Skip to main content
  1. Home
  2. Computing
  3. Mobile
  4. Web
  5. News

Google issues ultimatum to Symantec over unauthorized HTTPS certificates

Add as a preferred source on Google

Google has laid down an ultimatum for Symantec — be fully transparent about the issuing of your security certificates or sites that use Symantec certificates will be deemed unsafe by Google Chrome.

In September Symantec revealed in a report that it had fired a number of employees for issuing unauthorized TSL certificates for domain names to companies that did not own them.

Recommended Videos

This meant that they could have been used to copycat HTTPS-protected websites, including those of Google’s. Cyber-criminals could use the certificates to impersonate highly-reputable sites and go undetected.

Initially, Symantec said that 23 certificates were issued, but Google has disputed this number, saying it is much higher. Following further examination, Symantec said that there were a further 164 certificates over 76 domains and 2,458 certificates for domains not yet registered.

In a blog post, Google’s Ryan Sleevi called for the details of Symantec’s investigation to be made public and transparent in order to understand why the number of certificates issued was under estimated. This involves detailed information on how the company will prevent this from happening again as well as what its methods will be.

Sleevi has also called for Symantec to ensure that all SSL certificates, as of June 1 2016, are issued in accordance with Certificate Transparency, a public audit log.

“After this date, certificates newly issued by Symantec that do not conform to the Chromium Certificate Transparency policy may result in interstitials or other problems when used in Google products,” wrote Sleevi.

If Symantec, and possibly any other certificate issuer, doesn’t follow these guidelines, it runs the risk of its SSL certificates being flagged as unsafe or unsecure, which would send a bad message to any user trying to access sites using them through Chrome.

In response, Symantec has said the issue was caused by a testing error. It stated that it has revoked and blacklisted the certificates in question and said that there had been no harm caused to any users or organizations.

“To prevent this type of testing from occurring in the future, we have already put additional tool, policy and process safeguards in place, and announced plans to begin Certificate Transparency logging of all certificates,” said the statement. “We have also engaged an independent third-party to evaluate our approach, in addition to expanding the scope of our annual audit.”

Jonathan Keane
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
AI wants to summarize it all. TripAdvisor’s misleading reviews show AI will also ruin your travel plans
Spotless, friendly, and totally wrong. AI summaries are hiding the reviews that actually matter.
Tripadvisor logo on MacBook

Planning a trip is stressful enough without wondering if the glowing hotel summary you just read was written by an AI that skipped the scary parts. As it turns out, that might be exactly what's happening on TripAdvisor.

According to an investigation by consumer group Which?, reported by the Guardian, TripAdvisor's AI-generated review summaries are smoothing over serious guest complaints, and in some cases, downright dangerous ones.

Read more
Opera’s new Paste Protect feature stops the clipboard attack your antivirus can’t catch
ClickFix attacks trick you into compromising your own device, and no major browser had a native defense against them until now.
Opera Paste Protect featured

Most online scams are easy enough to spot once you know what to look for. Fake login pages, suspicious attachments, or urgent wire transfer requests are dead giveaways. But ClickFix doesn't look like any of them. It presents itself as a solution, and it asks you to do something so routine that few people think twice about it.

The technique was behind more than 53 percent of malware loader incidents last year, according to cybersecurity firm Huntress, and no major browser had a native defense against it until now. Opera is fixing that with a new feature called Paste Protect.

Read more
Apple’s M6 chip isn’t even here yet, but you’ll see M7 Macs early in 2027
Apple is reportedly already accelerating its next-generation silicon roadmap, even before the M6 has launched.
Apple MacBook

The M6 chip is still expected to debut later this year, but Apple may already be preparing for what comes next. According to Mark Gurman's latest report for Bloomberg, the company is aiming to introduce its first M7-powered devices as early as the first half of 2027, hinting at a much faster silicon refresh than many expected.

M7 could arrive alongside new Macs and iPads

Read more