Internet security is one of the major concerns among the techies. The tech giant Google has shown this by rebuking the Symantec cryptographic certificates. The Google Chrome developers say the biggest suppliers of HTTPs credentials has mis-issued over 30,000 certificates. Therefore, bringing into immediate effect, Chrome has stopped recognizing the Symantec-owned certificates authorities. Hence, the “extended validation” status of all certificates issued by the company has stopped. On the other hand, at least for the span of a year, these certificates will fall under the category of less-secure domain-validated certificates. Hence, owning the downgraded validation.
Restrict The Corrupt Cryptographic Certificates
The Certificate Authorities can spot the corrupt cryptographic certificates. The bad certificates are harmful and a threat to internet security. These are responsible for spoofing the financial transactions and allowing the malicious software update. Therefore, the security researchers were keeping an eye on certificate authorities. The issuing of fraudulent certificates is a great risk to the internet users. Hence, the Chrome developers have announced they will restrict the transport layer security certs issued by Symantec.
Further, the Google has braced itself and planning to release the Chrome update that will effectively nullify the current valid certificates of the IT giant Symantec-owned certs. Presently, the Symantec represents more than 30% valid internet certificates. But, the mass nullification, will reduce the chance of disruption. While executing the action plan Google will decrease the maximum age of the certificates issued by the Symantec. In the process, Google has decided to limit the certs expiration to not more than 33 months for Chrome 59 and 9 months’ validation for Chrome 64, simultaneously.
Role of Certificate Authorities
Certificate Authorities are responsible for enabling encrypted web connections, e.g. HTTPS connections, which are used in banking, government, etc. The HTTPS page helps in the authentication of a website owner’s identity. For example, when you log in your net banking, you look for the HTTPS in the web address bar. Without this you cannot be sure if the site on the other end of the HTTPS connection is really your bank.
Chrome’s Root Certificate Policy
Google has its Chrome’s Root Certificate Policy. The policy underlines the certificate authorities’ responsibilities. It includes the validation of domain control for server certificates, to conduct audit logs for the evidence of the issuance of unauthorized certs, and protecting the infrastructure to delimit them from issuing fraudulent certs.
Google Accuses Symantec for Behaving Irresponsibly
However, Google claims that Symantec was unable to adhere to these rules. It has created a risk for the Chrome users by allowing the access to the four parties to its infrastructure to issue the certificate. This is the failure of the IT giant, as they were unable to abide by the careful standard. In the meantime, Symantec miserably failed to provide the timely update to the community for the same. Therefore, the issue was questioned to the company, to which, it has further proposed the remediation steps.
Use VPNs for Better Internet Security
Ensuring that you visit HTTPS encoded sites can help you secure the information that you trade with a site. However, it won’t prevent your Internet Service Provider (ISP) from knowing your browsing activities. This kind of circumstance calls for more stringent measures like VPNs — Virtual Private Networks. VPN servers ensure internet security through data encryption, it also helps you bypass censorship. Le VPN offers enhanced internet security through its best encryption standards. Le VPN uses the Advanced Encryption Standard, AES-256, to make sure the user data is secure.
Subscribe to Le VPN today, before it´s too late!
CYBERSECURITY MONTH SPECIAL
Get Le VPN 2-year plan for $69.60 or $2.90/month