Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Businesses Security

Symantec Will Acquire Controversial Surveillance Firm Blue Coat Systems For $4.65 Billion (helpnetsecurity.com) 44

Reader LichtSpektren writes: Symantec will acquire Blue Coat for approximately $4.65 billion in cash, the security firm announced on Monday. The transaction has been approved by the boards of directors of both companies and is expected to close in the third calendar quarter of 2016. Greg Clark, CEO of Blue Coat, will be appointed CEO of Symantec and join the Symantec Board upon closing of the transaction.If Blue Coat name sounds familiar to you, it is because this controversial surveillance firm was recently in the news for receiving a grant for a powerful encryption certificate by its now-parent company Symantec.
This discussion has been archived. No new comments can be posted.

Symantec Will Acquire Controversial Surveillance Firm Blue Coat Systems For $4.65 Billion

Comments Filter:
  • by xxxJonBoyxxx ( 565205 ) on Monday June 13, 2016 @11:49AM (#52307999)
    >> Blue Coat (got) a powerful encryption certificate by its now-parent company Symantec...Symantec will acquire Blue Coat for approximately $4.65 billion in cash

    It sounds like Blue Coat also got naked pictures of Symantec's board of director's spouses and/or mistresses.
    • by fuzzyfuzzyfungus ( 1223518 ) on Monday June 13, 2016 @12:22PM (#52308299) Journal
      Symantec's PR bullshit is not reassuring: "“What the certificate does not give them the ability to do is issue public certificates to other organizations," Gideon said. "That's the big misunderstanding.” “This intermediate CA is for their private servers only,” she wrote."

      That's cute and all; except that the actual certificate contains no such restrictions whatsoever, and can be used to sign basically anything if the target trusts Verisign; and it's an 'internal testing' certificate that somehow needs to be valid until 2025...
      • This is spot-on.

        As a one-time employee of Blue Coat who holds a technical certification on their ProxySG line of products, I can confirm absolutely that these devices use these intermediate CA certs to generate on-demand certs for any destination that the device's owner allows on their network by policy.

        From the viewpoint of the user's browser, the remote server (Google or CNN or BankofAmerica) appears to be sending you a trusted certificate. You would have to open the security dialog and examine the
        • by Anonymous Coward

          As a one-time employee of Blue Coat who holds a technical certification on their ProxySG line of products, I can confirm absolutely that these devices use these intermediate CA certs to generate on-demand certs for any destination that the device's owner allows on their network by policy.

          Also a former BlueCoat employee here.

          While you are correct, that this cert can be used to create valid MitM certificates, this certificate will never be pushed out to customer boxes. They would never run the risk of a customer being able to get the private key, and then use it for whatever evil uses they have.

          They could use their CA to sign other intermediate CAs that they push out onto customer boxes, but that is just as dangerous as giving them their CA.

          What they are probably testing, is using t

          • If that's the case, then there is no reason not to untrust the cert, since it doesn't serve any purpose in the wild.

  • The only upside to all this is that Symantec has an astonishingly powerful ability to turn everything they acquire into utter shit. This doesn't make one of the world's major SSL CAs owning a sleazy SSL MiTM appliance vendor any less disturbing; but it at least means that the various malefactors using Bluecoat products to exploit us will have an incrementally more miserable time.

    Just more fuel on the "trusting 'trusted' CAs just doesn't cut it" fire.
    • The only upside to all this is that Symantec has an astonishingly powerful ability to turn everything they acquire into utter shit. This doesn't make one of the world's major SSL CAs owning a sleazy SSL MiTM appliance vendor any less disturbing; but it at least means that the various malefactors using Bluecoat products to exploit us will have an incrementally more miserable time. Just more fuel on the "trusting 'trusted' CAs just doesn't cut it" fire.

      Agreed. It would be nice if Google, Apple, Microsoft, and Mozilla agreed to blacklist Symantec-signed certificates from their browsers. Unfortunately they have billions of dollars to throw at legislators and judges, so it wouldn't make a difference in the long run.

    • that was my first thought too, but while it may be Symantec's money going into the deal, Symantec is getting Blue Coat's CEO as part of the deal.

  • Symantec is buying Blue Coat Systems. Avira Anti-Virus installs the MixPanel data harvester. What's going on with security companies nowadays?
    • Symantec is buying Blue Coat Systems. Avira Anti-Virus installs the MixPanel data harvester. What's going on with security companies nowadays?

      They're having the problem that they can't grow fast enough to please their shareholders/investors. The market for security products is finite, competitive and customers aren't willing to pay ever increasing amounts of cash for their products. So their management is pushed inexorably towards sources of revenue that might not be in the best interests of their customers. Of course Symantec has produced crap software for a long time now so them making bad decisions is nothing new. Removing their crapware i

  • Corporate use is inspection of traffic to detect security breaches, but Service Provider use is surveillance?

    Use of wildcard certs is one thing, but BlueCoat technology isn't designed for surveillance any more than network analysis tools are.

    • Yes, applying network surveillance tools to systems you own and administer and applying them to every hapless bastard who relies on your ISP are different things. It's not news that 'admin tools' and 'malice' have broad technical overlap; both are designed for easy and powerful control over a whole bunch of systems; but whether or not you are th legitimate admin is an obvious distinction between surveillance and security and 'remoteadministration' vs. remote access Trojan. Bluecoat's products certainly ca

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...