Exclusive: Verisign, Inc. breach update: Symantec not compromised
Straight from Symantec‘s Blog and an update given to me by a Symantec Employee – Allen Kelley.
Verisign, Inc. breach update: Symantec not compromised
News broke recently that Verisign, Inc. reported in their quarterly SEC filings that they had been victims of a security breach in 2010. At this time, Verisign, Inc. has only confirmed that the incident did not impact their DNSbusiness.
Symantec takes the security and proper functionality of its solutions very seriously.Trust Services (SSL), User Authentication (VIP, PKI, FDS), and other production systems acquired by Symantec were not compromised by the corporate network security breach mentioned in the Verisign, Inc. quarterly filing.Just as Verisign, Inc. stated that there was no impact to their production environment, I stand behind the following statement that Symantec made in response to media questions regarding the 2010 Verisign, Inc. security breach:
Unfortunately, many people are associating the breach at Verisign, Inc. with the brand of SSL Certificates that Symantec acquired, begging the question “Is SSL dead”? SSL, or HTTPS encryption, remains today as the most secure method to protect online data in transit. Symantec Trust Services, and Identity and Authentication solutions continue to provide unparalleled levels of security, not only in terms of our products, but in terms of how we protect the systems that protect you and your customers.
2/3/12 Update – I want to clear up some confusion about the two brands. In 2010, Symantec acquired the security assets listed above from Verisign, not the entire Verisign organization. Verisign Inc. is a separate public company, responsible for the SEC disclosure.
**Update from Allen Kelley (Symantec Employee) and his comment can be found here:
- Verisign – Hacked Multiple Times in 2010 (netsecurityit.wordpress.com) Posted Feb 2, 2012
- Symantec Connect Blog Post: http://www.symantec.com/connect/blogs/verisign-inc-breach-update-symantec-not-compromised
- VeriSign Hacked: What We Don’t Know Might Hurt Us – PCWorld (blog) (pcworld.com)
- VeriSign 2010 Hack: DNS Data Theft A Possibility (informationweek.com)
- Hackers stole data from VeriSign in 2010 (news.cnet.com)