Badcaps.net Forum
Go Back   Badcaps Forums > General Topics > General Computer & Tech Discussion
Register FAQ Calendar Search Today's Posts Mark Forums Read

 
Thread Tools Display Modes
Old 04-28-2020, 01:16 PM   #1
Curious.George
Badcaps Veteran
 
Join Date: Nov 2011
Posts: 2,108
Default Symantec De-trust

Any IT techs shed light on how your organizations are handling the detrusting of Symantec? Or, are you just hoping the normal update process takes care of it?
Curious.George is offline   Reply With Quote
Old 04-28-2020, 04:24 PM   #2
stj
Great Sage 齊天大聖
 
stj's Avatar
 
Join Date: Dec 2009
City & State: Europe
My Country: some shithole run by Israeli agents
I'm a: Professional Tech
Posts: 22,653
Default Re: Symantec De-trust

??
stj is offline   Reply With Quote
Old 04-28-2020, 04:36 PM   #3
dmill89
Badcaps Veteran
 
Join Date: Dec 2011
City & State: Harrisburg, PA
My Country: USA
Line Voltage: 120VAC 60Hz
Posts: 1,763
Default Re: Symantec De-trust

Not much impact for us, we ditched all Symantec products years ago and have never used them for our own certs, as for outside websites using Symantec certs our internet is so locked down so much there likely won't be much affect there either (most employees don't even have internet access and those that do can only get to a limited number of "whitelisted" sites).
dmill89 is offline   Reply With Quote
Old 04-28-2020, 06:02 PM   #4
Curious.George
Badcaps Veteran
 
Join Date: Nov 2011
Posts: 2,108
Default Re: Symantec De-trust

Quote:
Originally Posted by dmill89 View Post
Not much impact for us, we ditched all Symantec products years ago and have never used them for our own certs, as for outside websites using Symantec certs our internet is so locked down so much there likely won't be much affect there either (most employees don't even have internet access and those that do can only get to a limited number of "whitelisted" sites).
I have a few apps that are signed with Symantec in the certification chain. I'm hesitant to update the local certificate store for fear of bringing that "distrust" into the machine "forever".

While I know the app is genuine (i.e., I don't need to verify the signature to assure myself of its authenticity) *it* wants to check itself during the installation. Because the chain is broken, the installer refuses to start...

I suppose I could install the certificate, run the installer, let it verify its own integrity... and then back the certificate OUT -- leaving a note to myself to remember to do this, again, if I ever need to reinstall the app!

(sigh) What a PITA (though, presumably, it is doing EXACTLY what it was intended to do! -- makes you wonder what those folks did to incur this sort of sanction!)
Curious.George is offline   Reply With Quote
Old 04-28-2020, 07:31 PM   #5
Topcat
The Boss Stooge
 
Topcat's Avatar
 
Join Date: Oct 2003
City & State: Salem, MO
My Country: United States
Line Voltage: 240V @ 60Hz
I'm a: Professional Tech
Posts: 13,170
Default Re: Symantec De-trust

First I've heard of this.....but I've been doing yard work the last week... What happened?
__________________
<--- Badcaps.net Founder & Owner

Badcaps.net Services:

Premade Capacitor Kits
Badcaps.net Capacitor Master List


Motherboard Repair Services


If you've come here in search of replacement capacitors or repair services, please use the links above.
----------------------------------------------
Badcaps.net Forum Members Folding Team
http://folding.stanford.edu/
Team : 49813
Join in!!
Team Stats
Topcat is online now   Reply With Quote
Old 04-28-2020, 08:52 PM   #6
TechGeek
Computer Geek
 
TechGeek's Avatar
 
Join Date: Jan 2015
City & State: Nowhereland, Texas
My Country: USA
Line Voltage: 120/2/[email protected]
I'm a: Hardcore Geek
Posts: 1,589
Default Re: Symantec De-trust

Following... yes, what happened?
__________________
Don't buy those $10 PSU "specials". They fail, and they have taken whole computers with them.

For computer parts, go to Newegg
OR
Amazon.

For electrical stuff(pushbuttons, capacitors, etc), use Digikey
OR
Mouser.

My computer doubles as a space heater.

Windows 10? Only if you like forced, buggy updates and 24/7 telemetry.

Samsung = Seagate = Seatrash = Trashgate
Don't buy Seagate drives. Don't use Seagate drives. If you have any in service right now, make plans to replace them ASAP.


TechGeek is offline   Reply With Quote
Old 04-28-2020, 09:56 PM   #7
dmill89
Badcaps Veteran
 
Join Date: Dec 2011
City & State: Harrisburg, PA
My Country: USA
Line Voltage: 120VAC 60Hz
Posts: 1,763
Default Re: Symantec De-trust

Quote:
Originally Posted by Topcat View Post
First I've heard of this.....but I've been doing yard work the last week... What happened?
Several browsers (notably recent versions of Chrome and Firefox) are no longer trusting Symantec certs, (It isn't really new but not highly publicized either):

https://www.trustzone.com/are-you-re...ntec-distrust/

https://scotthelme.co.uk/are-you-rea...ntec-distrust/

https://security.googleblog.com/2018...immediate.html

https://blog.mozilla.org/security/20...-certificates/
dmill89 is offline   Reply With Quote
Old 04-29-2020, 04:20 AM   #8
stj
Great Sage 齊天大聖
 
stj's Avatar
 
Join Date: Dec 2009
City & State: Europe
My Country: some shithole run by Israeli agents
I'm a: Professional Tech
Posts: 22,653
Default Re: Symantec De-trust

that wouldnt be a problem if you could over-ride it, but i dont think you can - it creates a great censorship mechanism for browser companys!
stj is offline   Reply With Quote
Old 04-29-2020, 05:05 AM   #9
Curious.George
Badcaps Veteran
 
Join Date: Nov 2011
Posts: 2,108
Default Re: Symantec De-trust

Quote:
Originally Posted by stj View Post
that wouldnt be a problem if you could over-ride it, but i dont think you can - it creates a great censorship mechanism for browser companys!
The whole point of authentication mechanisms is to vouch for an entities identity. If you allow distrust into the mix, then it collapses. This puts pressure on folks to avoid "untrustworthy" CAs.

The fact that it isn't a decision taken by just ONE party makes it "fair".
Curious.George is offline   Reply With Quote
Old 04-29-2020, 07:57 AM   #10
stj
Great Sage 齊天大聖
 
stj's Avatar
 
Join Date: Dec 2009
City & State: Europe
My Country: some shithole run by Israeli agents
I'm a: Professional Tech
Posts: 22,653
Default Re: Symantec De-trust

on the other hand,
once you have browsers enforcing "HTTPS only" and a few frankly questionable organisations issuing the certs,
you have a fucked situation where you cant host your own site unless they rubber-stamp it with their aproval.

how very fucking communist!

what a great way to make political websites vanish!
stj is offline   Reply With Quote
Old 04-29-2020, 01:58 PM   #11
Curious.George
Badcaps Veteran
 
Join Date: Nov 2011
Posts: 2,108
Default Re: Symantec De-trust

Quote:
Originally Posted by stj View Post
on the other hand,
once you have browsers enforcing "HTTPS only" and a few frankly questionable organisations issuing the certs,
you have a fucked situation where you cant host your own site unless they rubber-stamp it with their aproval.
The certificates apply to ALL authentication. An OS that refuses to run unsigned binaries would effectively prevent "foreign" applications from being hosted on those platforms (can you spell iPhone?)

The "great equalizer" is that CAs that even try to go that route could just as easily be de-trusted. Then, all of the apps/sites that they were hoping to endorse would simultaneously feel the same kiss of death they may have been "trying" to impose on others.

Ooops!
Curious.George is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



Badcaps.net Technical Forums 2003 - 2020
Powered by vBulletin ®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
All times are GMT -6. The time now is 01:19 PM.
Did you find this forum helpful?