By Aharon Etengoff
22nd Jun 2010
VeriSign has denied claims of an alleged security vulnerability recently
identified by Comodo.
According to Comodo CEO Melih Abdulhayoglu, the vulnerability could
theoretically allow hackers to access VeriSign customer accounts -
including a major financial institution - without proper authentication.
"The vulnerability involves a simple search for a specific keyword,
which then leads to a VeriSign account public access page. So, access to
these accounts are only a pass phrase away. Think about it: malicious
hackers from Russia or China can simply brute force their way past the
password. Remember, security is only as good as its weakest link,"
Abdulhayoglu told TG Daily.
"Unfortunately, VeriSign has not accepted our analysis of the
vulnerability. They are not seeing the problem and have told us that
(second tier) challenge phrases are surrounded by stringent security and
are monitored. But this is certainly not an acceptable policy and that
is is the crux of the problem."
Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada
July 24-29th, offering over 60 training sessions and 11 tracks of Briefings
from security industry elite. To sign up visit http://www.blackhat.com