Security News > 2010 > June > VeriSign refutes security vulnerability claim

http://www.tgdaily.com/security-features/50315-verisign-refutes-security-vulnerability-claim By Aharon Etengoff TG Daily 22nd Jun 2010 VeriSign has denied claims of an alleged security vulnerability recently identified by Comodo. According to Comodo CEO Melih Abdulhayoglu, the vulnerability could theoretically allow hackers to access VeriSign customer accounts - including a major financial institution - without proper authentication. "The vulnerability involves a simple search for a specific keyword, which then leads to a VeriSign account public access page. So, access to these accounts are only a pass phrase away. Think about it: malicious hackers from Russia or China can simply brute force their way past the password. Remember, security is only as good as its weakest link," Abdulhayoglu told TG Daily. "Unfortunately, VeriSign has not accepted our analysis of the vulnerability. They are not seeing the problem and have told us that (second tier) challenge phrases are surrounded by stringent security and are monitored. But this is certainly not an acceptable policy and that is is the crux of the problem." [...] _________________________________________________________________ Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada July 24-29th, offering over 60 training sessions and 11 tracks of Briefings from security industry elite. To sign up visit http://www.blackhat.com

News URL

http://www.tgdaily.com/security-features/50315-verisign-refutes-security-vulnerability-claim