Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Privacy leak in VeriSign's SiteFinder service #2
From: Hugo van der Kooij <hvdkooij () vanderkooij org>
Date: Wed, 24 Sep 2003 21:26:14 +0200 (CEST)

On Wed, 24 Sep 2003, Mark Coleman wrote:

More naughty Verisign deeds...


This means that they can easily harvest the SOURCE email address field 
for marketing purposes (no typos there), and would have a strong 
educated guess of the correct domain of the mistyped TARGET.

Unfortunatly I found paper mail getting to me with an address that was 
only used by a Veri$ign company and the address in this format was not 
available through the WHOIS records. They sold my data without my consent.

That was the moment I decided to go to another register with my domain 
info. So I think ill intend is not just suspected but must be considered 
to be a real fact of life with Veri$ign

I for one have removed the Veri$ign root certificates and will inform
sites relying on them about the risk they take with Veri$ign and do advise 
others to take smilar actions so we hurt them through their wallet.


 All email sent to me is bound to the rules described on my homepage.
    hvdkooij () vanderkooij org         http://hvdkooij.xs4all.nl/
            Don't meddle in the affairs of sysadmins,
            for they are subtle and quick to anger.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]