Embattled TLS certificate provider Symantec has been caught out by security researcher Hanno Böck incorrectly revoking certificates based on forged private keys. According to a blog post written by Böck, he registered a pair of domains, received free TLS certificates from Symantec and Comodo, and created a set of fake private keys uploaded to Pastebin for each domain to send to the appropriate certificate provider, along with a request to revoke the certificate because its private key was publicly viewable.
Read full news article on ZDNet