nanog mailing list archives
Re: Verisign deep-hacked. For months.
From: "steve pirk [egrep]" <steve () pirk com>
Date: Sun, 5 Feb 2012 22:55:17 -0800
On Thu, Feb 2, 2012 at 16:42, Zaid Ali <zaid () zaidali com> wrote:
That part is ambiguous at the moment since Verisign has not released details. Symantec has bought the SSL part of the business and claim that the SSL acquired network is not compromised. Sounds like lots of assumptions being drawn. Zaid
I am thinking it is related to the Chinese hacking of Gmail accounts in the fall of 2010. Symantic acquired the SSL business in August 2010. The hacking could have been in the spring for all we know. Google uses Thwate as it's CA, but Thwate has "Builtin Object Token: Verisign Class 3 Public Primary Certificate Authority" as it's root. Seems to me part of the problem was traced back to browsers not checking revoked certs via the browser CRLs. Didn't some in the chain have revoked certs still installed? -- steve pirk yensid "father... the sleeper has awakened..." paul atreides - dune Google+ pirk.com
Current thread:
- Verisign deep-hacked. For months. Jay Ashworth (Feb 02)
- Re: Verisign deep-hacked. For months. Zaid Ali (Feb 02)
- Re: Verisign deep-hacked. For months. Suresh Ramasubramanian (Feb 02)
- Re: Verisign deep-hacked. For months. Jeff Wheeler (Feb 02)
- Re: Verisign deep-hacked. For months. Jay Ashworth (Feb 03)
- Re: Verisign deep-hacked. For months. Rubens Kuhl (Feb 03)
- Re: Verisign deep-hacked. For months. Zaid Ali (Feb 02)
- Re: Verisign deep-hacked. For months. steve pirk [egrep] (Feb 05)
- Re: Verisign deep-hacked. For months. Suresh Ramasubramanian (Feb 02)
- Re: Verisign deep-hacked. For months. Zaid Ali (Feb 02)
- Re: Verisign deep-hacked. For months. Randy Bush (Feb 02)