Symantec Will Acquire Controversial Surveillance Firm Blue Coat Systems For $4.65 Billion

Reader LichtSpektren writes: Symantec will acquire Blue Coat for approximately $4.65 billion in cash, the security firm announced on Monday. The transaction has been approved by the boards of directors of both companies and is expected to close in the third calendar quarter of 2016. Greg Clark, CEO of Blue Coat, will be appointed CEO of Symantec and join the Symantec Board upon closing of the transaction.If Blue Coat name sounds familiar to you, it is because this controversial surveillance firm was recently in the news for receiving a grant for a powerful encryption certificate by its now-parent company Symantec.

Re:/. EDITORS HATE GAY PEOPLE

[Luthair]

Precisely what was the technology angle? This isn't a general news site, GTFO

Re:How To Untrust the Blue Coat CA Cert

[fuzzyfuzzyfungus]

In theory the legitimate users of these sorts of MiTM boxes aren't supposed to need an actual intermediate CA cert because they are only MiTMing devices that they administer, so they simply use their own internal trusted cert and configure their devices to trust it.

That's why Bluecoat being handed a fully loaded Verisign intermediate CA cert is so disturbing; and Symantec's unwillingness to do anything but bullshit about it so disturbing.

MiTM-ing SSL traffic is one thing if it is from devices you have legitimate administrative access to; but when you have legitimate administrative access it's trivial to configure the clients to trust your certificate so you don't need anything special. The only reason you'd need a Verisign intermediate CA is if you want to be able to hit the vast majority of clients as configured out-of-the-box, without your certs pushed by group policy or whatever. Nobody involved seems to have a remotely good explanation of why Bluecoat has one; or what legitimate purposes it could possibly serve that couldn't be served by a vastly less dangerous toy.