AnsweredAssumed Answered

Insecure Symantec Certificates

Question asked by Robert Dell'Immagine Employee on Jan 26, 2018
Latest reply on Mar 15, 2018 by Keith Shaw

Hello, I'm posting this on behalf of a community member:

 

With the failure in integrity and trustworthiness of Symantec, and how *all* of their security certificates are now easily subject to "hacking" (for want of better word) it is My understanding that their certificates and any
site that uses them ought not be trusted in any way until such time as they are replaced.

 

I am finding site after site still sitting with the same insecure symantec certificate, as if nothing were amiss, as if hoping no one would notice,...

 

Well, *I* notice, and my reticence in trusting these seemingly lazy organizations is quite pronounced.

 

And when addressing these sites' administration, I am greeted with the cavalier attitude of "oh,. we will replace it whenever it expires,..."

 

What can one do? with such blatant disregard for user's safety? Symantec's certs can NOT be trusted. so why continue to use them!?

 

I am sorry, my understanding of this rather complex topic leaves much to be desired, hence my attempts to reach out to those more learned then I to help with my understanding,...

 

But this leaves the gaping question, with all the currently insecure symantec certificates being used, what is a website visitor supposed to do when they see an old cert? Google's Chrome errors notwithstanding.

 

And are said errors going to inform the netizen of what the error really means? Can transactions with x, y, or z site really be trusted when insecure certs are known to be used?

Outcomes