Hi Tim, Perhaps you should say, "former CA"
They'll be dead before the paint dries on this investigation. BTW, this is one reason why I never buy it that any particular vendor is likely to be secure or robust or whatever because of the line of business they're in. Just because they're a bank, hospital, security vendor, CA, etc, doesn't mean that they're doing all the right things. DigiNotar had every reason (except short-term profits) to pursue an effective security strategy, but didn't. And now their profits have ended, too... * * *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market… * On Tue, Sep 6, 2011 at 4:01 PM, Tim Evans <[email protected]> wrote: > If this is true, I find this absolutely unacceptable that a commercial CA > would run a system like this. Incredible**** > > ** ** > > > http://computer-forensics.sans.org/blog/2011/09/06/diginotar-incident-response-report-no-logging-weak-password-no-protected-network > **** > > ** ** > > ** ** > > Tim Evans > *Associate, Information Technology Manager* > *S P A R L I N G* > > (206) 667-0509*—Direct > *(206) 391-8004*—**Mobile > **www.sparling.com***** > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
