11:17 Comodo verisign inform about a serious security holes in the ssl certificate issued by verisign | |
| There are only a few large suppliers of SSL certificates, and two of them - is VeriSign and CoMoDo. Moreover, VeriSign certificates are much more expensive and are positioned in the first place, for the top segment of the market: banks, large portals, government agencies. CoMoDo simpler, operates through an extensive network of resellers and during price wars reduced the value of its certificates (though sold under other brand) to $ 7 per year. Nevertheless, we can say that these two companies on the market SSL - a Coca-Cola and Pepsi-Cola. And now, CoMoDo produces a newsletter, report the presence of a major vulnerability, discovered by them in studying the issue SSL Certificates VeriSign. What is the essence of vulnerability is not disclosed, but argues that CoMoDo VeriSign informed about the presence of gaps recently, on June 23 was sent to a second document, and CoMoDo received a response from VeriSign on the measures taken, but these measures have been disappointing. CoMoDo, at least, expects that VeriSign will inform all its customers about the presence of vulnerability, in order to enable clients to assess risks and take appropriate action. What has been done to date by VeriSign (appearances): button to revoke the certificate "is no longer available on the public site, from June 24. Google no longer gives access to information through domain names, since yesterday. Information on administrators, such as e-mail address is not available on a public website since yesterday. Remains unfulfilled a few more steps, such as access to publicly available lists of qualified domain names. This message is not very clear the nature of vulnerability. Most likely, the competitor was found to revoke illegitimate SSL certificate, and perhaps replace it with new. | |
|
| |
| Total comments: 0 | |