[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] VeriSign 2010 Hack: DNS Data Theft A Possibility



http://www.informationweek.com/news/security/attacks/232600151

By Mathew J. Schwartz
InformationWeek
February 02, 2012

Several successful hacks of VeriSign's network, in 2010, might have compromised critical information relating to the Internet's domain name system (DNS).

According to information released by VeriSign in October 2011, "we have investigated and do not believe these attacks breached the servers that support our domain name system network." But the company didn't rule out that information relating to the DNS network wasn't stolen in the attacks, which occurred before some assets of the company were acquired by Symantec in 2010.

VeriSign helps manage the DNS--which enables IP addresses to be mapped to textual website names--as well as the ".com" top-level domain. But the company also provides user authentication services, offers website security services, conducts cybercrime research, and signs code, to authenticate updates from such software vendors as Microsoft and Adobe, as well as for Java.

Thursday, however, Symantec said that the attackers definitely hadn't accessed certain critical systems. "The Trust Services (SSL), User Authentication (VIP), and other production systems acquired by Symantec were not compromised by the corporate network security breach mentioned in the VeriSign Inc. quarterly filing," spokeswoman Nicole Kenyon said via email. "Symantec takes the security and proper functionality of its solutions very seriously."

[...]


_____________________________________________________
Did a friend send you this article? Make it your
New Year's Resolution to subscribe to InfoSec News!
http://www.infosecnews.org/mailman/listinfo/isn