From 2b4da7183d9092b3a2620c6ff6d3d2735c94feae Mon Sep 17 00:00:00 2001 From: Sven Slootweg Date: Tue, 13 Sep 2016 07:23:17 +0200 Subject: [PATCH] Add VeriSign code signing incident in 2003 --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 5601863..3d2e935 100644 --- a/README.md +++ b/README.md @@ -98,6 +98,7 @@ This list is sorted alphabetically by the names of the Certificate Authorities. ### Verisign (CA is now owned by Symantec) +* __March 2003:__ VeriSign is found to have issued a fraudulent code signing certificate in the name of Microsoft Corporation. This allows an attacker to pretend that their software was verified and signed by Microsoft. ([source](https://technet.microsoft.com/en-us/library/security/ms01-017.aspx)) * __2010:__ Verisign is compromised, and undisclosed information is obtained by the attackers. ([source](http://www.reuters.com/article/us-hacking-verisign-idUSTRE8110Z820120202)) ### WoSign