Slashdot Mirror
Google Details Plan To Distrust Symantec Certificates (tomshardware.com)
After deciding to distrust Symantec's certificates in March, Google has decided to release a more detailed plan for how that process will go. Tom's Hardware reports: Starting with Chrome 66 (we're now at version 61), the browser will remove trust in Symantec-issued certificates issued prior to June 1, 2016. Website operators that use Symantec certificates issued before that date should be looking to replace their certificates by April 2018, when Chrome 66 is expected to come out. Starting with Chrome 62 (next version), the built-in DevTools will also warn operators of Symantec certificates that will be distrusted in Chrome 66. After December 1, the new infrastructure managed by DigiCert will go into effect, and any new certificates issued by the old Symantec infrastructure will no longer be valid in Chrome. By November 2018, Chrome 70 will come out and will completely remove trust in all Symantec certificates that have ever been issued. Website operators can replace their old Symantec certificates with certificates from DigiCert from December 1 or from any other CA trusted by Google's Chrome browser.
Seriously getting tired of this company
I think it's about high time we actively start working around Google.
Sure they used to be cool, like 20 years ago. Now they're just a powerhungy privacy eating machine and very far from doing "no evil"; they need to go.
Seeing browser hijack and concluding your machine was pwned isn't unreasonable. Injection by ISP is such sacrilege that it isn't something most techies would check as the first step.
You called Arris? Arris doesn't do MITM, they do hardware. Your ISP does MITM. Time Warner (now Spectrum), Cox, Xfinity, or whatever, is your ISP. That's who you call. Also, Arris is in bed with McAfee, not Symantec. Are you using your ISPs DNS servers on your router? STOP DOING THAT IMMEDIATELY! Use OpenDNS, or Comodo, or Level3, or anything else! If you still see anything off, use a VPN.