Verisign deep-hacked. For months.
Oh, my. http://finance.yahoo.com/news/Key-Internet-operator-rb-2857339070.html Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
I love this VeriSign said its executives "do not believe these attacks breached the servers that support our Domain Name System network," "Oh my God," said Stewart Baker, former assistant secretary of the Department of Homeland Security and before that the top lawyer at the National Security Agency. "That could allow people to imitate almost any company on the Net." Sounds like another opportunity for <insert congress person> to propose SOPA-2 Zaid On 2/2/12 2:38 PM, "Jay Ashworth" <jra@baylink.com> wrote:
Oh, my.
http://finance.yahoo.com/news/Key-Internet-operator-rb-2857339070.html
Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
So what part of VRSN got broken into? They do a lot more than just DNS. On Fri, Feb 3, 2012 at 5:00 AM, Zaid Ali <zaid@zaidali.com> wrote:
VeriSign said its executives "do not believe these attacks breached the servers that support our Domain Name System network,"
"Oh my God," said Stewart Baker, former assistant secretary of the Department of Homeland Security and before that the top lawyer at the National Security Agency. "That could allow people to imitate almost any company on the Net."
-- Suresh Ramasubramanian (ops.lists@gmail.com)
On Thu, Feb 2, 2012 at 7:26 PM, Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
So what part of VRSN got broken into? They do a lot more than just DNS.
Indeed, VeriSign owns Illuminet, who are mission-critical for POTS. Illuminet is also in the business of recording telephone calls, SMS messages, etc. for law enforcement. That means that a "breach" at "VeriSign" could be nothing, or it could give bad guys access to a lot more than any breach or leak reported to date. Who knows? -- Jeff S Wheeler <jsw@inconcepts.biz> Sr Network Operator / Innovative Network Concepts
----- Original Message -----
From: "Jeff Wheeler" <jsw@inconcepts.biz>
On Thu, Feb 2, 2012 at 7:26 PM, Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
So what part of VRSN got broken into? They do a lot more than just DNS.
Indeed, VeriSign owns Illuminet, who are mission-critical for POTS. Illuminet is also in the business of recording telephone calls, SMS messages, etc. for law enforcement.
"Illuminet"? Shea and Wilson would be proud. Cheers, -- jr 'and somewhere, an evil geek is dry-washing his hands' a -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
On Thu, Feb 2, 2012 at 10:34 PM, Jeff Wheeler <jsw@inconcepts.biz> wrote:
On Thu, Feb 2, 2012 at 7:26 PM, Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
So what part of VRSN got broken into? They do a lot more than just DNS.
Indeed, VeriSign owns Illuminet, who are mission-critical for POTS. Illuminet is also in the business of recording telephone calls, SMS messages, etc. for law enforcement.
Wasn't this division acquired by TNS ? http://www.bizjournals.com/washington/stories/2009/05/04/daily5.html Rubens
That part is ambiguous at the moment since Verisign has not released details. Symantec has bought the SSL part of the business and claim that the SSL acquired network is not compromised. Sounds like lots of assumptions being drawn. Zaid On 2/2/12 4:26 PM, "Suresh Ramasubramanian" <ops.lists@gmail.com> wrote:
So what part of VRSN got broken into? They do a lot more than just DNS.
On Fri, Feb 3, 2012 at 5:00 AM, Zaid Ali <zaid@zaidali.com> wrote:
VeriSign said its executives "do not believe these attacks breached the servers that support our Domain Name System network,"
"Oh my God," said Stewart Baker, former assistant secretary of the Department of Homeland Security and before that the top lawyer at the National Security Agency. "That could allow people to imitate almost any company on the Net."
-- Suresh Ramasubramanian (ops.lists@gmail.com)
On Thu, Feb 2, 2012 at 16:42, Zaid Ali <zaid@zaidali.com> wrote:
That part is ambiguous at the moment since Verisign has not released details. Symantec has bought the SSL part of the business and claim that the SSL acquired network is not compromised. Sounds like lots of assumptions being drawn.
Zaid
I am thinking it is related to the Chinese hacking of Gmail accounts in the fall of 2010. Symantic acquired the SSL business in August 2010. The hacking could have been in the spring for all we know. Google uses Thwate as it's CA, but Thwate has "Builtin Object Token: Verisign Class 3 Public Primary Certificate Authority" as it's root. Seems to me part of the problem was traced back to browsers not checking revoked certs via the browser CRLs. Didn't some in the chain have revoked certs still installed? -- steve pirk yensid "father... the sleeper has awakened..." paul atreides - dune Google+ pirk.com
See my new blog entry: World notices that Verisign said three months ago that they had a security breach two years ago http://jl.ly/2012/02/02#vrsnbreach R's, John
participants (8)
-
Jay Ashworth
-
Jeff Wheeler
-
John Levine
-
Randy Bush
-
Rubens Kuhl
-
steve pirk [egrep]
-
Suresh Ramasubramanian
-
Zaid Ali