Why would he name them if he had yet to be detected? Could be just the sort of thing to instill some panic. Imagine the whole CA system deemed untrustworthy overnight.
* * *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market… * On Tue, Sep 6, 2011 at 11:10 PM, Rene de Haas <[email protected]> wrote: > *"UPDATE Tues Sept 6, 14:30 GMT* : The alleged attacker of DigiNotar has > posted an update on PasteBin. He claims that he has access to four other > Certificate Authorities, and he names two of them: StartCom and GlobalSign." > Need to see if this is true of course, bit this could end up even > bigger.... > On Tue, Sep 6, 2011 at 11:09 PM, Andrew S. Baker <[email protected]>wrote: > >> Hi Tim, >> >> Perhaps you should say, "former CA" >> >> They'll be dead before the paint dries on this investigation. >> >> BTW, this is one reason why I never buy it that any particular vendor is >> likely to be secure or robust or whatever because of the line of business >> they're in. Just because they're a bank, hospital, security vendor, CA, >> etc, doesn't mean that they're doing all the right things. >> >> DigiNotar had every reason (except short-term profits) to pursue an >> effective security strategy, but didn't. And now their profits have ended, >> too... >> >> * * >> >> *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of >> Technology for the SMB market… >> >> * >> >> >> >> On Tue, Sep 6, 2011 at 4:01 PM, Tim Evans <[email protected]> wrote: >> >>> If this is true, I find this absolutely unacceptable that a commercial CA >>> would run a system like this. Incredible**** >>> >>> ** ** >>> >>> >>> http://computer-forensics.sans.org/blog/2011/09/06/diginotar-incident-response-report-no-logging-weak-password-no-protected-network >>> **** >>> >>> ** ** >>> >>> ** ** >>> >>> Tim Evans >>> *Associate, Information Technology Manager* >>> >>> *S P A R L I N G* >>> >>> (206) 667-0509*—Direct >>> *(206) 391-8004*—**Mobile >>> **www.sparling.com***** >>> >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
