[ISN] Digital certificate authority suspends ops following breach

From: InfoSec News <alerts_at_private>
Date: Fri, 9 Dec 2011 03:14:47 -0600 (CST)
http://www.theregister.co.uk/2011/12/08/certificate_authority_hacked/

By Dan Goodin in San Francisco
The Register
8th December 2011

Websites belonging to a Netherlands-based issuer of digital certificates 
were unavailable following reports hackers penetrated their security and 
accessed databases that should have been off limits.

Dutch telecommunications giant KPN issued a statement (translation here) 
that said it temporarily shut the website of it's Gemnet subsidiary 
while it investigated the hack. A second website belonging to a KPN 
subsidiary that issues digital certificates to the Dutch government was 
also taken down.

The breach, which was first reported by Webwereld journalist Brenno de 
Winter, is the latest to compromise one of the several hundred online 
businesses authorized to mint digital certificates millions of websites 
and government and corporate networks rely on to shield communications 
from eavesdroppers. In August, another Netherlands-based certificate 
authority also suspended operations after it issued a fraudulent secure 
sockets layer certificate for Google.

DigiNotar eventually went bankrupt after an investigation revealed that 
shoddy security led to the issuance of dozens of counterfeit 
credentials, including one for Google Mail that was used to target more 
than 300,000 people accessing their Gmail accounts.

[...]


_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn
Received on Fri Dec 09 2011 - 01:14:47 PST

This archive was generated by hypermail 2.2.0 : Fri Dec 09 2011 - 01:12:40 PST