In what could be termed as a rather shocking disclosure, VeriSign - the worldwide authentication services provide, admitted of suffering from a handful of data breaches during 2010.
The company executives however defended themselves by stating that their management team was informed by the staff one year after the data breaches had occurred. Needless to say, this revelation by VeriSign has indeed raised some serious questions regarding the security aspects of the Internet.
Apparently, VeriSign, after coming to know about the hacking attack, did not take any initiative for informing the customers about the threat. Neither did its IT staff care to convey the severity of the breaches to the higher management teams. Instead VeriSign labelled the hacking attack as another lunatic act by cyber criminals and attempted to dump the matter by furtively reporting it in Securities and Exchange Commission and did not create a fuss about it.
"...It is shocking that administrators responded to the attacks when they occurred, but did not notify senior management until September 201", Jonathan Gossels, CEO of SystemExperts Corporation told Help Net Security.
Experts are of the opinion that if the attackers were able to hack into VeriSign's DNS servers then the security of all the users and websites who have acquired services from VeriSign directly or indirectly may have been subject to varying types of attacks such as man-in-the-middle, malware infections, password stealing, etc.
But, VeriSign said that they believe its DNS system information is intact and no compromise has taken place in these systems.
VeriSign said its executives "do not believe these attacks breached the servers that support our Domain Name System network," reports Reuters.