GuiGui's Show - Liens« On September 14, around 19:20 GMT, Symantec’s Thawte-branded CA issued an Extended Validation (EV) pre-certificate for the domains google.com and www.google.com. This pre-certificate was neither requested nor authorized by Google.
We discovered this issuance via Certificate Transparency logs, which Chrome has required for EV certificates starting January 1st of this year. [...]
During our ongoing discussions with Symantec we determined that the issuance occurred during a Symantec-internal testing process. »
Côté Symantec (
http://www.symantec.com/connect/blogs/tough-day-leaders) :
« In addition, we discovered that a few outstanding employees, who had successfully undergone our stringent on-boarding and security trainings, failed to follow our policies. Despite their best intentions, this failure to follow policies has led to their termination after a thoughtful review process. Because you rely on us to protect the digital world, we hold ourselves to a “no compromise” bar for such breaches. As a result, it was the only call we could make.
As much as we hate to lose valuable colleagues, we are the industry leader in online safety and security, and it is imperative that we maintain the absolute highest standards. At the end of day, we hang our hats on trust, and that trust is built by doing what we say we’re going to do. »
(
Permalink)