Until recently, DigiNotar also had a profitable business model to protect. So did RSA, for that matter.
While I do get you point about the relative costs for services like digital certificates, we have no idea whether or not an appropriate level of revenues is being invested back into the security infrastructure. Yes, more expensive *should* mean something, but there's no way to be sure that it does. Our awareness of a breach doesn't mean it hasn't been going on for quite some time... * * *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market… * On Wed, Sep 7, 2011 at 10:57 AM, Ken Schaefer <[email protected]> wrote: > And yet people ask: “why should I pay $x * 100 for a Verisign/etc. cert > vs $x for a DigiNotar/etc. cert”. **** > > ** ** > > Yet, I suppose this is capitalism in action. There is not guarantee that > Verisign is non-hackable, yet they have a profitable business model to > protect. Each of us has to make a tradeoff to decide whether a cheaper price > is worth the risk that too cheap a price is compromising due diligence on > behalf of the CA**** > > ** ** > > *From:* Ziots, Edward [mailto:[email protected]] > *Sent:* Wednesday, 7 September 2011 10:30 PM > > *To:* NT System Admin Issues > *Subject:* RE: DigiNotar compromise**** > > ** ** > > Honestly, **** > > ** ** > > It doesn’t surprise me on this one, I am sure there are others that are > just as bad or worse, that will get owned at sometime in the future and the > same kind of stuff will be un-earthed. **** > > ** ** > > Z**** > > ** ** > > Edward E. Ziots**** > > CISSP, Network +, Security +**** > > Security Engineer**** > > Lifespan Organization**** > > Email:[email protected]**** > > Cell:401-639-3505**** > > [image: CISSP_logo]**** > > ** ** > > *From:* Tim Evans [mailto:[email protected]] > *Sent:* Tuesday, September 06, 2011 4:02 PM > *To:* NT System Admin Issues > *Subject:* DigiNotar compromise**** > > ** ** > > If this is true, I find this absolutely unacceptable that a commercial CA > would run a system like this. Incredible**** > > ** ** > > > http://computer-forensics.sans.org/blog/2011/09/06/diginotar-incident-response-report-no-logging-weak-password-no-protected-network > **** > > ** ** > > ** ** > > Tim Evans > *Associate, Information Technology Manager* > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
<<image001.jpg>>
