Web Security Group Challenges Verizon On Flaw

A web security group challenged Verizon (NYSE: VZ) on the security of encryption software it issued in 2005. The encryption is meant to keep financial data from being hacked.The Electronic Frontier Foundations (EFF) wrote,

We are writing to request that Verizon investigate the security and privacy implications of the SSL CA certificate (serial number 0x40003f1) that Cybertrust (now a division of Verizon) issued to Etisalat on the 19th of December, 2005, and evaluate whether this certificate should be revoked.

As you are aware, Etisalat is a telecommunications company headquartered in the United Arab Emirates. In July 2009, Etisalat issued a mislabeled firmware update to approximately 100,000 of its BlackBerry subscribers that contained malicious surveillance software. Research In Motion subsequently issued patches to remove this malicious code.

The group is concerned that recent pressure bought by the UAE to get encryption data from Research In Motion (NASDAQ: RIMM) could lead to exposure of the code to criminal or malicious parties.

In other words, Blackberry users around the world now have a reason to be paranoid about the security of the service and the messages and e-mails that they send through RIM servers.

Douglas A. McIntyre