On Thu, Feb 2, 2012 at 11:10 PM, Kyle Creyts <[email protected]> wrote: > "Management was informed of the incident in September 2011" pg 33, sect 2 As I said: Alarming.
> Further, there is no mention of risk potential for the SSL business > whatsoever, despite numerous mentions of risk factors for the Registry > Services business, not related to this attack. I was born at night, but not last night. > While nothing is "safe" to assume, I would say that suggesting that > this description of the incident describes an attack on tangential, > unmentioned businesses operated by the same organization may be a bit > of a reach. Pure science fiction, I'm sure. Jeff > On Thu, Feb 2, 2012 at 10:42 PM, Jeffrey Walton <[email protected]> wrote: >> On Thu, Feb 2, 2012 at 10:37 PM, Kyle Creyts <[email protected]> wrote: >>> This is at least a year and a half old. Please, don't republish "news" >>> that should have never been reprinted. I'm not sure who would have >>> allowed this tripe to be syndicated... >> Actually, it was just released in Verisign's 10-Q >> (https://investor.verisign.com/secfiling.cfm?filingID=1193125-11-285850&CIK=1014473). >> Otherwise, without the SEC changes, it probably never would have seen >> the light of day. >> >> And this is alarming: "Ken Silva, who was VeriSign's chief technology >> officer for three years until November 2010, said he had not learned >> of the intrusion until contacted by Reuters. Given the time elapsed >> since the attack and the vague language in the SEC filing, he said >> VeriSign "probably can't draw an accurate assessment" of the damage." >> >> Remember, this company runs a CA. I can't wait to see aggregate data >> on CA breaches next year (its being collected now by EFF, et al). >> >> Jeff >> >>> On Thu, Feb 2, 2012 at 2:49 PM, Jeffrey Walton <[email protected]> wrote: >>>> http://www.reuters.com/article/2012/02/02/us-hacking-verisign-idUSTRE8110Z820120202 >>>> http://www.msnbc.msn.com/id/46238729/ns/technology_and_science-security/ >>>> >>>> (Reuters) - VeriSign Inc, the company in charge of delivering people >>>> safely to more than half the world's websites, has been hacked >>>> repeatedly by outsiders who stole undisclosed information from the >>>> leading Internet infrastructure company. >>>> >>>> The previously unreported breaches occurred in 2010 at the Reston, >>>> Virginia-based company, which is ultimately responsible for the >>>> integrity of Web addresses ending in .com, .net and .gov. >>>> ... >>>> >>>> The VeriSign attacks were revealed in a quarterly U.S. Securities and >>>> Exchange Commission filing in October that followed new guidelines on >>>> reporting security breaches to investors. It was the most striking >>>> disclosure to emerge in a review by Reuters of more than 2,000 >>>> documents mentioning breach risks since the SEC guidance was >>>> published. >>>> ... > > > > -- > Kyle Creyts > > Information Assurance Professional > BSidesDetroit Organizer _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
