You really have to question the Dutch government here. What kind of review (If any) did they do before approving them to issue government certs? Even now, they have asked Microsoft to hold off releasing the patch to Windows Update for the Netherlands.
...Tim From: Jon Harris [mailto:[email protected]] Sent: Tuesday, September 06, 2011 3:36 PM To: NT System Admin Issues Subject: Re: DigiNotar compromise Ah but maybe the lawsuits are about to start. Even the Dutch government is now pulling the plug on their Certs. Since DigiNotar has been closed mouthed about the extent of the hack and even may have mislead people as to not only the extent of the hack but the probable start date for the initial hack I would hope the rest of their business including the digital signature business would go away as well. I wonder since they say that root was save and secure if it really was and how many documents got a forged digital signature. Jon Harris On Tue, Sep 6, 2011 at 5:09 PM, Andrew S. Baker <[email protected]<mailto:[email protected]>> wrote: Hi Tim, Perhaps you should say, "former CA" They'll be dead before the paint dries on this investigation. BTW, this is one reason why I never buy it that any particular vendor is likely to be secure or robust or whatever because of the line of business they're in. Just because they're a bank, hospital, security vendor, CA, etc, doesn't mean that they're doing all the right things. DigiNotar had every reason (except short-term profits) to pursue an effective security strategy, but didn't. And now their profits have ended, too... ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market... On Tue, Sep 6, 2011 at 4:01 PM, Tim Evans <[email protected]<mailto:[email protected]>> wrote: If this is true, I find this absolutely unacceptable that a commercial CA would run a system like this. Incredible http://computer-forensics.sans.org/blog/2011/09/06/diginotar-incident-response-report-no-logging-weak-password-no-protected-network Tim Evans Associate, Information Technology Manager S P A R L I N G (206) 667-0509<tel:%28206%29%20667-0509>-Direct (206) 391-8004<tel:%28206%29%20391-8004>-Mobile www.sparling.com<http://www.sparling.com> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
