Chrome will distrust SSL certificates generated by Symantec

I reviewed the headers of my IT Security News website in order to add HSTS. This is what I can see in the headers.   The certificate used to load uses an SSL certificate that will be distrusted in an upcoming release of Chrome. Once distrusted, users will be prevented from loading this resource. See for more information.   Source: Checking the article, I see some disturbing news:   Information For Site Operators Starting with Chrome 66, Chrome will remove trust in Symantec-issued certificates issued prior to June 1, 2016. Chrome 66 is currently scheduled to be released…

No Picture

When security software gets bundled in the wrong way

  After installing Adobe Shockwave Player from here I am presented with this offer. I don’t want to use Norton, so I unselect the checkbox. I actually read the text, well, most of it – the part which is visible, as you can see below. By clicking on the only button visible, I agree with the Norton License and I receive the software from Symantec. So, where the hack is the Cancel button? I unselected the checkbox and pressed Alt-F4 and apparently I didn’t get any Symantec software on my computer. I thought that such practices can by found only at…

No Picture

A closer analysis of DE-Cleaner from Symantec

I was curious about how the DE-Cleaner of Symantec works, so I downloaded the software and give it a closer look. I did not dissemble it or anything similar… I simply performed a little black box testing. So, I started it without any internet connection. The result was: no scanning was possible. DE-Cleaner requires an Internet connection. This is an indication that the software is an in-the-cloud scanner. After seeing this, I searched on the website more details. And I found them… yes, indeed the Symantec De-Cleaner needs an Internet connection. This is why the file has the size…

No Picture

Sometimes it is good to know the Romanian language

Just stumbled upon this blog post from Symantec where an absolutely normal spam process is described. Unfortunately for the author who clearly doesn’t understand Romania, he copied/pasted all headers, even those which he doesn’t understand. So, he copied all kind of bad words, things which you usually wouldn’t publish in a serious blog. I will not publish them here because this is my blog and I respect my readers, especially in this case, the Romanian readers. I let you alone read the funny post 🙂 Have fun !

No Picture

Viruses and Digital Signatures

Very interesting stuff: Although the files are signed, they are signed using an unauthenticated CA (Certificate Authority) which is masquerading as Verisign. A CA is a trusted third party that issues and signs the certificate and vouches for the authenticity of the file. Each CA should be registered and therefore recognized globally as a trusted signer. The signature on the certificate is verified by the signer’s public key.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.