Security: Symantec’s fake Google certificates

Via Boing Boing:

Symantec recently issued (and then revoked) SSL certificates that could have allowed third parties to impersonate Google anywhere on the web.

Symantec’s response – terminating the employment of the people identified as having allowed this apparent mistake to happen – may seem excessive, but in my opinion this kind of error is severe enough that it should have serious consequences. Being able to trust the certificates that are issued by big-name providers – which means being able to trust that some of the most important sites on the Internet are the sites you’re actually browsing and trusting with your data – is absolutely crucial.

The nearest parallel I can come up with is the Superfish issue, but in this case the issue is one that wouldn’t have been able to be resolved by making a change on your computer; if these certificates had gone undetected, the Internet could have been a much less safe place.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.