Friday, February 3, 2012

More news about security incidents...

During this week there were several hacks and security related events. I'll summarize them here.

First, there was a news that VeriSign was hacked, which is actually quite a big news. Here are some reactions to it. Not much is known what happened or what is a damage. It turns out that the hack happened in 2010. but neither management nor public were notified by technical staff. VeriSign reported incident in SEC filling where Reuters spotted it. What is important is that VeriSign is actually in a security business and it runs two very important services, issuing of SSL certificates and DNS system.


Second incident is related to Anonymous posting a recording of a conference call between FBI, Scotland Yard and some other law enforcement agencies. The conference call was about investigation of Anonymous and other similar groups. The mail message was sent to 44 different addresses across 8 different organizations. Quite a huge number. Apparently, anonymous got hold on the mail from one or more of the recipients of a mail message. The mail message contained also access code and conference call bridge telephone number (BridgeTN). This probably allowed crackers to dial to conference call bridge, enter access code and get into a conference call. Actually easy. The point is that Anonymous didn't intercept the call as many Web pages are screaming!

3 comments:

AllenKelly said...

To be clear, Verisign, Inc. was compromised, not the Verisign security product lines that were acquired by Symantec.

Symantec (my employer) was not compromised.

You can read their blog here:
http://www.symantec.com/connect/blogs/how-can-we-be-so-sure

Stjepan Groš (sgros) said...
This comment has been removed by the author.
Stjepan Groš (sgros) said...

True, but I believe that this post doesn't imply that Symantec was compromised in this case?

About Me

scientist, consultant, security specialist, networking guy, system administrator, philosopher ;)

Blog Archive