VeriSign Rejected Comodo Claims of Flaw in SSL Certification

Latest news
PC Virus Attacks IU Health Goshen Hospital Server Unusual Malware Obtainable from Romanian Social Welfare Website Ascend Media Litigated by Facebook for Malware and Scam FDA Employees File Lawsuit, Claiming the Agency Used Spyware against Them Sheriff Cautions Grant County Citizens about New Phishing E-mail

Support our Sponsors

uClip Clipping Path Service

Main Menu

Resources

Login
Username Password Remember Me Forgot your password? Forgot your username? Create an account

Syndicate

Popular
Amazon Accountholders get Fresh Phishing E-mail Enterprises Facilitated through Malware Circulation in Government Cyber-criminals Execute e-Payment Malware Assault Eleven Survey Rated Spam the Biggest E-mail Security Threat in Ten Years Websites Diverting End-users onto ‘Blackhole’ Increasing Within Russia: ESET

Trampolines usa

VeriSign Rejected Comodo Claims of Flaw in SSL Certification

Written by Administrator

Monday, 05 July 2010 05:00

Comodo, the well-known manufacturer of Firewall, has announced that they discovered a vulnerability in the VeriSign SSL certification and informed about the flaw to VeriSign.

The vulnerability exists in the web pages used for processing customer security certificates. The revelation made by Comodo has put some big names on Internet at great risk of many targeted attacks.

Melih Abdulhayoglu, CEO, Comodo, said that the web pages, which could be accessed publicly, disclosed sensitive information of VeriSign customers - the Commonwealth of Massachusetts and the Bank of America, as reported by The Register on June 24, 2010.

Abdulhayoglu further said that VeriSign exposed the e-mail addresses of security certificate managers as well as a big list of addresses that employed secure sockets layer protection. The exposition of critical information has put the big names at high risk of facing targeted phishing assaults.

The vulnerability includes an easy search for specific keyword that takes the user to a VeriSign account public access page.

The access to these accounts merely pass phrase away. Hackers from China and Russia can make way to pass the password. The users should remember that the strength of security depends on its weakest link, said Abdulhayoglu.

A VeriSign spokesperson stated that Comodo hadn't announced the vulnerability. In fact, it hadn't discovered any vulnerability, as reported by TG Daily on June 22, 2010.

VeriSign sent a reply to Comodo saying that the organization was thankful for bringing this to its notice, but the information accessed belonged to the public and could be found in multiple ways. The pages discovered by Comodo were mere the public portals of customers' authenticated work to be performed, as reported by Techie Buzz on June 23, 2010.

Due to their nature, these pages could be accessed publicly and therefore, the accessibility of these web pages does not create any serious security flaw, said VeriSign spokesperson.

Commenting on the dispute, the security experts said that the main reason for such a harsh response from VeriSign was the competition between Comodo and VeriSign in the field of digital certificate business. If VeriSign accepted the exploit, it would have raised question on its position as the unchallenged certification authority.

Read full article...