Symantec has copped a bullet from Google after breaching the search engine giant’s trust in its web security certificates, not once, but twice. The first breach came to light in a Google blog two months ago, which disclosed that “Symantec’s Thawte-branded CA issued an Extended Validation (EV) pre-certificate for the domains google.com and www.google.com. This pre-certificate was neither requested nor authorized by Google.” Dr. Phil Branch, Senior Lecturer Swinburne University explains this. “As a certificate authority Symatec signs digital certificates that link a domain name to a public key. The public key vouches that the website really does belong to its nominated owner and not someone pretending to be that site. “Google has reported that Symantec issued two certificates for Google without Google’s permission or authorisation.”
View full story
ORIGINAL SOURCE: IT Wire