back to article Verisign admits 2010 hack attack, mum on what was nicked

Verisign has admitted in an SEC filing that it suffered numerous data breaches in 2010, but that management wasn’t informed by staff for nearly a year after they occurred. In the 10-Q filing, the company said that it suffered multiple data breaches during 2010, and that data was stolen. Exactly what is missing the company isn’ …


This topic is closed for new posts.
  1. moiety

    "management wasn’t informed by staff for nearly a year after they occurred."

    Doesn't sound very likely.

    1. Gordon 10 Silver badge


      “The Company’s information security group was aware of the attacks shortly after the time of their occurrence

      Really? Then how come senior mgt weren't aware?

      I smell bullshit.

    2. Anonymous Coward
      Anonymous Coward

      Not a BOFH . . .

      If it were a BOFH, management would never have found out about it, and they probably would have wound up down a well somewhere or crushed in a lift. Knowing Symantec, those responsible more closely resemble Laurel and Hardy than Simon and the PFY and did not tell management lest they be terminated.

    3. Anonymous Coward
      Anonymous Coward

      re: doesn't sound very likely.

      >> management wasn’t informed by staff for nearly a year after they occurred.

      > Doesn't sound very likely.

      What doesn't sound likely; Verisign was hacked or that, Verisign waited a year to tell anybody, if the latter then why doesn't it sound very likely?

  2. Ken Hagan Gold badge

    I'm confused

    Which bit of Verisign owns the root certificate for most of the known universe? Symantec's bit or the bit that (presumably) stayed under the Verisign name. Was that bit part of the attack?

  3. Gordon Fecyk

    This is somehow Microsoft's fault

    DNS is so inherently insecure after all, if some hacker can steal sensitive data using vulnerabilities in Adobe products and transmit it pretending to be Windows Update, and spoof so instead of it going to an Akamai server network it goes to a botnet. And let's not forget how inherently insecure digital signatures are... even though there probably isn't a line of MS code being used at Verisign....

    OK, I got it out of my system. Downvote away. It's 3 PM, I'm fried... :-)

  4. Marketing Hack Silver badge

    Take your pick:

    This story represents:

    A) BS in butt-covering amounts

    B) an disasterous level of employee communication and managerial control

    One of the top security companies in the world gets hacked multiple times, and management doesn't know for a year?!

    1. Anonymous Coward
      Anonymous Coward

      not quite

      It shows excellent managerial control, but total lack of everything else.

  5. Tankboy

    Smells like...

    Smells like bullshit. If a company is in the business of security (such as it is on the interwebs), they should know full well when they've been hacked/attacked.

    They likely knew about that when it happened but covered it up to keep selling their brand of internet snake oil.

  6. Anonymous Coward

    Anyone feel a sense of deja moo?

    You know, that feeling you get when you've heard that bull before…?

    While not on Diginotar proportions, it doesn't sound good.

  7. Cyberspy
    Black Helicopters

    This all begs the question...

    ...why have they decided to spill the beans now?

    If they've kept is secret this long, why not continue that way?

    Was there another security leak - this time an employee who was going to go public if they didn't?

  8. Brian O'Byrne

    Isn't this a sarbox violation?

    If I remember the furore around Enron and the Sarbanes-Oxley legislation that was brought in afterwards, one of the key features was that the senior management was required to make sure they became aware of all risks to business continuity and the bottom line.

    If the management was not aware they cannot hide behind that. They are still liable for criminal prosecution if the SEC takes the view that investors were not informed of the risk to the business in a timely manner.

    Watch this space. If sarbox has teeth and the regulators are serious about keeping things under control then we can expect sanctions against the directors here.

    1. Tom 13

      That would be why they are announcing now.

      Because they are announcing now and SEC hasn't gone after them yet, it doesn't count as a violation. Now if SEC had caught them and they still didn't know....

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019