Feeds

back to article Verisign admits 2010 hack attack, mum on what was nicked

Verisign has admitted in an SEC filing that it suffered numerous data breaches in 2010, but that management wasn’t informed by staff for nearly a year after they occurred. In the 10-Q filing, the company said that it suffered multiple data breaches during 2010, and that data was stolen. Exactly what is missing the company isn’t …

COMMENTS

This topic is closed for new posts.
Silver badge

"management wasn’t informed by staff for nearly a year after they occurred."

Doesn't sound very likely.

10
0
Silver badge

Contradictions

“The Company’s information security group was aware of the attacks shortly after the time of their occurrence

Really? Then how come senior mgt weren't aware?

I smell bullshit.

1
0
Anonymous Coward

Not a BOFH . . .

If it were a BOFH, management would never have found out about it, and they probably would have wound up down a well somewhere or crushed in a lift. Knowing Symantec, those responsible more closely resemble Laurel and Hardy than Simon and the PFY and did not tell management lest they be terminated.

1
0
Anonymous Coward

re: doesn't sound very likely.

>> management wasn’t informed by staff for nearly a year after they occurred.

> Doesn't sound very likely.

What doesn't sound likely; Verisign was hacked or that, Verisign waited a year to tell anybody, if the latter then why doesn't it sound very likely?

0
0
Gold badge

I'm confused

Which bit of Verisign owns the root certificate for most of the known universe? Symantec's bit or the bit that (presumably) stayed under the Verisign name. Was that bit part of the attack?

0
0
Trollface

This is somehow Microsoft's fault

DNS is so inherently insecure after all, if some hacker can steal sensitive data using vulnerabilities in Adobe products and transmit it pretending to be Windows Update, and spoof update.microsoft.com so instead of it going to an Akamai server network it goes to a botnet. And let's not forget how inherently insecure digital signatures are... even though there probably isn't a line of MS code being used at Verisign....

OK, I got it out of my system. Downvote away. It's 3 PM, I'm fried... :-)

2
2
Silver badge
FAIL

Take your pick:

This story represents:

A) BS in butt-covering amounts

B) an disasterous level of employee communication and managerial control

One of the top security companies in the world gets hacked multiple times, and management doesn't know for a year?!

1
0
Bronze badge

not quite

It shows excellent managerial control, but total lack of everything else.

0
0
Stop

Smells like...

Smells like bullshit. If a company is in the business of security (such as it is on the interwebs), they should know full well when they've been hacked/attacked.

They likely knew about that when it happened but covered it up to keep selling their brand of internet snake oil.

0
0
Bronze badge
Coat

Anyone feel a sense of deja moo?

You know, that feeling you get when you've heard that bull before…?

While not on Diginotar proportions, it doesn't sound good.

1
0
Black Helicopters

This all begs the question...

...why have they decided to spill the beans now?

If they've kept is secret this long, why not continue that way?

Was there another security leak - this time an employee who was going to go public if they didn't?

0
0

Isn't this a sarbox violation?

If I remember the furore around Enron and the Sarbanes-Oxley legislation that was brought in afterwards, one of the key features was that the senior management was required to make sure they became aware of all risks to business continuity and the bottom line.

If the management was not aware they cannot hide behind that. They are still liable for criminal prosecution if the SEC takes the view that investors were not informed of the risk to the business in a timely manner.

Watch this space. If sarbox has teeth and the regulators are serious about keeping things under control then we can expect sanctions against the directors here.

1
0
Silver badge

That would be why they are announcing now.

Because they are announcing now and SEC hasn't gone after them yet, it doesn't count as a violation. Now if SEC had caught them and they still didn't know....

0
0
This topic is closed for new posts.