Warning: Looming Google Chrome HTTPS certificate apocalypse!
Your Feed is from https://www.safeharboroncyber.com/Blog/
CyberWisdom Safe Harbor Commentary on HTTPS Certificate Credentials
Today I came across this story from theregister.co.uk that sheds light on thousands of sites will be found to be marked as unsafe unless they have exchanged their HTTPS certificate credentials within the next two months.
Since Google decided in September to stop trusting SSL/TLS certificates from Symantec, beginning in mid-April, Chrome browser users will be using security agencies issued before June 1, 2016 or after December 1, 2017 Certificates issued Visit websites Their connections are not private and someone may try to steal their information. They will have to click past warnings to reach the site.
Chrome will release its version 66 on April 17 – a version that will be publicly available on April 17 – and the problem will get worse after the 70 version is released on October 23, and all Symantec certifications will be Listed as untrustworthy.
Of course, not everybody uses Chrome, and not everyone will immediately upgrade to the latest version, but for those websites that do not get a new HTTPS certificate from other agencies, it quickly becomes a headache.
The question is: how big is a headache?
Early versions of Chrome beta testers have warned they will keep browsing websites with untrusted certificates and see dangerous information. Fortunately, one experienced the hassle of running the script so much that it got ugly things.
According to his blog, Arkadiy Tetelman, a security engineer working on Airbnb at Airbnb, decided to conduct a test where he took the certificate information from one million of the largest websites on the Internet and tested it against Alexa-rated traffic, break in.
The script, which took 11 hours to run, showed some very interesting results: out of 1 million websites, only 11,510 will enter TITSUP in April and 91,627 on the cutting board in October.This issue does not raise the disturbing fact that Google has basically declared the entire company’s certificate issuance business as no longer accepting Symantec certificates, thereby invalidating the company’s certificate issuance business. This is a terrible power to have.
But on the other hand, if Symantec does not mistakenly publish SSL/TLS certificates (including, unfortunately, google.com’s certificate), it will not screw it up and sabotage trust in its products. Not a clever move.
If you are an organization purely for ensuring that people can trust you then you should expect some consequences if you can not trust you. Certainly not very happy Symantec, and in a blog post on it uses a series of angry words: irresponsible, exaggerated and misleading words.
It claimed that only 127 certificates were issued incorrectly instead of the previous 30,000 copies. But here we are. A few months after the blog post was posted, Google declined to approve Symantec for its part to sell the certificate business to DigiCert.
Do not say you are not warned.
Read More…
Well, melee. Dust-up? Minor inconvenience? But it’s coming!! Tens of thousands of websites are going to find themselves labeled as unsafe unless they switch out their HTTPS certificate in the next two months. Engaging post, Read More…
thumbnail courtesy of theregister.co.uk
If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post
The post Warning: Looming Google Chrome HTTPS certificate apocalypse! appeared first on Safe Harbor on Cyber.
Powered by WPeMatico
convert this post to pdf.