Symantec terminates employees for unauthorized HTTPS certificates

Symantec has discovered that unauthorized HTTP certificates were issued for Google webpages and terminated the employees who were involved in issuing the certificates.
Symantec has discovered that unauthorized HTTP certificates were issued for Google webpages and terminated the employees who were involved in issuing the certificates.

Symantec terminated employees involved in issuing unauthorized HTTP certificates for Google webpages.

The certificates "did not leave Symantec's secure testing labs, and did not affect the security or privacy of any user or organization," the company said, stressing it takes procedural breaches "extremely seriously."

The company is "putting even stronger safeguards in place to prevent an issue like this from occurring again," according to a statement emailed to SCMagazine.com.

Symantec Vice President of Engineering Quentin Liu wrote in a blog post that the "test certificates and keys were always within our control and were immediately revoked" once discovered.

And Google security blog noted that Chrome's revocation metadata had been updated to include the public key of the mis-issued certificate for the domains google.com and www.google.com.

Separately, Symantec named appointed Dan Rogers, formerly a vice president at Salesforce.com, as chief marketing officer.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS