A Google representative announced today plans to ban root certificates owned by an UAE-based company accused of selling surveillance tools and hacking services. See also 10 dangerous app vulnerabilities to watch out for (free PDF) The ban will apply to Chrome and Android. Once the ban enters into effect, HTTPS connections that have been encrypted and signed by TLS certificates sold or issued by DarkMatter will show security-related errors in the Chrome browser and Android applications. Mozilla banned DarkMatter certs two weeks ago Google’s decision was announced after DarkMatter applied to become an approved certificate authority (CA) and have its root certificate included in major browsers last year. Mozilla declined DarkMatter’s request at the start of the month, citing fears that DarkMatter might abuse its inclusion in the Firefox certificate store (a certificate whitelist) to issue certificates to threat actors that may use them to snoop on users’ HTTPS traffic. At the time, privacy advocates hailed Mozilla’s decision because the organization’s root certificate whitelist was also being used on some Linux distros, and not just Firefox. Google follows suite Today, Devon O’Brien, an engineer with the Chrome Security team, echoed Mozilla’s decision. O’Brien said Google will decline to include DarkMatter root certificates inside Chrome and Android. Additionally, Google will also ban six intermediate certificates issued by QuoVadis, which DarkMatter was using as a temporary mechanism to issue TLS certificates to its current customers while the company was waiting for approval from Mozilla and Google. “We anticipate these changes will be… [Read full story]
ZDNet is a business technology news website published by CBS Interactive, along with TechRepublic. The brand was founded on April 1, 1991, as a general interest technology portal from Ziff Davis and evolved into an enterprise IT-focused online publication owned by CNET Networks.