Symantec employees fired for issuing rogue HTTPS certificate for Google
Symantec has fired an undisclosed number of employees after they were caught issuing unauthorized cryptographic certificates that made it possible to impersonate HTTPS-protected Google webpages.
“We learned on Wednesday that a small number of test certificates were inappropriately issued internally this week for three domains during product testing,” Symantec officials wrote in a blog post published Friday. “All of these test certificates and keys were always within our control and were immediately revoked when we discovered the issue. There was no direct impact to any of the domains and never any danger to the Internet.”
The post went on to say that the unnamed employees were terminated for failing to follow Symantec policies. Symantec officials didn’t identify the three domains the test certificates covered, but in a separate blog post, Google researchers said Symantec’s Thawte-branded certificate authority service issued an Extended Validation pre-certificate for the domains google.com and www.google.com.