back to article Symantec carpeted over dodgy certificates, again

Symantec has confirmed that it's revoked another bunch of wrongly-issued certificates. Andrew Ayer of certificate vendor and wrangler SSLMate went public with his discovery last week. The mis-issued certs were issued for example.com, and a bunch of variations of test.com (test1.com, test2.com and so on). On Saturday, Symantec …

  1. a_yank_lurker Silver badge

    Symantec

    Is Symantec trying to challenge Slurp for the most despicable software house in the world?

  2. Halfmad

    Re: Symantec

    Hold up, isn't that Veritas?

  3. Anonymous South African Coward Silver badge

    Fun times fo'sho.

  4. Anonymous Coward
    Anonymous Coward

    expensive way to get certificates

    why does anyone use them any more?

  5. Pascal Monett Silver badge

    Certificates are indeed expensive

    Not having them can be more expensive. Think lost business because not trustworthy.

    It's about building a chain of trust and showing that you are among those who make the effort. Of course, the fact that there are self-signed certificates kinda defeats the point, but then again, it can be argued that self-signed are just as valid as CA-signed, especially when CAs goof up and do stupid things. Errare humanum est and all that. For Joe User it must be impossibly confusing.

    The fact remains that we are in dire need of knowing who to trust and who to be cautious about in the Wild Wild Intertubes. This certificate thing could help in the long run.

  6. Steve K Silver badge

    Re: Certificates are indeed expensive

    I think he might have been saying that Symantec certificates are an expensive way of getting them when there are other, cheaper providers (rather than "why is anyone using SSL certificates").

  7. brainbone

    Re: cheaper providers

    Much cheaper providers, like free certificates from Let's Encrypt. Save the few services that require wild card certs, we've switched everything over to free certs.

  8. theblackhand

    Re: cheaper providers

    This is meant as an explanation, not validation...

    For certificate providers, it depends what you're doing - the cost of the certificates is often tied to the warranty/insurance offered with the certificate in the event that an end user loses money in the event of a certificate compromise.

    Given the conditions required to get paid out, it's unlikely that a payout would occur, but I guess with Symantecs shenanigans payouts do occur.

    My experience has been if the customer wants the insurance, the account managers/sales people I have worked with have always been happy to use them and charge their own percentage on top of that...

  9. s. pam
    FAIL

    It's far easier -- if Symantec's in the name

    Then just say NO, or Delete or rm ...... of their yet again insecurity products!!!

  10. Boohoo4u

    Growing badly

    Year and years ago. In a land far away... Symantec wasn't able to grow their business organically, so Managements tacked on acquisitions to demonstrate to Wall Street they were doing something.

    Managements came and went, and the knowledge of what all these "things" did was lost, so they added new "things" and the cycle repeated.

    ..... I forgot where I was going with this...perhaps Symantec has my backup.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2018