Verisign deep-hacked. For months.

Jay_Ashworth · February 2, 2012, 10:38pm

Oh, my.

http://finance.yahoo.com/news/Key-Internet-operator-rb-2857339070.html

Cheers,
-- jra

Zaid_A_Kahn · February 2, 2012, 11:30pm

I love this

VeriSign said its executives "do not believe these attacks breached the
servers that support our Domain Name System network,"

"Oh my God," said Stewart Baker, former assistant secretary of the
Department of Homeland Security and before that the top lawyer at the
National Security Agency. "That could allow people to imitate almost any
company on the Net."

Sounds like another opportunity for <insert congress person> to propose
SOPA-2

Zaid

Suresh_Ramasubramani · February 3, 2012, 12:26am

So what part of VRSN got broken into? They do a lot more than just DNS.

Jeff_S_Wheeler1 · February 3, 2012, 12:34am

Indeed, VeriSign owns Illuminet, who are mission-critical for POTS.
Illuminet is also in the business of recording telephone calls, SMS
messages, etc. for law enforcement.

That means that a "breach" at "VeriSign" could be nothing, or it could
give bad guys access to a lot more than any breach or leak reported to
date. Who knows?

Zaid_A_Kahn · February 3, 2012, 12:42am

That part is ambiguous at the moment since Verisign has not released
details. Symantec has bought the SSL part of the business and claim that
the SSL acquired network is not compromised. Sounds like lots of
assumptions being drawn.

Zaid

John_L · February 3, 2012, 1:56am

See my new blog entry:

World notices that Verisign said three months ago that they had a
security breach two years ago

http://jl.ly/2012/02/02#vrsnbreach

R's,
John

Bandy_Rush1 · February 3, 2012, 2:00am

i thought news was only supposed to be at eleven

Jay_Ashworth · February 3, 2012, 3:31pm

"Illuminet"?

Shea and Wilson would be proud.

Cheers,
-- jr 'and somewhere, an evil geek is dry-washing his hands' a

Rubens_Kuhl · February 3, 2012, 4:40pm

Wasn't this division acquired by TNS ?
http://www.bizjournals.com/washington/stories/2009/05/04/daily5.html

Rubens

steve_pirk_egrep · February 6, 2012, 6:55am

I am thinking it is related to the Chinese hacking of Gmail accounts in the
fall of 2010. Symantic acquired the SSL business in August 2010. The
hacking could have been in the spring for all we know. Google uses Thwate
as it's CA, but Thwate has "Builtin Object Token: Verisign Class 3 Public
Primary Certificate Authority" as it's root.

Seems to me part of the problem was traced back to browsers not checking
revoked certs via the browser CRLs. Didn't some in the chain have revoked
certs still installed?