And yet people ask: "why should I pay $x * 100 for a Verisign/etc. cert vs $x for a DigiNotar/etc. cert".
Yet, I suppose this is capitalism in action. There is not guarantee that Verisign is non-hackable, yet they have a profitable business model to protect. Each of us has to make a tradeoff to decide whether a cheaper price is worth the risk that too cheap a price is compromising due diligence on behalf of the CA From: Ziots, Edward [mailto:[email protected]] Sent: Wednesday, 7 September 2011 10:30 PM To: NT System Admin Issues Subject: RE: DigiNotar compromise Honestly, It doesn't surprise me on this one, I am sure there are others that are just as bad or worse, that will get owned at sometime in the future and the same kind of stuff will be un-earthed. Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:[email protected] Cell:401-639-3505 [CISSP_logo] From: Tim Evans [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Tuesday, September 06, 2011 4:02 PM To: NT System Admin Issues Subject: DigiNotar compromise If this is true, I find this absolutely unacceptable that a commercial CA would run a system like this. Incredible http://computer-forensics.sans.org/blog/2011/09/06/diginotar-incident-response-report-no-logging-weak-password-no-protected-network Tim Evans Associate, Information Technology Manager S P A R L I N G (206) 667-0509-Direct (206) 391-8004-Mobile www.sparling.com<http://www.sparling.com> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
<<inline: image001.jpg>>
