After weeks of discussions, Mozilla and Microsoft have removed trust for TrustCor Systems' certificates and removed the company from their respective root certificate stores.

The decisions follow an investigate report from The Washington Post earlier this month that showed TrustCor's apparent connections to spyware vendor Packet Forensics as well as other companies with ties to the U.S. intelligence community. Rachel McPherson, TrustCor's vice president of operations, responded angrily in an open letter, claiming the article was driven by biased security researchers and "filled with ridiculous, false claims and out-of-context statements."

However, after reviewing evidence against TrustCor, Mozilla and Microsoft decided to revoke trust for the root certificate authority (CA), which will make TrustCor's certificates unusable for FireFox and Edge web browsers as well as other products.

"Our assessment is that the concerns about TrustCor have been substantiated and the risks of TrustCor's continued membership in Mozilla's Root Program outweighs the benefits to end users," Kathleen Wilson, program manager with Mozilla, said Wednesday in the organization's CA discussion group.

"Certificate authorities have highly trusted roles in the internet ecosystem and it is unacceptable for a CA to be closely tied, through ownership and operation, to a company engaged in the distribution of malware. Trustcor's responses via their vice president of CA operations further substantiates the...

Read Full Story: https://news.google.com/__i/rss/rd/articles/CBMidmh0dHBzOi8vd3d3LnRlY2h0YXJnZ...