From 2b4da7183d9092b3a2620c6ff6d3d2735c94feae Mon Sep 17 00:00:00 2001
From: Sven Slootweg <admin@cryto.net>
Date: Tue, 13 Sep 2016 07:23:17 +0200
Subject: [PATCH] Add VeriSign code signing incident in 2003

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 5601863..3d2e935 100644
--- a/README.md
+++ b/README.md
@@ -98,6 +98,7 @@ This list is sorted alphabetically by the names of the Certificate Authorities.
 
 ### Verisign (CA is now owned by Symantec)
 
+* __March 2003:__ VeriSign is found to have issued a fraudulent code signing certificate in the name of Microsoft Corporation. This allows an attacker to pretend that their software was verified and signed by Microsoft. ([source](https://technet.microsoft.com/en-us/library/security/ms01-017.aspx))
 * __2010:__ Verisign is compromised, and undisclosed information is obtained by the attackers. ([source](http://www.reuters.com/article/us-hacking-verisign-idUSTRE8110Z820120202))
 
 ### WoSign