Tumblelog by Soup.io
Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

More Symantec News – The Isoblog.

tl;dr: every certificate store that does not have a path away from Symantec etc is not trustworthy…

Kristian Köhntopp originally shared:

Google has been very kind with Symantec - complete CA meltdown. http://blog.koehntopp.info/index.php/1337-more-symantec-news/

»If you purchased a Symantec certificate (or a cert from any of their associated subsidiaries and partners) through a third party, from at least as far back as early 2013 until recently; their third party certificate generation, management, and retrieval API allowed those certificates… including in some cases private keys generated by third parties… to be retrieved without proper authentication, or in some cases any authentication at all.«

Don't be the product, buy the product!