Security Education: Owning Your Future
December, 15 2011

Barry Cooper, VP Education Services, FishNet Security, Don Donzal, Editor in Chief, EH.Net

Securing enterprise technology is at the forefront of every technology expert's plans for 2012. Having the proper education to do so requires up-to-date training and knowledge to be effective in the fast-changing InfoSec landscape. Career roadmaps are essential for those that wish to succeed. FishNet Security is excited to announce a joint webinar event with EthicalHacker.net to provide insights on the following key elements of a successful education strategy:

• Evolution of white hat hacker education
• Certification review: Security industry
• Certification review: Ethical hacking
• Certification review: Pen testing
• 7Safe offerings review
• CSTA review
• 2012 education incentives

Prepare yourself with an education road map to help take your career to the next level by learning the security education options that are right for you

Company buried fact of 2010 incidents involving its Internet domain service in a fall 2011 financial filing, which came to light only this week

In October 2011, Internet infrastructure firm VeriSign released its usual quarterly report. Buried in the 50-page filing to the SEC was the revelation that the company had been breached multiple times the previous year.

The incidents came to light only today, when news service Reuters found the information during an investigation of whether public companies were disclosing breach incidents in their financial statements. VeriSign's account of the incidents carried few details, and the company refused additional comment.

In the filing, VeriSign stated, "In 2010, the company faced several successful attacks against its corporate network in which access was gained to information on a small portion of our computers and servers. We have investigated and do not believe these attacks breached the servers that support our DNS (Domain Name System) network."

VeriSign manages the Domain Name System for the .com and .net top-level domains, as well as the .name, .cc, and .tv domains. In addition, at the time of the attacks, the company sold and managed a large digital signature service, selling SSL and EV (extended validation) signatures that are used to secure websites and email and to sign code. The Internet security business unit was sold to Symantec in 2010.

Although the announcement comes after the revelation of breaches in 2011 of other Internet infrastructure firms -- such as the now-defunct DigiNotar, rival Comodo, and security giant RSA -- the VeriSign hacks occurred months before those breaches. If VeriSign had disclosed the attacks in 2010, Comodo and other hacked firms might have been able to improve their own security in time to detect the attacks they experienced in 2011, said Melih Abdulhayoglu, Comodo's CEO.

"We would have been on a higher alert, it would have changed a lot of things," Abdulhayoglu noted. "I'm sure that other CAs [certificate authorities] would have taken the hint and done something about it."