firm has found itself in the firing line due to misissued security certificates. In 2015, Google revoked Chrome and Android trust for one of Symantec’s root certificates which contained an RSA key size of 1,024 bits, a feature that no longer complies with the CA/Browser Forum’s Baseline Requirements.

Google now runs a domain called Certificate Transparency that outlines which certificates, from which authorities, the company no longer trusts.

(via PCMag)

ADVERTISEMENT

ADVERTISEMENT

Share

Related posts

Biz Tech
Biz Tech
Biz Tech
Biz Tech
Biz Tech
Biz Tech
Just in:
New Dynamics in Cryptocurrency Security: ZUHYX Builds the Strongest Fund Protection System // Landmark Border Deal Between Azerbaijan and Armenia Welcomed by UAE // Central Bank of Nigeria Debunks Rumors of Crypto Account Freeze // ZUHYX Exchange: Embracing Social Responsibility for a Sustainable Future // Migrity Business Talent Academy Announces Innovative AI Entrepreneurship // New Report from Sinergia Animal Reveals Financial Institution’s Lag in Animal Welfare and Food System Sustainability Policies // Election Commission Has A Dismal Record On Acting Against Modi’s Breaches Of Poll Code // Middle East totters on the edge of a cliff // Sharjah Census Gears Up for Final Enumeration Phase // Leading the innovation in cryptocurrency trading, Qmiax Exchange has updated its OTC fiat exchange process // UAE and Ecuador Set Course for Economic Pact // Cairo Recognizes Arab World’s Creative Luminaries at Award Ceremony // Andertoons by Mark Anderson for Wed, 24 Apr 2024 // Booming Region Fuels Innovation Surge // ESG Achievement Awards 2023/2024 is Open for Application, Celebrating Innovative Sustainable Practices and Responsible Risk Management // Hong Kong Unveils April 30 Launch for Landmark Crypto ETFs // Quality HealthCare Partners with eHealth to Enhance Patient Treatment Efficiency // Supreme Court asks EC 4 questions on how VVPATs work // Astana International Exchange Connects with Regional Markets Through Tabadul Hub // Congress in firefighting mode amid row over Pitroda remarks //