No Certs for You!
Love the Soup Nazi reference...
The four-month row between Google and Symantec over SSL certificate issuing has just gone nuclear, with the Chocolate Factory making good on its threats and beginning a blockade. "Over the course of the coming weeks, Google will be moving to distrust the 'Class 3 Public Primary CA' root certificate operated by Symantec …
Yep... I have the same problem with my Sec-P521 and Curve-25519 certs...
Infact not being able to install your own Root in Android is fast becoming a PITA and sucks... mind you so does not having 'administrator' (root) rights over a device that you purchased and own outright... argh!
M
Follow the link. Symantec generates fake certificates for testing, development, and other "non-public" uses. Those leaked once and Google is worried that they will leak again. If I read between the lines, I think that Google suspects Symantec of being forced to create them for covert spying. That would put Google's hard-earned hoard of extremely personal and extremely valuable data at risk.
"Symantec are million times worse, I have read their recent scare stories about android security."
Similarly, I read their recent scare story about OS X. One attack they emphasised could of course be remedied by using their products, but they managed to omit the simple truth that if you don't have Java installed, that attack is a non-issue.
Java hasn't been a part of the default installation of OS X for several years now.
I rest the case, M'Lud.
> If one uses smartphones as an enhanced cellphone and limit
> one's surfing to minimal sites and never use it for shopping or
> banking most of the problems more or less disappear.
That is far from true and an example of that people generally don't understand security issues. Lacing proper security your device can be hijacked remotely and the hijacker can impersonate you for example in mail and social networks.
I should clarify. I did "apt-get firejail", and read about the services it limits.
I was suggesting that it should somehow be integrated as a default such that to *not* use it, you use a tool.
Sandboxing "for free" would seem to be a generally good idea.
To add one more data point, this is how I would run Android apps on the (linux) desktop.
Maybe that would plug a hole in the desktop-ecosystem....?
P.
Well, that would work, if Google knew what they were doing. Their products positively encourage ignoring security warnings, 'cos they're so bloody anal about everything that the damned things appear all the time.
My favourite piece of arsehattery (which sums up Google's approach in this area) is Chrome's refusal to use SSL when the server's certificate fails to jump through all of Google's hoops, forcing fallback to an open connection. This is more secure how exactly.....?
Completely OT but I think you may have stumbled on a wonderful marketing opportunity here. Unfiltered printer ink. To be sold in the cold cabinet at Waitrose and other upmarket outlets, and also to those people who wish to print out their naughty pictures and want uncensored ink.
Anybody know any rich and gullible VCs?
@Voyna i Mor
To be sold in the cold cabinet at Waitrose and other upmarket outlets, and also to those people who wish to print out their naughty pictures and want uncensored ink.
just checked.
http://www.waitrose.com/shop/HeaderSearchCmd?searchTerm=Duchy+Originals+Extra+Virgin+Organic+Unfiltered+Printer+Ink&defaultSearch=GR&search=
You searched for Duchy Originals Extra Virgin Organic Unfiltered Printer Ink: (0 results found)
(Which *must* be one of the weirdest post titles ever)
Ah, the "cleverness" of a keyword approach to searching, just bring back anything with a keyword, rather than understanding the question.
There are a few queries which I have discovered are "unGoogleable" - Google never returns the correct answer because it doesn't comprehend the question.
"What is the Latin word for spelling" is one - try and Google it - you'll have loads of hits about sites with latin spellings of words ,,,,
The largest step-function improvement in my tech lifestyle was uninstalling Norton AntiVirus.
It was like moving from a potholed province to somewhere with smooth pavement.
Those scumbags owe me hundreds of hours of troubleshooting their crapware.
They can all burn in a special section of hell as far as I'm concerned.
Bloody sockcutters.
Are you referring to any actual cases of security issues or are you just trying to outdo Trump ?
We are talking about Root Certificates not certificates issued to individuals -- people with Root Certificates have a special trusted status so that they can verify all other certificates.