ICANN/GNSO GNSO Email List Archives

[ga]

<<< Chronological Index >>>    <<< Thread Index >>>

[ga] Rogue SSL certificate exploit puts VeriSign on the spot

  • To: Ga <ga@xxxxxxxxxxxxxx>
  • Subject: [ga] Rogue SSL certificate exploit puts VeriSign on the spot
  • From: "Jeffrey A. Williams" <jwkckid1@xxxxxxxxxxxxx>
  • Date: Tue, 06 Jan 2009 21:11:52 -0800
All,

  Seems that Verisign hasn't been paying proper attention or
listening on security issues for nearly 2 years now.  Verisign
WAS informed of this potential exposure over a year and a half
ago, and sluffed those warnings as not significant.  Bad decision!

See:
http://www.networkworld.com/news/2009/010609-verisign-ssl-certificate-exploit.html?netht=rn_010609&nladname=010609

  One now would be wise to seriously wonder how many financial
institutes
both inside and outside of the US have been exposed, are exposed, and
customers may have been damaged or had their identities compromised as a

result?

Jonathon and Chuck, although I am a fan of Verisign and have received
many flame Emails as a result, I regretfully must inform you that I have

advised all our customers that are using or had been using Verisign
Certs, to discontinue doing so for any critical or privacy related
and/or
sensitive data available to their customers, and some of these
organizations
that are our customers as well, are financial institutions.

  I have also made the recomendation to all INEGroup members that
use Versign Certs that are either MD5 or SHA1 certs, discontinue
doing so immediately until such time that Verisign has fully and
properly made the necessary adjustments and corrections and
replace these type of very old certs with much more current state
of the technology certs.

Regards,

Spokesman for INEGroup LLA. - (Over 284k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln
"YES WE CAN!"  Barack ( Berry ) Obama

"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS.
div. of Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402 E-Mail
jwkckid1@xxxxxxxxxxxxx
My Phone: 214-244-4827
<<< Chronological Index >>>    <<< Thread Index >>>