No root for you! Google slams door on Symantec certs

Soup Nazi

Google being ‘alarmist’ claims Symantec

dating gävle The four-month row between Google and Symantec over SSL certificate issuing has just gone nuclear, with the Chocolate Factory making good on its threats and beginning a blockade.

single ukrainian ladies “Over the course of the coming weeks, Google will be moving to distrust the ‘Class 3 Public Primary CA’ root certificate operated by Symantec Corporation, across Chrome, Android, and Google products,” said Google software engineer Ryan Sleevi.

dating questions yahoo “Symantec has decided that this root will no longer comply with the CA/Browser Forum’s Baseline Requirements. As these requirements reflect industry best practice and are the foundation for publicly trusted certificates, the failure to comply with these represents an unacceptable risk to users of Google products.”

chat adults free Sleevi said that Symantec had informed Google that the root certificate would be used for purposes other than for publicly trusted connections, but isn’t saying what else they might be used for. As a result, it’s on Google’s naughty list.

“Symantec has indicated that they do not believe their customers, who are the operators of secure websites, will be affected by this removal,” Sleevi said. “Further, Symantec has also indicated that, to the best of their knowledge, they do not believe customers who attempt to access sites secured with Symantec certificates will be affected by this.”

Read More by Iain Thomson

Pause Patch Tuesday downloads, buggy code can kill Outlook

MS15-115 is one to miss

Microsoft patch

The man söker par i Luleå El Reg inbox has been flooded with reports of a serious cock-up by Microsoft’s patching squad, with one of Tuesday’s fixes causing killer problems for Outlook.

“We are looking into reports from some customers who are experiencing difficulties with Outlook after installing Windows KB 3097877. An immediate review is under way,” a Microsoft spokesperson told us.

The problem is with software in one of the four critical patches issued in yesterday’s Patch Tuesday bundleMS15-115. This was supposed to fix a flaw in the way Windows handles fonts, but has had some unexpected side effects for some Outlook users.

“Today I’ve deployed latest Outlook patch to all of my clients, and now Outlook is crashing every 10 minutes and then restarting itself. I tried on fresh Win10, no AV with latest patches applied and here we go, Outlook crashing there too,” complained one TechNet user.

“Come on guys, do you EVER do proper QA before releasing anything Office 2013 related? This is the worst version of Outlook ever. Sorry for negative attitude but this is how things are.”

The break point appears to come not when an email that contains certain fonts is opened, but when it’s scrolled through. Outlook 2010 and 2007 seem affected, but the issue is reportedly fixed when the patch is uninstalled.

Read More by Iain Thomson

Chinese mobe market suffers pre-pwned Android pandemic

android_toys_648

Amazingly, it might not even be the Chinese government causing it

Security researchers have discovered more examples of pre-installed malware on Android smartphones.

G DATA found that more than two dozen phones from different manufacturers were already compromised straight out of the box.

Kit from manufacturers including Huawei, Lenovo and Xiaomi have pre-installed espionage functions in the firmware. G DATA suspects that middlemen modified the device software to steal user data and inject their own advertising to earn money.

Other possibilities include unintentional infection through compromised dehttp://www.amlltd.co.uk/wp-admin/post-new.phpvices in the supply chain (a problem which affected Vodafone Spain back in 2010) or intentional interference by government spies. Many of the models implicated in the malfeasance sell well in China.

The pre-pwned device issue has become a perennial problem for privacy-conscious smartphone users. Sticking to the Play Store, avoiding dodgy websites and following common-sense security precautions are no help in such cases.

Read More by John Leyden

Social Widgets powered by AB-WebLog.com.