Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Big news re Google and Symantec issued EVs

March 24th 2017 in safety and privacy on the Internet, Security

Cite: https://arstechnica.com/security/2017/03/google-takes-symantec-to-the-woodshed-for-mis-issuing-30000-https-certs/

“In a severe rebuke of one of the biggest suppliers of HTTPS credentials, Google Chrome developers announced plans to drastically restrict transport layer security certificates sold by Symantec-owned issuers following the discovery they have issued more than 30,000 certificates.

Effective immediately, Chrome plans to stop recognizing the extended validation status of all certificates issued by Symantec-owned certificate authorities, Ryan Sleevi, a software engineer on the Google Chrome team, said Thursday in an online forum. Extended validation certificates are supposed to provide enhanced assurances of a site’s authenticity by showing the name of the validated domain name holder in the address bar. Under the move announced by Sleevi, Chrome will immediately stop displaying that information for a period of at least a year. In effect, the certificates will be downgraded to less-secure domain-validated certificates.”

I have not found any information about what action, if any, Microsoft and Apple plan to take.


required - won't be displayed

Your Comment:

Not only is it impossible for the typical user to disable or change the software update settings for Adobe Acrobat Reader DC, the most recent SILENT update of Adobe Acrobat Reader DC also installed an Adobe Acrobat extension to Google Chrome without notice or consent.

To add insult the injury, the extension’s option to “Allow Adobe […]

Previous Entry