[149480] in North American Network Operators' Group
Re: Verisign deep-hacked. For months.
daemon@ATHENA.MIT.EDU (steve pirk [egrep])
Mon Feb 6 01:56:26 2012
In-Reply-To: <CB506D08.34718%zaid@zaidali.com>
From: "steve pirk [egrep]" <steve@pirk.com>
Date: Sun, 5 Feb 2012 22:55:17 -0800
To: Zaid Ali <zaid@zaidali.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Thu, Feb 2, 2012 at 16:42, Zaid Ali <zaid@zaidali.com> wrote:
> That part is ambiguous at the moment since Verisign has not released
> details. Symantec has bought the SSL part of the business and claim that
> the SSL acquired network is not compromised. Sounds like lots of
> assumptions being drawn.
>
> Zaid
>
>
I am thinking it is related to the Chinese hacking of Gmail accounts in the
fall of 2010. Symantic acquired the SSL business in August 2010. The
hacking could have been in the spring for all we know. Google uses Thwate
as it's CA, but Thwate has "Builtin Object Token: Verisign Class 3 Public
Primary Certificate Authority" as it's root.
Seems to me part of the problem was traced back to browsers not checking
revoked certs via the browser CRLs. Didn't some in the chain have revoked
certs still installed?
--
steve pirk
yensid
"father... the sleeper has awakened..." paul atreides - dune
Google+ pirk.com
