Google wants Symantec to stop issuing security certificates for sites it doesn’t own.
Sourced through Scoop.it from: www.engadget.com
Not long ago, Symantec revealed that it had issued bogus security certificates for numerous web domains, including Google’s… and as you might guess, Google isn’t happy. The search firm is warning Symantec that, as of June 1st, any Symantec certificates which don’t meet its transparency policy may create warnings and “problems” in Google products (read: they’ll be deemed insecure). Moreover, it’s asking Symantec to explain why it didn’t catch some of the fake certificates, the causes behind each slip-up and the steps it’ll take to set things right. Not surprisingly, Google doesn’t want malicious sites posing as someone else (especially not Google) in order to deliver malware or perpetuate phishing scams. For its part, Symantec claims that it issued a “small number” of test certificates by mistake, and revoked them before notifying those affected. It also fired a handful of staff who reportedly weren’t following guidelines. There’s a good chance this won’t happen again. However, the antivirus maker also appears to be downplaying the scope of the problem.