News

Symantec Security Update: Google Demands Certificate Transparency Complied June 2016; Google, Opera, Other Brands at Risk

Google finally made it clear that Symantec's mistakes with handling security certificates will no longer be tolerated.

Symantec's careless behavior, letting the security company issue fake web certificates need to be stopped, Google Online Security said. Apart from that, Google also made a draft, which includes the list of guidelines as well as requests designed to prevent the said problems from happening again.

It was "Employee error," Symantec reported. This is the primary reason why a couple of web certificates were released without even the blessing of either Google or Symantec. This issue happened in September and it was undeniably a very risky liability. It allowed a lot of hackers to imitate Google pages, which are under HTTPS protection. After the internal investigation, Symantec fired some of its employees who were found responsible for the security problem.

If such issues happen more often in the future, there will be an increased risk that will involve session hijacking, remote surveillance, as well as theft. The recent news about additional fake certificates just made it quite clear that such a problem is definitely bigger than what most people have anticipated.

Symantec also left a statement about the Extended Validation (EV) pre-certificates. According to the company, these certificates were closed down after the security firm received the problem. Apart from that, it was also said that the short-lived pre-certificates have not put the people at risk, especially those who are using Google's search page.

Reports showing 23 other certificates that were sent out without proper clearance also came out. This has made not only Google pretty vulnerable but also Opera, and three other major brands.

Google demands that Symantec should establish Certificate Transparency on every certificate that it releases, to prevent this kind of security problem in the future. This must be complied on or before June 1, 2016; otherwise Google Chrome will alert its online users that Symantec is not safe to use.


Join the Discussion
Real Time Analytics