VeriSign 2010 Hack: DNS Data Theft A Possibility

[InfoSec News <alerts () infosecnews org>]

http://www.informationweek.com/news/security/attacks/232600151

By Mathew J. Schwartz
InformationWeek
February 02, 2012

Several successful hacks of VeriSign's network, in 2010, might have 
compromised critical information relating to the Internet's domain name 
system (DNS).

According to information released by VeriSign in October 2011, "we have 
investigated and do not believe these attacks breached the servers that 
support our domain name system network." But the company didn't rule out 
that information relating to the DNS network wasn't stolen in the 
attacks, which occurred before some assets of the company were acquired 
by Symantec in 2010.

VeriSign helps manage the DNS--which enables IP addresses to be mapped 
to textual website names--as well as the ".com" top-level domain. But 
the company also provides user authentication services, offers website 
security services, conducts cybercrime research, and signs code, to 
authenticate updates from such software vendors as Microsoft and Adobe, 
as well as for Java.

Thursday, however, Symantec said that the attackers definitely hadn't 
accessed certain critical systems. "The Trust Services (SSL), User 
Authentication (VIP), and other production systems acquired by Symantec 
were not compromised by the corporate network security breach mentioned 
in the VeriSign Inc. quarterly filing," spokeswoman Nicole Kenyon said 
via email. "Symantec takes the security and proper functionality of its 
solutions very seriously."

[...]


_____________________________________________________
Did a friend send you this article? Make it your
New Year's Resolution to subscribe to InfoSec News!
http://www.infosecnews.org/mailman/listinfo/isn