Nmedia - Fotolia

Problem solve Get help with specific problems with your technologies, process and projects.

Risk & Repeat: Bad Symantec certificates strike again

Listen to this podcast

In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the discovery of more bad Symantec certificates and what it means for the antivirus software maker.

Bad Symantec certificates have, once again, landed the antivirus software maker in hot water.

More than 100 wrongly issued Symantec certificates were discovered recently by security researcher Andrew Ayer. Following Ayer's research post, Symantec quickly revoked the certificates and conducted its own investigation, which found even more bad certificates -- 127 to Ayer's 108 -- that had been issued over a six-month period starting last July.

All of the bad Symantec certificates were issued by CrossCert, a certificate authority based in Korea, according to Symantec's report. According to Symantec, CrossCert issued the certificates in violation of Symantec's policies and "overrode the compliance failure flags."

This marks the second time in less than 18 months that bad Symantec certificates have been exposed; in late 2015, the antivirus vendor was caught by Google's Certificate Transparency improperly issuing certificates.

While Symantec has pledged to review its certification authority processes and partners, as well as to take over validation and issuance of all future certificates issued by CrossCert, questions remain for the security software maker.

How could a Symantec certificate authority issue so many bad certificates without the vendor knowing? Should Symantec have been more directly involved with the certificate approval and issuing processes? Is the certificate authority system fundamentally broken?

In this episode of SearchSecurity's Risk & Repeat podcast, editors Rob Wright and Peter Loshin discuss those questions and more on the topic of Symantec certificates.

Next Steps

Risk & Repeat: Potential Windows Server Message Block exploit draws concern

Risk & Repeat: Is doxware a new threat or just repackaged ransomware?

Risk & Repeat: CES Cybersecurity Forum tackles passwords, internet of things threats

Enterprise Desktop
  • Understanding how GPOs and Intune interact

    Group Policy and Microsoft Intune are both mature device management technologies with enterprise use cases. IT should know how to...

  • Comparing MSI vs. MSIX

    While MSI was the preferred method for distributing enterprise applications for decades, the MSIX format promises to improve upon...

  • How to install MSIX and msixbundle

    IT admins should know that one of the simplest ways to deploy Windows applications across a fleet of managed desktops is with an ...

Cloud Computing