VeriSign To Buy GeoTrust, Combining Top SSL Providers

VeriSign, Inc. will acquire its leading competitor in the market for SSL certificates, GeoTrust Inc., for $125 million in cash, the two companies said today. The deal will solidify VeriSign's dominant position in the market for SSL certificates, which are used to secure web sites for Internet e-commerce. The acquisition is subject to regulatory approvals, and is expected to close in the second half of this year, the companies said.

SSlMarket2.pngVeriSign certificates secure approximately 45 percent of the SSL-enabled sites on the Internet, while GeoTrust certificates are found on 27 percent, according to Netcraft's SSL Survey, which provides detailed analysis of trends in the SSL market. The companies have both announced their support for a new tier of high-security SSL certificates for e-commerce sites, expected to be introduced later this year.

This is the second time VeriSign has acquired its primary competitor in the SSL certificate market. In December 1999 VeriSign paid $575 million to buy Thawte, a South African company that gained popularity by selling certificates at lower prices. At the time the deal was announced, Thawte had a 38.5 percent share of all SSL-enabled sites, to 49 percent for VeriSign - meaning the deal gave VeriSign nearly 88 percent market share.

GeoTrust has been the strongest performer in the SSL market over the past several years, supported by a network of more than 9,000 resellers in 140 countries, including many of the world's major web hosting companies. That reseller channel will complement VeriSign's direct-sales SSL business, currently serving more than 3,000 enterprises worldwide.

Continue reading

Blue Security Shuts Down, Citing DDoS Attacks

The founder of Blue Security says it has shut down its anti-spam service, citing the impact of powerful DDoS attacks on its web site that began in late April. "After recovering from the attack, we determined that once we reactivated the Blue Community, spammers would resume their attacks." the company said on its web site. "We cannot take the responsibility for an ever-escalating cyber war through our continued operations."

When Blue Security's web site was hit by a distributed denial of service attack attack (DDoS) on May 1, the company temporarily repointed www.bluesecurity.com to a blog on Six Apart's TypePad service. The DDoS shifted to the TypePad blog, knocking all of Six Apart's web sites offline for eight hours. The attacks also caused caused network outages for Tucows, which provided Blue Security's DNS service.

Blue Security's web site was unavailable for an extended period on Sunday and Monday, and again this morning, as shown on this performance chart:

bluesecuritymay17.png

A dynamically updating chart of Blue Security's web site performance is available. Netcraft offers a web site performance monitoring service that provides similar charts, along with e-mail alerts when an outage occurs.

Continue reading

Domain Registrar Joker Hit by DDoS

Domain registrar Joker.com says its nameservers are under attack, causing outages for customers. More than 550,000 domains are registered with Joker, which is based in Germany. Any of those domains that use Joker's DNS servers are likely to be affected.

"Joker.com currently experiences massive distributed denial of service attacks against nameservers," the registrar says in an advisory on its home page. "This affects DNS resolution of Joker.com itself, and also domains which make use of Joker.com nameservers. We are very sorry for this issue, but we are working hard for a permanent solution."

Continue reading

Bot Authors Targeting phpBB Forums

Bots are registering user accounts on thousands of phpBB forums across the Internet, raising concerns that the bot's authors are laying the groundwork for mass exploitation down the road. The activity of a bot named FuntKlakow was discussed in a Digg thread Sunday, with many forum owners confirming that FuntKlakow had created accounts and even posted simplistic messages ("O How nice" and "Wow that is cool").

FuntKlakow's post signatures have included links to proxy surfing and "traffic generator" services, raising the prospect that its goal may be spam rather than exploits. But as noted on a German site that issued an early warning about the bot's behavior, "the next time the phpBB announces a critical vulnerability, the bot would have everything ready (just a post click away) from attacking thousands of sites/forums." Google searches suggested the bot may have created accounts on as many as 33,000 forums.

Continue reading

Chinese Bank’s Server Used in Phishing Attacks on US Banks

A web server belonging to a state-operated Chinese bank is hosting phishing sites targeting U.S. banks and financial institutions. Phishing e-mails sent on Saturday (March 11) targeting customers of Chase Bank and eBay were directed to sites hosted on ip addresses assigned to The China Construction Bank (CCB) Shanghai Branch. The phishing pages are located in hidden directories with the server's main page displaying a configuration error. This is the first instance we have seen of one bank's infrastructure being used to attack another institution.

The attack on Chase offers recipients the chance to earn $20 by filling out a user survey which presents a series of questions about the usability of the Chase online banking site, followed by a request for user ID and password, so the $20 "reward" can be deposited to the proper account. The form also requests the victim's bankcard number, PIN number, card verification number, mother's maiden name and Social Security number. Any data submitted is then sent to a free form processing service (free.allforms.mailjol.net) operated by an Indian company but hosted in the U.S. at NetAccess.

Phishing Page on China Construction Bank Web Server

Continue reading

Hackers Targeting Mambo Security Holes

Hackers are actively seeking out unpatched versions of the Mambo content management system, which recently repaired a serious security hole. The latest exploit attempts target a different vulnerability than the Mare.D worm, which grabbed headlines last month but apparently did limited damage to Mambo sites. Sites running on Mambo should upgrade to the latest version as soon as possible.

On Feb. 24 James Bercegay of GulfTech Security Research announced vulnerabilities in Mambo that could allow a server compromise by a remote attacker, including several methods of an SQL injection attack. Bercegay also found a way for attackers to use Mambo's file inclusion features to breach system security. Last July Bercegay discovered a weakness in XML-RPC libraries used by numerous PHP-based blogging and content management apps.

Continue reading