-
Products
-
Home & Home Office
-
E-Commerce
SSL Certificates Email and Identity Code Signing Certificate Authentication PCI Compliance PC Support Email Security Site Seals Endpoint Protection E-Commerce Bundle Includes:
EV SSL
Managed DNS
PCI Scanning
Trust Marks
Vulnerability Scanning
Purchase Protection
Customer Reviews - Small & Medium Business
- Enterprise
- Partners
- Social Media
Video Support Blogs
Inside Scoop
Comodo Notified VeriSign of Major Security Vulnerability and Urges VeriSign to Correct, Remediate and Notify its Customers
Comodo recently requested an independent third-party notify VeriSign of a security vulnerability affecting its customers Web sites, including a major financial institution. While Comodo was not in a position to fully evaluate the scope of the vulnerability, Comodo believed it to be a significant security concern for VeriSign's customers (and users of their customer's Web sites) that rely on secure SSL Digital Certificates to transmit business and personal data.
Comodo urged VeriSign to take immediate steps to correct and remediate the vulnerability and notify all their customers who may be affected by this vulnerability. Comodo followed the Vulnerability Disclosure Guidelines of the Common Computing Security Standards Forum (CCSS) by using an independent third-party as a medium for disclosure. It provided a disclosure document to VeriSign outlining the vulnerability.
VeriSign Underestimated the Problem, Reluctantly Acknowledged Making Some Fixes
Comodo acknowledged that VeriSign has made some recent fixes to its security issues that were identified by Comodo.
"We are pleased to see that some of the security flaws have now been addressed by VeriSign, along with an acknowledgement letter we received today from VeriSign recognizing the problem," said Comodo CEO Melih Abdulhayoglu. "However, in our initial request we asked that VeriSign take immediate steps to correct and remediate the vulnerability and notify all their customers who may be affected by this security vulnerability and I truly hope that those steps have been taken."
Some Fixes Which Have Taken Place
- The revoke option button for SSL certificate functionality is no longer available through the public site, effective June 24th.
- Google is no longer making information accessible through domain names, effective yesterday
Administrator details such as emails are no longer visible on the public site, effective yesterday
However, there are still issues that need to be addressed, such as publicly accessible lists of fully qualified domain names.
-
Speak with an expert now
USA :
1-888-256-2608International :
1-703-637-9361
Featured Client
Verify and secure your site with COMODO. Get your SSL Certificate FAST, Order instantly and easily!. Our SSL is fully trusted by all known browsers.
Comodo Antivirus protection makes your PC impervious to viruses. More than 40 million computers protected by Comodo Internet Security software.