[cryptography] Another CA hacked, it seems.
noloader at gmail.com
Sat Dec 17 20:54:59 EST 2011
On Thu, Dec 8, 2011 at 11:07 PM, Peter Gutmann
<pgut001 at cs.auckland.ac.nz> wrote:
> Ralph Holz <holz at net.in.tum.de> writes:
>>As I said, at this rate we shall have statistically meaningful large
>>numbers of CA hacks by 2013:
> KPN is claiming there's nothing to worry about, please move along:
The web site of Gemnet, subsidiary of KPN and provider
of PKI certificates to the Dutch government, succumbed
to a hacker's attack according to Webwereld reports. It
appears that the attackers gained access to a database
on the server managed by a PHPMyAdmin instance which
was not protected by a password. The attacker then used
this web access to get to the database without a password.
The company was informed that it was leaking information
on Wednesday night and has been taken off the air by
parent company KPN, who then launched an investigation...
It also added that Gemnet does not issue digital certificates.
Gemnet CSP, a separate company that does issue certificates
for the Dutch government was also taken offline following the
discovery of the attack...
Its interesting that Gemnet CSP was taken offline. It raises suspicion.
More information about the cryptography