Any IT techs shed light on how your organizations are handling the detrusting of Symantec? Or, are you just hoping the normal update process takes care of it?
Announcement
Collapse
No announcement yet.
Symantec De-trust
Collapse
X
-
Re: Symantec De-trust
Not much impact for us, we ditched all Symantec products years ago and have never used them for our own certs, as for outside websites using Symantec certs our internet is so locked down so much there likely won't be much affect there either (most employees don't even have internet access and those that do can only get to a limited number of "whitelisted" sites).
Comment
-
Re: Symantec De-trust
Originally posted by dmill89 View PostNot much impact for us, we ditched all Symantec products years ago and have never used them for our own certs, as for outside websites using Symantec certs our internet is so locked down so much there likely won't be much affect there either (most employees don't even have internet access and those that do can only get to a limited number of "whitelisted" sites).
While I know the app is genuine (i.e., I don't need to verify the signature to assure myself of its authenticity) *it* wants to check itself during the installation. Because the chain is broken, the installer refuses to start...
I suppose I could install the certificate, run the installer, let it verify its own integrity... and then back the certificate OUT -- leaving a note to myself to remember to do this, again, if I ever need to reinstall the app!
(sigh) What a PITA (though, presumably, it is doing EXACTLY what it was intended to do! -- makes you wonder what those folks did to incur this sort of sanction!)
Comment
-
Re: Symantec De-trust
First I've heard of this.....but I've been doing yard work the last week... What happened?<--- Badcaps.net Founder
Badcaps.net Services:
Motherboard Repair Services
----------------------------------------------
Badcaps.net Forum Members Folding Team
http://folding.stanford.edu/
Team : 49813
Join in!!
Team Stats
Comment
-
Re: Symantec De-trust
Following... yes, what happened?Don't buy those $10 PSU "specials". They fail, and they have taken whole computers with them.
My computer doubles as a space heater.
Permanently Retired Systems:
RIP Advantech UNO-3072LA (2008-2021) - Decommissioned and taken out of service permanently due to lack of software support for it. Not very likely to ever be recommissioned again.
Asus Q550LF (Old main laptop, 2014-2022) - Decommissioned and stripped due to a myriad of problems, the main battery bloating being the final nail in the coffin.
Kooky and Kool Systems
- 1996 Power Macintosh 7200/120 + PC Compatibility Card - Under Restoration
- 1993 Gateway 2000 80486DX/50 - Fully Operational/WIP
- 2004 Athlon 64 Retro Gaming System - Indefinitely Parked
- Main Workstation - Fully operational!
sigpic
Comment
-
Re: Symantec De-trust
Originally posted by Topcat View PostFirst I've heard of this.....but I've been doing yard work the last week... What happened?
https://www.trustzone.com/are-you-re...ntec-distrust/
https://scotthelme.co.uk/are-you-rea...ntec-distrust/
https://security.googleblog.com/2018...immediate.html
https://blog.mozilla.org/security/20...-certificates/
Comment
-
Re: Symantec De-trust
Originally posted by stj View Postthat wouldnt be a problem if you could over-ride it, but i dont think you can - it creates a great censorship mechanism for browser companys!
The fact that it isn't a decision taken by just ONE party makes it "fair".
Comment
-
Re: Symantec De-trust
on the other hand,
once you have browsers enforcing "HTTPS only" and a few frankly questionable organisations issuing the certs,
you have a fucked situation where you cant host your own site unless they rubber-stamp it with their aproval.
how very fucking communist!
what a great way to make political websites vanish!
Comment
-
Re: Symantec De-trust
Originally posted by stj View Poston the other hand,
once you have browsers enforcing "HTTPS only" and a few frankly questionable organisations issuing the certs,
you have a fucked situation where you cant host your own site unless they rubber-stamp it with their aproval.
The "great equalizer" is that CAs that even try to go that route could just as easily be de-trusted. Then, all of the apps/sites that they were hoping to endorse would simultaneously feel the same kiss of death they may have been "trying" to impose on others.
Ooops!
Comment
Comment