Symantec has fired a number of employees after unauthorized certificates were issued which would allow attackers to impersonate Google pages protected by HTTPS.
On Friday, the security firm said in a blog post employee error resulted in cryptographic certificates being issued online without permission from either Symantec or Google.
The company said:
"We learned on Wednesday that a small number of test certificates were inappropriately issued internally this week for three domains during product testing.All of these test certificates and keys were always within our control and were immediately revoked when we discovered the issue. There was no direct impact to any of the domains and never any danger to the Internet."
In a separate blog post, Google said Symantec issued a Thawte-branded Extended Validation (EV) pre-certificate for the domains google.com and www.google.com which was neither "requested nor authorized" by the tech giant.
The issue was discovered by Google employees who were monitoring Certificate Transparency, an open framework and project ran by the company to fix structural flaws in the SSL certificate system. A useful system, no doubt, as Google was able to detect the unauthorized certificate activity almost immediately.
By alerting Symantec to the issue, the companies were able to ensure the pre-certificate was only active and valid for one day in January this year. Google says Chrome's revocation metadata has been updated to include the public key of the misissued certificate -- which in turn blocks the certificate -- and the firm has no reason to believe the privacy and security of its users were placed at risk due to the mistake.
This week, Symantec appointed former Salesforce EMEA chief marketing officer Dan Rogers to CMO of Symantec. Rogers will report to CEO Michael Brown and will oversee the firm's marketing strategy, including brand awareness, digital marketing, demand generation and events.
Read on: Top picks
Symantec sacks staff for issuing unauthorized Google certs Google warns of unauthorized TLS certificates trusted by almost all OSes Source A Guy:
Symantec sacks staff for issuing unauthorized Google ...
Symantec sacks staff for issuing unauthorized Google certificates; Author Topic: Symantec sacks staff for issuing unauthorized Google certificates (Read 12 times)
Symantec sacks staff for issuing unauthorized Google ...
The certificates made it possible to impersonate HTTPS-enabled Google domains. [IMAGE]
Symantec sacks staff for issuing unauthorized Google ...
Symantec has fired a number of employees after unauthorized certificates were issued which would allow attackers to impersonate Google pages protected by HTTPS. On
Symantec Sacks Staff After Issuing Unauthorized Google ...
Symantec Sacks Staff After Issuing Unauthorized Google Certs. Info Security Tuesday 22nd September, 2015. Symantec has been forced to sack several employees after
Symantec Corporation (SYMC) - Yahoo! Finance
Yahoo Finance . Search Finance. Symantec Corporation (SYMC) Symantec sacks staff for issuing unauthorized Google certificates. at ZD Net;
Symantec sacks staff for issuing unauthorized Google ...
The certificates made it possible to impersonate HTTPS-enabled Google domains. Full article:Symantec sacks staff for issuing unauthorized Google certificates Share
Symantec sacks staff for issuing unauthorized Google ...
The certificates made it possible to impersonate HTTPS-enabled Google domains. Read more: Symantec sacks staff for issuing unauthorized Google certificates
SYMC Message Board | Symantec Corporation ... - Yahoo Finance
Symantec sacks staff for issuing unauthorized Google certificates. Sep 22, 2015 2:16 PM by billy41t. 8 / 0: 4: Sep 29, 2015 6:50 PM by chou_shouzhi:
Jim Robinson - Google+
Jim Robinson - Info. Sys. Spc Symantec sacks staff for issuing unauthorized Google certificates The certificates made it possible to impersonate HTTPS-enabled
