VeriSign dead cert causes net instability
Print storyNAV gets lost in translation
Posted in Security, 10th January 2004 02:13 GMT
Free whitepaper – Securing your Microsoft Internet Information Services (MS IIS) web server
The expiration of one of VeriSign's master digital certificates on Wednesday created confusion for Net users and glitches to the operation of some applications, notably Norton Anti-Virus (NAV).
After the cert VeriSign used to sign other certs expired, the chain of trust was broken, leaving some aps unable to set up a secure connection. These apps then defaulted to trying to access Verisign's certificate revocation list server (crl.verisign.com) which, faced with a huge extra load, buckled under the pressure.
Verisign has posted an advisory on the problem here, detailing server updates needed to resolve application instability. Essentially where there are problems traffic needs to be directed to a new Global Server Intermediate Root CA.
Users of Java aps and older IE browsers were affected by the issue but (judging by our postbag) NAV users were worst affected. NAV Users saw their computers slow to a crawl and Microsoft office apps not starting properly because of the problem.
Symantec has posted an explanatory note on the problem which echoes Verisign's advice. ®
Free whitepaper – Securing your Microsoft Internet Information Services (MS IIS) web server
Airport insecurity: the case of lost laptops
Jump start your Application Security initiatives
Reducing messaging and web security costs with managed services
Avoiding 7 common mistakes of IT security compliance
Extended Validation SSL Certificates
Feds: Hospital hacker's 'massive' DDoS averted
Buggy 'smart meters' open door to power-grid botnet
Microsoft knew of nasty IE bug a year before attacks
BlockMaster SafeStick hardware-encrypted USB drive