[ISN] VeriSign dead cert causes net instability

From: InfoSec News (isn@private)
Date: Mon Jan 12 2004 - 00:15:48 PST

  • Next message: InfoSec News: "[ISN] Feds relied on 'Cold War' crisis plan in blackout"

    http://www.theregister.co.uk/content/55/34801.html
    
    By John Leyden
    Posted: 09/01/2004 
    
    The expiration of one of VeriSign's master digital certificates on 
    Wednesday created confusion for Net users and glitches to the 
    operation of some applications, notably Norton Anti-Virus (NAV). 
    
    After the cert VeriSign used to sign other certs expired, the chain of 
    trust was broken, leaving some aps unable to set up a secure 
    connection. These apps then defaulted to trying to access Verisign's 
    certificate revocation list server (crl.verisign.com) which, faced 
    with a huge extra load, buckled under the pressure. 
    
    Verisign has posted an advisory on the problem here, detailing server 
    updates needed to resolve application instability. Essentially where 
    there are problems traffic needs to be directed to a new Global Server 
    Intermediate Root CA. 
    
    Users of Java aps and older IE browsers were affected by the issue but 
    (judging by our postbag) NAV users were worst affected. NAV Users saw 
    their computers slow to a crawl and Microsoft office apps not starting 
    properly because of the problem. 
    
    Symantec has posted an explanatory note on the problem which echoes 
    Verisign's advice.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Jan 12 2004 - 02:49:43 PST