Categories SecurityTech News

Firefox Nightly, other browsers, take aim at Symantec certificates

Symantec has fallen out of the good graces of the InfoSec community, and the larger companies in Silicon Valley are taking action. As Bleeping Computer reports, Mozilla’s Firefox Nightly will release a beta version in early September that recognizes Symantec TLS certs as a security risk. When a user accesses websites with Symantec certificates, they will be met with a message informing that their connection isn’t private. Additionally, Google has set up its September beta release of Chrome 70 Canary to give a similar warning to its users who land on Symantec TLS encrypted pages.

The move comes after a July investigation conducted by Google and Mozilla engineers showed that Symantec did not consistently follow the regulations for TLS issuing. As Bleeping Computer notes, this set of actions on the part of Google and Mozilla is the final step in fully legitimizing Symantec certificates, with the first step being Symantec “demoting itself from the position of Root Certificate Authority to that of a Subordinate Certificate Authority that abides by the rules of a different party.”

The Bleeping Computer report notes that another issue that browser creators are running into is the sheer amount of major sites that have not moved away from Symantec. A list of the organizations that have not replaced their certs includes the following:

Sony PlayStation Store, Navy Federal Credit Union’s online banking page, First National Bank of Pennsylvania’s online banking, Estonian LHV Bank, Canadian telecom Freedom, La Banque Postale, La Banque Populaire Val de France, First National Bank in South Africa and Intel’s Japanese website.

Another issue is that the Symantec certificates issues are not just restricted to Symantec but to all of its affiliates. This includes GeoTrust, Thawte, and RapidSSL. As a whole, this mess is being mitigated as best as it can possibly be under the circumstances. Proper SSL/TLS certifications are an essential component to keeping users safe thanks to the encryption they provide.

Featured image: Wikimedia

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

Software-defined perimeter solutions: Why this is the future of security

Traditional VPNs are showing their age in the modern cloud-powered workplace. That’s why software-defined perimeter solutions are in your future.

2 days ago

Why you need to check your virtualization host’s NUMA configuration

Should you disallow NUMA spanning in your Hyper-V architecture? There are two sides to this story, and you’ll get both…

2 days ago

Getting started with Visual Studio Code and integrating with Azure DevOps

Coding may not be the No. 1 job duty for cloud admins, but it is often a part of the…

2 days ago

Apple Event 2019: New iPad, Apple Watch, and more

Apple Event 2019 was more than just about iPhones. The tech giant also rolled out new iPads, an upgraded Apple…

3 days ago

Migrating and configuring Hyper-V passthrough disks

Believe it or not, Hyper-V virtual machines can be configured to use a dedicated physical hard disk, which is referred…

3 days ago

Cut costs and kick back: Use Azure automation accounts for VM utilization

Using Azure automation accounts to start and stop your VMs may just save you enough time to kick back, relax,…

3 days ago