"a few outstanding employees"
If this were an outstanding company, they would have detected the issue internally before it was noticed internally.
Symantec has fired some employees after Google engineers noticed rogue SSL certificates issued in the web goliath's name. Thawte, Symantec's certificate authority subsidiary, produced a small number of security certificates intended for internal testing. Worryingly, in the wrong hands, these certificates could have been used …
I smell shite too, but I'm happy some of my colleagues have been fired due to constantly repeating their stupid mistakes that take time and money to correct.
The first mistake was an accident
The second mistake was due to carelessness
The third mistake was on purpose
Indeed, I would think that it would have been required for testing certificates to be issued for non-existent domains or at least use an invalid TLD. Something like "google.symantec" or "test103.local" so the testing lab's DNS servers would still recognize it, and the certificates would show as proper EV, but if the certificates leaked, then they'd be absolutely useless unless you added those fake domains to the victim's DNS (Which if you could, then you wouldn't need the certificates in the first place)
In the US, you can be "Fired for Cause" for situations such as this. When you are fired for cause, you don't get unemployment compensation, and you might have trouble with Health Insurance if you choose COBRA over the ACA. I suspect that the affected individuals are going to have a tough going ahead.
I don't know how it works in the UK when someone is sacked for gross violations of policy. I would be interested to know what happens in the UK under the same situation.
Biting the hand that feeds IT © 1998–2019