Advertisement

Google slaps Symantec for issuing fake web security certificates

Not long ago, Symantec revealed that it had issued bogus security certificates for numerous web domains, including Google's... and as you might guess, Google isn't happy. The search firm is warning Symantec that, as of June 1st, any Symantec certificates which don't meet its transparency policy may create warnings and "problems" in Google products (read: they'll be deemed insecure). Moreover, it's asking Symantec to explain why it didn't catch some of the fake certificates, the causes behind each slip-up and the steps it'll take to set things right. Not surprisingly, Google doesn't want malicious sites posing as someone else (especially not Google) in order to deliver malware or perpetuate phishing scams.

For its part, Symantec claims that it issued a "small number" of test certificates by mistake, and revoked them before notifying those affected. It also fired a handful of staff who reportedly weren't following guidelines. There's a good chance this won't happen again. However, the antivirus maker also appears to be downplaying the scope of the problem. Google notes that it found dodgy certificates after the first time Symantec examined its behavior, and Symantec's second audit caught over 2,600 of them -- that doesn't sound small to us. While the two companies aren't bitter enemies, it could be a long while before they get back into each other's good books.