What would happen if you paid taxes or protection money but didn’t get protected because your protectors themselves were getting clobbered? Worse still, what if they didn’t tell you they had been compromised and that you might not be safe? That situation played out recently after yet another company suffered a system breach and kept largely silent on the matter. That company was VeriSign. It’s a certificate authority, meaning it’s one of the issuers of the digital certificates that lie at the heart of our digital lives.
To clarify...
Many people are associating the breach at Verisign, Inc. with the brand of SSL Certificates that Symantec acquired. SSL, or HTTPS encryption, remains today as the most secure method to protect online data in transit.
I work at Symantec and can confirm that the Trust Services (SSL), User Authentication (VIP, PKI, FDS) and other production systems acquired by Symantec were not compromised by the corporate network security breach mentioned in the VeriSign, Inc. quarterly filing.
Read the Symantec blogpost: "How Can We Be So Sure?"
https://www-secure.symantec.com/connect/blogs/how-can-we-be-so-sure
Are Security Vendors Living in Glass Houses?
Posted by: Richard Adhikari February 28, 2012 05:00 AMWhat would happen if you paid taxes or protection money but didn’t get protected because your protectors themselves were getting clobbered? Worse still, what if they didn’t tell you they had been compromised and that you might not be safe? That situation played out recently after yet another company suffered a system breach and kept largely silent on the matter. That company was VeriSign. It’s a certificate authority, meaning it’s one of the issuers of the digital certificates that lie at the heart of our digital lives.
Many people are associating the breach at Verisign, Inc. with the brand of SSL Certificates that Symantec acquired. SSL, or HTTPS encryption, remains today as the most secure method to protect online data in transit.
I work at Symantec and can confirm that the Trust Services (SSL), User Authentication (VIP, PKI, FDS) and other production systems acquired by Symantec were not compromised by the corporate network security breach mentioned in the VeriSign, Inc. quarterly filing.
Read the Symantec blogpost: "How Can We Be So Sure?"
https://www-secure.symantec.com/connect/blogs/how-can-we-be-so-sure