iTnews

Symantec fires staffers after release of bogus Google certs

By Juha Saarinen on Sep 21, 2015 6:33AM
Symantec fires staffers after release of bogus Google certs

Testing certificates leaked.

Security vendor Symantec has sacked a number of employees for issuing fake, internal testing digital certificates for Google, at least one of which leaked onto the internet.

The certificates were issued on September 15 Australian time by Symantec subsidiary Thawte for three domains that the company did not name. Symantec did not disclose how many testing certificates were released, saying only that it was "a small number".

It has since been revealed that Thawte issued extended validation (EV) certificates for google.com and www.google.com. EV certificates are issued to provide a greater level of authentication to sites and domains than standard certificates.

Although Symantec stated that "all of these test certificates and keys were always within our control and were immediately revoked when we discovered the issue," Google found one of the digital bona-fides, as did certificate provider Digicert.

Google updated the revocation metadata in its Chrome web browser to include the public key for the mis-issued Thawte certificate, which was only valid for a single day. The online giant does not believe its users were at any risk because of the bogus certificate.

As a result of the issuance of the bogus certificates, Symantec said it had fired those responsible.

"Despite their best intentions, this failure to follow policies has led to their termination after a thoughtful review process.

"Because you rely on us to protect the digital world, we hold ourselves to a 'no compromise' bar for such breaches. As a result, it was the only call we could make," Symantec's Quentin Liu and Charlene Mike-Billstrom said.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
digital certificates google pki security symantec thawte

Partner Content

Four data superpowers to harness before 2022
Promoted Content Four data superpowers to harness before 2022
Shut the door on ransomware
Promoted Content Shut the door on ransomware
Beat the DDoS blackmails in 2021
Promoted Content Beat the DDoS blackmails in 2021
COVID puts agile IT under the microscope
Promoted Content COVID puts agile IT under the microscope

Sponsored Whitepapers

The top 5 tech trends to deliver business outcomes
The top 5 tech trends to deliver business outcomes
10 reasons why businesses need to invest in cloud security training
10 reasons why businesses need to invest in cloud security training
Your guide to application security solutions
Your guide to application security solutions
State of Software Security: Open Source Edition
State of Software Security: Open Source Edition
Five questions to ask before you upgrade to a SIEM solution
Five questions to ask before you upgrade to a SIEM solution

Events

  • On-Demand Webinar: How Poly and Microsoft are Embracing Future Work Environments
  • [iTnews and Micro Focus] Navigating the cloud modernisation minefield
By Juha Saarinen
Sep 21 2015
6:33AM
0 Comments

Related Articles

  • Google Cloud, Workspace can now carry protected Australian govt data
  • Lazarus Group behind security researcher attacks
  • North Koreans social engineer and hack vulnerability developers
  • New Raindrop malware used in SolarWinds hack found
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

TPG Telecom to start enticing NBN customers to move

TPG Telecom to start enticing NBN customers to move

Infosys scores another $40m for Centrelink payments engine build

Infosys scores another $40m for Centrelink payments engine build

Telstra InfraCo opens up telco's own fibre network

Telstra InfraCo opens up telco's own fibre network

Transport for NSW data stolen in Accellion breach

Transport for NSW data stolen in Accellion breach

You must be a registered member of iTnews to post a comment.
Log In | Register
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.