While Comodo is not in a position to fully evaluate the scope of the vulnerability, Comodo believes it is a significant security concern for VeriSign's customers (and users of their customer's Web sites) that rely on secure SSL Digital Certificates to transmit business and personal data.
Using publicly available information, Comodo found that a VeriSign customer account of a major financial institution can be easily accessed without authentication. Comodo believes that the vulnerability is not limited to this single account.
Communicating through the independent third party, Comodo urged VeriSign to take immediate steps to correct and remediate the vulnerability and notify all their customers who may be affected by this vulnerability.
"When we uncovered this serious security vulnerability, we knew we had to do the right thing to notify VeriSign immediately to correct the design problem," explained Melih Abdulhayoglu, chief executive officer and founder of Comodo. "With millions of customer's financial transactions at stake, we wasted no time to help correct the problem even though it wasn't ours to begin with."
Comodo followed the Vulnerability Disclosure Guidelines of the Common Computing Security Standards Forum (CCSS) by using an independent third-party as a medium for disclosure. It provided a disclosure document to VeriSign outlining the vulnerability.
Comodo is a leading brand in Internet security. With US Headquarters in New Jersey and global resources in UK, China, India, Ukraine, and Romania, Comodo provides businesses and consumers worldwide with security and trust services, including digital certificates, PCI scanning, desktop security, and remote PC support. Securing online transactions for over 200,000 businesses, and with more than 30 million desktop security software installations, including an award-winning firewall and antivirus software, Comodo is Creating Trust Online'. For more information, visit Comodo's website
About Common Computing Security Standards Forum (CCSS)
The Common Computing Security Standards Forum (CCSS), is a voluntary organization of security vendors, operating system providers, and Internet browser software creators who are working together to mitigate the risk of malware and protect Internet users worldwide. The consortium established guidelines for vendors to follow with respect to vulnerability disclosure, which originated from the Vulnerability Disclosure Framework published on January 13, 2004 by the National Infrastructure Advisory Council. For more information, visit www.ccssforum.org.
Thanks & Regards,
COMODO Media Relations Email: [email protected] Office Tel US: +1 (201) 963 0004 x 4073 Office Tel Europe: +44 (0) 161 8747070 Office Tel India: +91 44 42022829 Fax Europe: +44 (0) 161 8771767 Fax US: 866-334-1641