Tag: google mobile security

Unauthorized Google certificates issued by Symantec staffers lead to firings

In this way, it has allowed HTTPS-enabled Google domains to be impersonated by the wrong parties.

It has now been revealed that Symantec has fired several of its staff members after it was discovered that they had issued unauthorized Google certificates that allows potential attackers to be able to impersonate legitimate pages that have been protected by HTTPS.

The Symantec digital security company posted the news of the unauthorized certificate issuing in a recent blog post.

According to the company, “We learned on Wednesday that a small number of test certificates were inappropriately issued internally this week for three domains during product testing.” It also explained that all of the test Google certificates and the keys had always remained within the company’s control, and when the issue was identified, they were immediately revoked. “There was no direct impact to any of the domains and never any danger to the Internet.”

That said, they did terminate the employment of the people who misused the Google certificates in question.

Google Certificates - IssuesThe issue, itself, was identified by employees at Google, who had been monitoring an open framework called Certificate Transparency, which is a project that the company operates in order to be able to repair SSL certificate system structural flaws. Clearly, the system proved its worth in a new way in this specific situation, as Google was able to spot the unauthorized activity with regards to the certificates, nearly immediately.

Google then proceeded to communicate the issue to Symantec, and the two companies worked together to make certain that the pre-certificate remained active and valid for only a single day at the start of 2015. The certificate has since been blocked by way of an update to the revocation metadata through Chrome. Moreover, there isn’t any reason to believe that there was any risk to the security and privacy of Symantec’s website or product users at any point, as a result of this error.

Those responsible for the issue with the Google certificate are no longer employed with Symantec. That said, the company has now employed Dan Rogers as its new chief marketing officer. Rogers is the former CMO of Salesforce EMEA.

Mobile security tech from Google’s Project Vault looks like a microSD card

By using this technology, the goal is to greatly enhance the level of protection to smartphones.

Google has introduced a new project that is geared toward enhancing the mobile security of people’s smartphones, without having to change the way that manufacturers actually produce those mobile devices.

The Project Vault was announced last Friday, which jams a mass of security systems into a simple microSD card.

The majority of smartphones, tablets, and computers already recognize microSD cards as a type of digital storage device. However, at Google’s I/O developer conference in San Francisco, it was revealed that the company is working on a way to use that mobile technology as an upgrade to the mobile security that is already available in the device, but that makes it considerably more powerful.

Mobile security has become a major concern, particularly as smartphones are used for more sensitive purposes.

Mobile Security - SmartphonesAmong the primary reasons that people give for hesitating to adopt mobile payments and to shopping over their smartphones and tablets, for instance, is that they aren’t entirely confident that it will keep their data secure. By boosting the security of those mobile devices, many people feel that consumers will feel more comfortable in broadening their use of the gadgets to include areas such as wallets.

According to the head of the Advanced Technology and Projects group (ATAP) at Google, Regina Dugan, “Project Vault is your digital mobile safe.”

Adding the Vault card will incorporate what is pretty much a secure computer that will guard over a smartphone owner’s personal information. For instance, it can scramble or encrypt chat messages from a messenger app, and it can boost the required levels of authentication that are necessary for your device to recognize that you are who you say you are. The card also uses a near field communication technology (NFC) chip in order to be able to communicate with other very nearby devices.

The mobile security microSD card is only 4 GB and it can be recognized by any type of operating system, including Android, iOS, Windows, and BlackBerry. The software is run directly off the microSD card.