Symantec sacks staff for issuing unauthorized Google certificates
Symantec has fired a number of employees after unauthorized certificates were issued which would allow attackers to impersonate Google pages protected by HTTPS.
On Friday, the security firm said in a blog post employee error resulted in cryptographic certificates being issued online without permission from either Symantec or Google.
The company said:
"We learned on Wednesday that a small number of test certificates were inappropriately issued internally this week for three domains during product testing.
All of these test certificates and keys were always within our control and were immediately revoked when we discovered the issue. There was no direct impact to any of the domains and never any danger to the Internet."
In a separate blog post, Google said Symantec issued a Thawte-branded Extended Validation (EV) pre-certificate for the domains google.com and www.google.com which was neither "requested nor authorized" by the tech giant.
Featured
The issue was discovered by Google employees who were monitoring Certificate Transparency, an open framework and project ran by the company to fix structural flaws in the SSL certificate system. A useful system, no doubt, as Google was able to detect the unauthorized certificate activity almost immediately.
By alerting Symantec to the issue, the companies were able to ensure the pre-certificate was only active and valid for one day in January this year. Google says Chrome's revocation metadata has been updated to include the public key of the misissued certificate -- which in turn blocks the certificate -- and the firm has no reason to believe the privacy and security of its users were placed at risk due to the mistake.
This week, Symantec appointed former Salesforce EMEA chief marketing officer Dan Rogers to CMO of Symantec. Rogers will report to CEO Michael Brown and will oversee the firm's marketing strategy, including brand awareness, digital marketing, demand generation and events.
Top gadgets and accessories for hardware and data security
Read on: Top picks
- How to access Wi-Fi anonymously from miles away
- Flic: The wireless button which brings the connected world into your home (hands-on)
- Adblock Plus Google Play exile ends, launches iOS, Android browser
- One password gifts hacker with hundreds of Firefox bugs, vulnerabilities
- Fiat Chrysler recalls 8,000 extra Jeeps over remote control hacking worries