Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Businesses Security The Internet IT

Symantec To Buy VeriSign's Authentication Business 97

Posted by timothy from the watch-that-basket-carefully dept.
"Security giant Symantec is taking another step toward global domination of the information security market with the purchase of VeriSign's authentication business. Back in April it purchased PGP Corporation and GuardianEdge. VeriSign is the best known Certificate Authority; they are virtually synonymous with certificates for SSL and PKI. It seems like this could dilute the trust value of their brand rather than enhance it. It is not clear yet what effects this will have on VeriSign customers but the cynic in me says it can't be good. In terms of putting all your eggs in one basket, this will sure make Symantec a juicy target for hackers (as if they weren't already). Imagine you could hack one company and control a large chunk of endpoint security software and the bulk of the Internet's public key infrastructure."
This discussion has been archived. No new comments can be posted.

Symantec To Buy VeriSign's Authentication Business More

Symantec To Buy VeriSign's Authentication Business

Comments Filter:

  • FP (Score:5, Insightful)

    by Obstin8 ( 827030 ) on Thursday May 20, 2010 @06:08PM (#32286226)
    Nothing good can come of this...

  • Better than hacking one company... (Score:3, Insightful)

    by Ryvar ( 122400 ) on Thursday May 20, 2010 @06:15PM (#32286312) Homepage

    instead, imagine you were a government official with no interest in civil rights and could quietly "persuade" one company and have access to the Root Certificate Authority...

  • Three models (Score:5, Insightful)

    by tepples ( 727027 ) <tepples.gmail@com> on Thursday May 20, 2010 @06:27PM (#32286448) Homepage Journal

    If security is the problem, certificates are basically never a good answer.

    How else should I be sure that I am communicating with the entity I think I am communicating with? I can think of three models: certificate authority, web of trust, and key continuity management. If you're referring to key continuity management, the approach used by SSH that makes sure that the key you're using matches the key you used last time, that doesn't work if you're behind an ISP that's all MITM all the time. (Yes, these exist in the wild; see bug 460374 at bugzilla.mozilla.org.) If you're referring to a web of trust based on the Bacon number of mutual face-to-face meetings at key signing parties between you and a company's CIO, that doesn't work for people who can't attend such parties in major-league cities.

  • the end is nigh (Score:3, Insightful)

    by bloodhawk ( 813939 ) on Thursday May 20, 2010 @06:49PM (#32286710)
    Fantastic, now when you install an SSL Cert your computer will slow to a crawl, to uninstall the cert will require a complete rebuilt/reimage.

  • Symantec, as the guardian of 'net security? (Score:3, Insightful)

    by ibsteve2u ( 1184603 ) on Thursday May 20, 2010 @06:54PM (#32286760)
    Might as well put your keyboard at the bottom of a six foot-deep vat of molasses...cold, cold molasses...and start training.

  • it's business (Score:3, Insightful)

    by fusiongyro ( 55524 ) <faxfreemosquito@@@yahoo...com> on Thursday May 20, 2010 @06:55PM (#32286780) Homepage

    This is called diversification. Anti-virus is their flagship product, but the "benefit of the benefit" as they say in marketing is the warm fuzzy feeling of being secure. Well, certificates make people feel secure the same way AV does, so it fits the brand, so they're going to sell them. It's a great investment for them, I'm sure they'll make money on this deal.

    All the time here on Slashdot I see people trying to read a technological message in a business decision or action. If you're puzzled or outraged by whatever Apple or Symantec or whoever are up to, just follow the dollar signs. This makes business sense and there's nothing more outrageous about Symantec selling certs than anyone else. Really. It's just business. There's no meaning here.

  • Symantec gives me headaches (Score:3, Insightful)

    by LoudMusic ( 199347 ) on Thursday May 20, 2010 @07:25PM (#32287094)

    The two Symantec products I use are the AV client / server line and Backup Exec. Both of which cause me nothing but trouble. This is going to be bad for everyone.

  • Re:Three models (Score:3, Insightful)

    by Peach Rings ( 1782482 ) on Thursday May 20, 2010 @07:33PM (#32287166) Homepage

    It does (to a ridiculous degree of security, but not perfectly of course) guarantee that you're communicating with someone that VeriSign says is the entity you think you're communicating with. If you trust VeriSign (and essentially the entire internet does by default) then you can be sure.

    Although Thawte is apparently a bit better, I've never had any reason to distrust VeriSign. But I definitely do not trust Symantec. Their "internet security suite" is what we in the biz like to call shitware.

  • Re:Three models (Score:1, Insightful)

    by Anonymous Coward on Thursday May 20, 2010 @08:05PM (#32287506)

    Try to implement https per spec. Make sure to have nothing sharp near you. Then you will understand.

  • Re:Three models (Score:3, Insightful)

    by icebraining ( 1313345 ) on Thursday May 20, 2010 @08:06PM (#32287514) Homepage

    That's all nice and dandy, but it's also completely unfeasible. The problem isn't "how can I communicate completely securely", it's "how can anyone using a computer communicate with another through the Internet in the most secure way possible?"

    HTTPS may flawed, but it's the best solution we got. Yours isn't a solution to the given problem.

Slashdot Top Deals

Living on Earth may be expensive, but it includes an annual free trip around the Sun.

Close