Symantec may not have chosen their partners wisely as once again we see some questionable SSL certs being released into the wild by one of their audited partners. For a while last week, some rather questionable domains had Symantec issued SSLs, offering a wide variety of possible attack vectors for anyone nefarious enough to take advantage of the fact. Thankfully this does not happen often, though The Inquirer points out that it is nothing new, as it casts doubt on how secure an SSL site actually is. Symantec promises to investigate what happened and release that information publicly; we can only hope they also learn from it.
"Andrew Ayer of certificate vendor and wrangler SSLMate went public with his discovery last week. The mis-issued certs were issued for example.com, and a bunch of variations of test.com (test1.com, test2.com and so on)."
Here is some more Tech News from around the web:
- Android Device's Pattern Lock Can Be Cracked Within Five Attempts, Researchers Show @ Slashdot
- Norwegians forced to stop using Windows Phones because there aren't any @ The Inquire
- Microsoft set to ditch another 700 jobs across the board this week @ The Inquirer
- One BEEELLION dollars: Apple sues Qualcomm, one of its chip designers @ The Register