Re: [Full-disclosure] Key Internet operator VeriSign hit by hackers [DNS]

["steve pirk [egrep]" <steve () pirk com>]

On Thu, Feb 2, 2012 at 20:15, Jeffrey Walton <noloader () gmail com> wrote:

> On Thu, Feb 2, 2012 at 11:10 PM, Kyle Creyts <kyle.creyts () gmail com>
> wrote:
> > "Management was informed of the incident in September 2011" pg 33, sect 2
> As I said: Alarming.

> Further, there is no mention of risk potential for the SSL business
> whatsoever, despite numerous mentions of risk factors for the Registry
> Services business, not related to this attack.
I was born at night, but not last night.

Well, Verisign did offload the SSL business to Symantec in August 2010, so
that makes me think something happened.
That was also around the time the Chinese (theoretically) hacked all those
gmail accounts. I think it was later discovered that some sites had not
processed CRLs correctly and still had old revoked certs for companies like
Google.

I am not saying any of the above is/was probable, but it sure is
coincidental.

If I find any incorrect statements above, I will fix them. I need to do
some searching.
-- 
steve pirk
yensid
"father... the sleeper has awakened..." paul atreides - dune

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.