Let me help stop panic spreading by rewriting that in a more accurate
and less click-baity fashion:
In over two months time, Chrome will start to show warnings for the
tiny fraction of websites who have not not updated their certificates.
Last month, someone tested 1 million websites, of which just over 1%
were found to still be using the Symantec certificates.
Today, 13th Feb, I tested 10 of the sites on that "fail" list from
Tesla to Brita and they had all updated their certs.
Finally, major inaccuracy in the article:
"When a website operator wants to run a secure site, they first have
to buy a certificate from a well-known provider".
Not true either; free, trusted certificates are available from
LetsEncrypt and Cloudflare.
In other words - don't panic!
On 13 February 2018 at 10:49, Ismail Saloo <dmarc-noreply@xxxxxxxxxxxxx> wrote:
Thought this would be of interest to users using google crome
If you use Google Chrome as your web browser, in the next few weeks you’re
going to find that a lot of websites stop working for you.
Instead of seeing the site you want, you’ll see a message telling you
that there’s a problem with the site’s security certificate.
These certificates are used by websites for two reasons: they allow
your browser to encrypt the data that is flowing between your computer and
the web server (the things you enter on a form, for example), and they allow
your browser to confirm that the web server belongs to the people it’s
supposed to.
When a website operator wants to run a secure site, they first have to
buy a certificate from a well-known provider.
All browsers have a list of these providers, and can use encryption
technology to verify whether a certificate has come from one of those
providers.
The system has worked well, but now Google have decided to stop
recognising certificates issued by security company Symantec. This doesn’t
just affect Symantec though, it affects all companies that issue certificates
based on Symantec’s so-called root certificate.
More seriously, it affects all websites that use a certificate issued
by one of these companies, and means you’ll see the security warning when you
visit.
This doesn’t mean that the site is insecure, just that Google has
decided to stop trusting the certificate.
The reason for this is due to the way that Symantec have issued invalid
certificates, potentially giving hackers access to a certificate for the
Google.com domain in one case.
But just because Symantec have not been very careful with their
certificates, a lot of legitimate website operators are going to suffer.
Unless those website operators manage to get hold of replacement
certificates soon, users will not be able to access their sites in Chrome.
So, if you use Chrome and you come across a message telling you that
there’s a problem with a site’s certificate, try visiting the site in Firefox
or Edge until the problem gets sorted by the website operators.
Yours Sincerely,
Stefan Zasada,
Editor-in-Chief, Windows Secrets
** To leave the list, click on the immediately-following link:-
** [mailto:jaws-uk-request@xxxxxxxxxxxxx?subject=unsubscribe]
** If this link doesn't work then send a message to:
** jaws-uk-request@xxxxxxxxxxxxx
** and in the Subject line type
** unsubscribe
** For other list commands such as vacation mode, click on the
** immediately-following link:-
** [mailto:jaws-uk-request@xxxxxxxxxxxxx?subject=faq]
** or send a message, to
** jaws-uk-request@xxxxxxxxxxxxx with the Subject:- faq