Cloud Hosting

Denis Linine / Shutterstock.com

Its rare Google outright goes to war on a company. Especially not a company as big and well-known as Symantec. But Google has done precisely that, in a move thats surprised the IT community and is about to make life miserable for a fair chunk of the internet.

Google has publicly said it no longer trusts the cryptographic certificates Symantec issues and that Chrome will view them as harmful. Think of a cryptographic certificate as the digital equivalent of getting carded at a bar. You encrypt whatever youre sending at your computer, and then use the certificate to encrypt it again. In order to read it, whoever youre sending it to needs both your private key, and the certificate they used. So if, say, a hacker has inserted himself between you and your banks website, he may have your private key, but once hes asked for the certificate, hes boned.

This isnt a minor issue; if the companies issuing these certificates get sloppy, there are enormous consequences. One Dutch company shut down after it came out it was issuing certificates to Iranian spies. And this has been an issue with Symantec since 2015 so the fact they havent bothered to clean up their act in two years, with millions of dollars at stake, is troubling. Google claims Symantec has issued 30,000 bad certificates.

The good news, if you run a website that issues these certificates, is that you can get new ones for free. But its unlikely most people will be aware of this problem, until it starts screwing up their sites.

(via Boing Boing)

Here is the original post:
Google Has Declared Symantec Harmful To Internet Security - UPROXX