Symantec's response
"We take our customers security very seriously, and we will do anything needed to keep the extended validation cert gravy train rolling. Google's allegations are completely baseless, and also your mum!"
Google's Chrome development team has posted a stinging criticism of Symantec's certificate-issuance practices, saying it has lost confidence in the company's practices and therefore in the safety of sessions hopefully-secured by Symantec-issued certificates. Google's post says “Since January 19, the Google Chrome team has been …
Here's the paragraph that will cost Symantec a lot of money:
"Given the nature of these issues, and the multiple failures of Symantec to ensure that the level of assurance provided by their certificates meets the requirements of the Baseline Requirements or Extended Validation Guidelines, we no longer have the confidence necessary in order to grant Symantec-issued certificates the “Extended Validation” status. As documented with both the current and past misissuance, Symantec failed to ensure that the organizational attributes, displayed within the address bar for such certificates, meet the level of quality and validation required for such display. Therefore, we propose to remove such indicators, effective immediately, until Symantec is able to demonstrate the level of sustained compliance necessary to grant such trust, which will be a period no less than a year. After such time has passed, we will consider requests from Symantec to re-evaluate this position, in collaboration with the broader Chromium community."
Did yo catch the "effective immediately" part?
The bank I work for has been reticent to leave Symantec because of old people afraid of change. Not any more. We're moving to replace every Symantec certificate we use because we rely on EV certs as part of our customer anti-phishing education campaign. And we just saved tens of thousands of dollars a year as well.
Once useful software that time and windows versions has generally moved away from will be acquired by Symantec, then bloated enough to warp space-time and peddled to corporations for Cash via an annual subscription.
- as well as being forced upon grannies and school-children when something Symantec comes pre-installed in the form of almost impossible to get rid off, naggy, crap-ware, sucking the very life out of their new computer.
One man's blog about Symantec's flagship product, NAV07. Hilariously bad software, traceable to excruciatingly bad management. Very well documented. It's a blog, so start at the bottom if you're interested.
Point is: Symantec's very bad management. That's unlikely to have changed much, even in a decade or so.
symantec-sucks.blogspot.com
This post has been deleted by its author
i thought my employer's management were incompetent until they were acquired by SYMC. The levels of ignorance, incompetence, pathetic internal politicking and backstabbing, well mixed with a cascade of the most mind-blowingly, hilariously misjudged American management bullshit it's ever been my misfortune to read. I don't think I've ever been so glad to escape an employer.