back to article Google slaps Symantec for sloppy certs, slow show of SNAFUs

Google's Chrome development team has posted a stinging criticism of Symantec's certificate-issuance practices, saying it has lost confidence in the company's practices and therefore in the safety of sessions hopefully-secured by Symantec-issued certificates. Google's post says “Since January 19, the Google Chrome team has been …

  1. Anonymous Coward
    Anonymous Coward

    Symantec's response

    "We take our customers security very seriously, and we will do anything needed to keep the extended validation cert gravy train rolling. Google's allegations are completely baseless, and also your mum!"

    1. Anonymous Coward
      Anonymous Coward

      Re: Symantec's response

      "We take our customers for granted."

      "We take our customers' money."

      "We take our customers."

    2. Alan J. Wylie

      Re: Symantec's response

      https://www.symantec.com/connect/blogs/symantec-backs-its-ca

      So close, so very close.

      Not "completely baseless", but rather "irresponsible" and "exaggerated and misleading".

      Also: "remain committed to the security of the Internet"

  2. Neoc

    Math error?

    I may be wrong, but based on their 31-days-in-a-month calculations, should "5 months" equate to "155 days", and not "279 days" as shown in the table?

    Ditto, "9 months" should be "279 days" and not "465 days" which in fact represent 15 months.

    1. Anonymous Coward
      Anonymous Coward

      Re: Math error?

      Copy-paste error, if you check the original document, it is indeed 15 months, not 5.

  3. Amos1

    Here's the paragraph that will cost Symantec a lot of money:

    "Given the nature of these issues, and the multiple failures of Symantec to ensure that the level of assurance provided by their certificates meets the requirements of the Baseline Requirements or Extended Validation Guidelines, we no longer have the confidence necessary in order to grant Symantec-issued certificates the “Extended Validation” status. As documented with both the current and past misissuance, Symantec failed to ensure that the organizational attributes, displayed within the address bar for such certificates, meet the level of quality and validation required for such display. Therefore, we propose to remove such indicators, effective immediately, until Symantec is able to demonstrate the level of sustained compliance necessary to grant such trust, which will be a period no less than a year. After such time has passed, we will consider requests from Symantec to re-evaluate this position, in collaboration with the broader Chromium community."

    Did yo catch the "effective immediately" part?

    The bank I work for has been reticent to leave Symantec because of old people afraid of change. Not any more. We're moving to replace every Symantec certificate we use because we rely on EV certs as part of our customer anti-phishing education campaign. And we just saved tens of thousands of dollars a year as well.

  4. fajensen Silver badge
    Pint

    Symantic - the elephant graveyard of software!

    Once useful software that time and windows versions has generally moved away from will be acquired by Symantec, then bloated enough to warp space-time and peddled to corporations for Cash via an annual subscription.

    - as well as being forced upon grannies and school-children when something Symantec comes pre-installed in the form of almost impossible to get rid off, naggy, crap-ware, sucking the very life out of their new computer.

  5. Anonymous Coward
    Anonymous Coward

    Symantec Sucks

    One man's blog about Symantec's flagship product, NAV07. Hilariously bad software, traceable to excruciatingly bad management. Very well documented. It's a blog, so start at the bottom if you're interested.

    Point is: Symantec's very bad management. That's unlikely to have changed much, even in a decade or so.

    symantec-sucks.blogspot.com

  6. This post has been deleted by its author

  7. Anonymous Coward
    Anonymous Coward

    i thought my employer's management were incompetent until they were acquired by SYMC. The levels of ignorance, incompetence, pathetic internal politicking and backstabbing, well mixed with a cascade of the most mind-blowingly, hilariously misjudged American management bullshit it's ever been my misfortune to read. I don't think I've ever been so glad to escape an employer.

    1. fajensen Silver badge

      The levels of ignorance, incompetence, ....

      American Exceptionalism - or rather - Thats what one gets with just enough lead in the drinking water for a long time! And Hillary and The Donald!!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019