[cryptography] Another CA hacked, it seems.

Jeffrey Walton noloader at gmail.com
Sat Dec 17 20:54:59 EST 2011


On Thu, Dec 8, 2011 at 11:07 PM, Peter Gutmann
<pgut001 at cs.auckland.ac.nz> wrote:
> Ralph Holz <holz at net.in.tum.de> writes:
>
>>As I said, at this rate we shall have statistically meaningful large
>>numbers of CA hacks by 2013:
>
> KPN is claiming there's nothing to worry about, please move along:
>
> http://translate.google.com/translate?hl=en&sl=auto&tl=en&u=http%3A%2F%2Fforum.kpn.com%2Ft5%2FNews-stream%2FUPDATE-11-30-KPN-sluit-tijdelijk-website-Gemnet%2Fba-p%2F8477

http://www.h-online.com/security/news/item/Dutch-PKI-provider-s-web-site-security-breach-under-investigation-1392605.html:

    The web site of Gemnet, subsidiary of KPN and provider
    of PKI certificates to the Dutch government, succumbed
    to a hacker's attack according to Webwereld reports. It
    appears that the attackers gained access to a database
    on the server managed by a PHPMyAdmin instance which
    was not protected by a password. The attacker then used
    this web access to get to the database without a password.
    The company was informed that it was leaking information
    on Wednesday night and has been taken off the air by
    parent company KPN, who then launched an investigation...

    It also added that Gemnet does not issue digital certificates.
    Gemnet CSP, a separate company that does issue certificates
    for the Dutch government was also taken offline following the
    discovery of the attack...

Its interesting that Gemnet CSP was taken offline. It raises suspicion.



More information about the cryptography mailing list