Chrome won't trust Symantec-backed SSL as of Jun 1 unless they account for bogus certs


In September, Google caught Symantec issuing a fake cryptographic certificate that could have been used to seamlessly intercept encrypted traffic. Symantec is one of the participants in Certificate Transparency, through which all new certificates issued and seen in the wild are logged to append-only, cryptographically provable logs, which create irrefutable audit trails for any bogus certs issued/discovered. Read the rest

Symantec caught issuing rogue certificates


Your browser trusts SSL certificates from hundreds of "Certificate Authorities," each of which is supposed to exercise the utmost caution before issuing them -- a rogue cert would allow a criminal or a government to act as a man-in-the-middle between you and your bank, email provider, or employer, undetectably intercepting communications that you believed to be secure. Read the rest

Fake Google subdomain certificates found in the wild

An Indian certificate authority in the Microsoft root of trust has been caught issuing fake Google subdomain certificates that would allow nearly undetectable eavesdropping on "secure" connections to services like Google Docs. Read the rest