Categories SecurityTech News

Firefox Nightly, other browsers, take aim at Symantec certificates

Symantec has fallen out of the good graces of the InfoSec community, and the larger companies in Silicon Valley are taking action. As Bleeping Computer reports, Mozilla’s Firefox Nightly will release a beta version in early September that recognizes Symantec TLS certs as a security risk. When a user accesses websites with Symantec certificates, they will be met with a message informing that their connection isn’t private. Additionally, Google has set up its September beta release of Chrome 70 Canary to give a similar warning to its users who land on Symantec TLS encrypted pages.

The move comes after a July investigation conducted by Google and Mozilla engineers showed that Symantec did not consistently follow the regulations for TLS issuing. As Bleeping Computer notes, this set of actions on the part of Google and Mozilla is the final step in fully legitimizing Symantec certificates, with the first step being Symantec “demoting itself from the position of Root Certificate Authority to that of a Subordinate Certificate Authority that abides by the rules of a different party.”

The Bleeping Computer report notes that another issue that browser creators are running into is the sheer amount of major sites that have not moved away from Symantec. A list of the organizations that have not replaced their certs includes the following:

Sony PlayStation Store, Navy Federal Credit Union’s online banking page, First National Bank of Pennsylvania’s online banking, Estonian LHV Bank, Canadian telecom Freedom, La Banque Postale, La Banque Populaire Val de France, First National Bank in South Africa and Intel’s Japanese website.

Another issue is that the Symantec certificates issues are not just restricted to Symantec but to all of its affiliates. This includes GeoTrust, Thawte, and RapidSSL. As a whole, this mess is being mitigated as best as it can possibly be under the circumstances. Proper SSL/TLS certifications are an essential component to keeping users safe thanks to the encryption they provide.

Featured image: Wikimedia

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Share
Published by
Derek Kortepeter

Recent Posts

How to repair PST files and import data back to Outlook or Office 365

If your business relies on Outlook, you can’t risk losing mailbox data because of PST files corruption. Here’s how to…

2 days ago

Container security rises to meet the challenges of container vulnerabilities

As container technology becomes ubiquitous, container security has become crucial. Here’s a look at some recent innovations in this growing…

2 days ago

Best of CES 2020: Products, innovations, and services

From flying Ubers to rolling robots, CES 2020 had it all — and then some. Here’s a look at some…

3 days ago

Hardening your technology infrastructure in preparation for a DDoS attack

By establishing these 11 appropriate controls beforehand, your organization will be better positioned to withstand and survive a DDoS attack.

3 days ago

Microsoft App-V as an application virtualization solution: Pros & cons

If your shop is considering using App-V as an application virtualization solution, read this article first and weigh the pros…

3 days ago

Ransomware threats: Cybercriminals take their wares to the next level

As companies and individuals harden their defenses against ransomware, hackers are creating new and more virulent ransomware threats.

4 days ago