Security Alerts & News
by Tymoteusz A. Góral

History
#2150 Symantec backs its CA
At Symantec, we are proud to be one of the world’s leading certificate authorities. We strongly object to the action Google has taken to target Symantec SSL/TLS certificates in the Chrome browser. This action was unexpected, and we believe the blog post was irresponsible. We hope it was not calculated to create uncertainty and doubt within the Internet community about our SSL/TLS certificates.

Google’s statements about our issuance practices and the scope of our past mis-issuances are exaggerated and misleading. For example, Google’s claim that we have mis-issued 30,000 SSL/TLS certificates is not true. In the event Google is referring to, 127 certificates – not 30,000 – were identified as mis-issued, and they resulted in no consumer harm. We have taken extensive remediation measures to correct this situation, immediately terminated the involved partner’s appointment as a registration authority (RA), and in a move to strengthen the trust of Symantec-issued SSL/TLS certificates, announced the discontinuation of our RA program. This control enhancement is an important move that other public certificate authorities (CAs) have not yet followed.
Read more
#2155 Massive uproar on alleged Windows 10 built-in ‘keylogger’ feature
#2154 Strengthening the Microsoft Edge sandbox
#2153 SmartTV hacking - Oneconsult talk at EBU Media Cyber Security seminar (VIDEO)
#2152 GiftGhostBot attacks ecommerce gift card systems across major online retailers
#2151 New attack XSSJacking combines clickjacking, pastejacking, and SelfXSS
#2150 Symantec backs its CA
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12