Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Big news re Google and Symantec issued EVs

March 24th 2017 in safety and privacy on the Internet, Security

Cite: https://arstechnica.com/security/2017/03/google-takes-symantec-to-the-woodshed-for-mis-issuing-30000-https-certs/

“In a severe rebuke of one of the biggest suppliers of HTTPS credentials, Google Chrome developers announced plans to drastically restrict transport layer security certificates sold by Symantec-owned issuers following the discovery they have issued more than 30,000 certificates.

Effective immediately, Chrome plans to stop recognizing the extended validation status of all certificates issued by Symantec-owned certificate authorities, Ryan Sleevi, a software engineer on the Google Chrome team, said Thursday in an online forum. Extended validation certificates are supposed to provide enhanced assurances of a site’s authenticity by showing the name of the validated domain name holder in the address bar. Under the move announced by Sleevi, Chrome will immediately stop displaying that information for a period of at least a year. In effect, the certificates will be downgraded to less-secure domain-validated certificates.”

I have not found any information about what action, if any, Microsoft and Apple plan to take.

One comment to...
“Big news re Google and Symantec issued EVs”


What is the purpose for all those SSL-certificates? You can generate them totally anonymously and for free at services like Let’s Encrypts or CloudFlare.

Not only is it impossible for the typical user to disable or change the software update settings for Adobe Acrobat Reader DC, the most recent SILENT update of Adobe Acrobat Reader DC also installed an Adobe Acrobat extension to Google Chrome without notice or consent.

To add insult the injury, the extension’s option to “Allow Adobe […]

Previous Entry

If you, your family or friends have used that website, please warn them.

Here is what happens:

Go to the website and put anything into the shopping cart.
Click “checkout”.
Enter an email address when prompted.

If the email address is already in their database the name, address and phone number associated with that email address is immediately displayed with […]

Next Entry