Tag: symantec

Unauthorized Google certificates issued by Symantec staffers lead to firings

In this way, it has allowed HTTPS-enabled Google domains to be impersonated by the wrong parties.

It has now been revealed that Symantec has fired several of its staff members after it was discovered that they had issued unauthorized Google certificates that allows potential attackers to be able to impersonate legitimate pages that have been protected by HTTPS.

The Symantec digital security company posted the news of the unauthorized certificate issuing in a recent blog post.

According to the company, “We learned on Wednesday that a small number of test certificates were inappropriately issued internally this week for three domains during product testing.” It also explained that all of the test Google certificates and the keys had always remained within the company’s control, and when the issue was identified, they were immediately revoked. “There was no direct impact to any of the domains and never any danger to the Internet.”

That said, they did terminate the employment of the people who misused the Google certificates in question.

Google Certificates - IssuesThe issue, itself, was identified by employees at Google, who had been monitoring an open framework called Certificate Transparency, which is a project that the company operates in order to be able to repair SSL certificate system structural flaws. Clearly, the system proved its worth in a new way in this specific situation, as Google was able to spot the unauthorized activity with regards to the certificates, nearly immediately.

Google then proceeded to communicate the issue to Symantec, and the two companies worked together to make certain that the pre-certificate remained active and valid for only a single day at the start of 2015. The certificate has since been blocked by way of an update to the revocation metadata through Chrome. Moreover, there isn’t any reason to believe that there was any risk to the security and privacy of Symantec’s website or product users at any point, as a result of this error.

Those responsible for the issue with the Google certificate are no longer employed with Symantec. That said, the company has now employed Dan Rogers as its new chief marketing officer. Rogers is the former CMO of Salesforce EMEA.

Mobile security issues becoming apparent with wearable tech

As the number of smartwatch and smartband wearers grows, the amount of data tracking increases, too.

According to the results of a recent mobile security study that have just been published, the users of wearable tech devices can become the victims of cyber attacks, personal data breaches, or simply basic tracking by an individual with a low budget and a small amount of knowledge on the subject.

In fact, the study showed that all that is required is about $70 worth of hardware to track a wearable tech user.

The study was conducted by Symantec, the online and mobile security giant. Its researchers came up with a very simple design that brought a Bluetooth radio module together with a Raspberry Pi computer that was capable of scanning the area for the signals of wearable technology. The device was brought to various parks and sporting events where the researchers were then capable of recording the data that was being broadcasted by devices that were nearby.

The mobile security “attack” went completely undetected by the device users because no attempt was made to connect.

Mobile Security - Wearable techThe device made by the researchers never attempted to make a connection with the specific wearables that were being tracked. This was not required because the data was collectable due to the sheer simplicity of the wearable tech, which communicates with more complex devices – such as smartphones, tablets, and laptops – in order to make its information usable to the wearer.

The researchers brought the detection devices to public places in Ireland and Switzerland. They found that among all the types of mobile devices that are carried by people in these types of location, it was wearables that were particularly easy to track. According to the team, in a blog post that they made on the subject, “All the devices we encountered can be easily tracked using the unique hardware address they transmit.”

Among the types of mobile security vulnerability that were found in these devices, the researchers were also capable of remotely probing the gadgets to reveal identifying information or serial numbers. That said, they felt that this type of information would be considered to be “trivial” by people who have computer knowledge and who would be capable of actually accessing this data.