Companies (in this case Blue Coat Systems, a web security firm which has an intermediate CA signed by Symantec last year) could use its CA to view your web traffic and decrypt it anywhere -- not just on specific networks. "Man in the middle" attacks (MiTM) could mean anyone with a intermediate CA could take whatever you throw into the web (as you assume a site was secure), and secretly relay and even tweak communications between you and said site.

BlueCoat now has a CA signed by Symantec https://t.co/8OXmtpT6eX



Here's how to untrust it https://t.co/NDlbqKqqld pic.twitter.com/mBD68nrVsD — Filippo Valsorda (@FiloSottile) May 26, 2016





Filippo Valsorda, from the CloudFlare Security Team, notes that thousands have been logged already, and picked up an intermediate CA to explain how to untrust these types of CA explicitly. There's instructions for both Mac OS and Windows. The problem remains, that while it would stop that intermediate CA, it won't stop the root CA from making a new intermediate to the same organization.