On Thu, Feb 2, 2012 at 20:15, Jeffrey Walton <[email protected]> wrote:
> On Thu, Feb 2, 2012 at 11:10 PM, Kyle Creyts <[email protected]> > wrote: > > "Management was informed of the incident in September 2011" pg 33, sect 2 > As I said: Alarming. > > Further, there is no mention of risk potential for the SSL business > whatsoever, despite numerous mentions of risk factors for the Registry > Services business, not related to this attack. I was born at night, but not last night. Well, Verisign did offload the SSL business to Symantec in August 2010, so that makes me think something happened. That was also around the time the Chinese (theoretically) hacked all those gmail accounts. I think it was later discovered that some sites had not processed CRLs correctly and still had old revoked certs for companies like Google. I am not saying any of the above is/was probable, but it sure is coincidental. If I find any incorrect statements above, I will fix them. I need to do some searching. -- steve pirk yensid "father... the sleeper has awakened..." paul atreides - dune
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
