Any IT techs shed light on how your organizations are handling the detrusting of Symantec? Or, are you just hoping the normal update process takes care of it?
-
-
Re: Symantec De-trust
?? -
Re: Symantec De-trust
Not much impact for us, we ditched all Symantec products years ago and have never used them for our own certs, as for outside websites using Symantec certs our internet is so locked down so much there likely won't be much affect there either (most employees don't even have internet access and those that do can only get to a limited number of "whitelisted" sites).Comment
-
Re: Symantec De-trust
I have a few apps that are signed with Symantec in the certification chain. I'm hesitant to update the local certificate store for fear of bringing that "distrust" into the machine "forever".Originally posted by dmill89 View Post
While I know the app is genuine (i.e., I don't need to verify the signature to assure myself of its authenticity) *it* wants to check itself during the installation. Because the chain is broken, the installer refuses to start...
I suppose I could install the certificate, run the installer, let it verify its own integrity... and then back the certificate OUT -- leaving a note to myself to remember to do this, again, if I ever need to reinstall the app!
(sigh) What a PITA (though, presumably, it is doing EXACTLY what it was intended to do! -- makes you wonder what those folks did to incur this sort of sanction!)Comment
-
Re: Symantec De-trust
First I've heard of this.....but I've been doing yard work the last week... What happened?<--- Badcaps.net Founder
Badcaps.net Services:
Motherboard Repair Services
----------------------------------------------
Badcaps.net Forum Members Folding Team
http://folding.stanford.edu/
Team : 49813
Join in!!
Team StatsComment
-
Re: Symantec De-trust
Following... yes, what happened?Don't buy those $10 PSU "specials". They fail, and they have taken whole computers with them.
My computer doubles as a space heater.
Permanently Retired Systems:
RIP Advantech UNO-3072LA (2008-2021) - Decommissioned and taken out of service permanently due to lack of software support for it. Not very likely to ever be recommissioned again.
Asus Q550LF (Old main laptop, 2014-2022) - Decommissioned and stripped due to a myriad of problems, the main battery bloating being the final nail in the coffin.
Kooky and Kool Systems
- 1996 Power Macintosh 7200/120 + PC Compatibility Card - Under Restoration
- 1993 Gateway 2000 80486DX/50 - Fully Operational/WIP
- 2004 Athlon 64 Retro Gaming System - Indefinitely Parked
- Main Workstation - Fully operational!
sigpicComment
-
Re: Symantec De-trust
Several browsers (notably recent versions of Chrome and Firefox) are no longer trusting Symantec certs, (It isn't really new but not highly publicized either):Originally posted by Topcat View Post
https://www.trustzone.com/are-you-re...ntec-distrust/
https://scotthelme.co.uk/are-you-rea...ntec-distrust/
https://security.googleblog.com/2018...immediate.html
https://blog.mozilla.org/security/20...-certificates/Comment
-
Re: Symantec De-trust
that wouldnt be a problem if you could over-ride it, but i dont think you can - it creates a great censorship mechanism for browser companys!Comment
-
Re: Symantec De-trust
The whole point of authentication mechanisms is to vouch for an entities identity. If you allow distrust into the mix, then it collapses. This puts pressure on folks to avoid "untrustworthy" CAs.Originally posted by stj View Post
The fact that it isn't a decision taken by just ONE party makes it "fair".Comment
-
Re: Symantec De-trust
on the other hand,
once you have browsers enforcing "HTTPS only" and a few frankly questionable organisations issuing the certs,
you have a fucked situation where you cant host your own site unless they rubber-stamp it with their aproval.
how very fucking communist!
what a great way to make political websites vanish!Comment
-
Re: Symantec De-trust
The certificates apply to ALL authentication. An OS that refuses to run unsigned binaries would effectively prevent "foreign" applications from being hosted on those platforms (can you spell iPhone?)Originally posted by stj View Post
The "great equalizer" is that CAs that even try to go that route could just as easily be de-trusted. Then, all of the apps/sites that they were hoping to endorse would simultaneously feel the same kiss of death they may have been "trying" to impose on others.
Ooops!Comment
Comment