Keep in mind that Globalsign have suspended issuing certificates whilst they conduct an investigation into the hackers claims that he has access their CA.
Of course it's just a claim, and Globalsign appear to have acted appropriately by taking what seems like positive action, but if the claims do turn out to be true, Globalsign aren't exactly a pile high sell cheap SSL vendor. ________________________________ From: Harry Singh [[email protected]] Sent: 07 September 2011 5:38 PM To: NT System Admin Issues Subject: Re: DigiNotar compromise >>While I do get you point about the relative costs for services like digital >>certificates, we have no idea whether or not an appropriate level of revenues >>is being invested back into the security infrastructure. Yes, more expensive >>*should* mean something, but there's no way to be sure that it does. Our >>awareness of a breach doesn't mean it hasn't been going on for quite some >>time... +1 I'm curious to see what will the future (immediate or otherwise) bring to both the business and technology of the CA/SSL cert industry. On Wed, Sep 7, 2011 at 12:32 PM, Andrew S. Baker <[email protected]<mailto:[email protected]>> wrote: Until recently, DigiNotar also had a profitable business model to protect. So did RSA, for that matter. While I do get you point about the relative costs for services like digital certificates, we have no idea whether or not an appropriate level of revenues is being invested back into the security infrastructure. Yes, more expensive *should* mean something, but there's no way to be sure that it does. Our awareness of a breach doesn't mean it hasn't been going on for quite some time... ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market… On Wed, Sep 7, 2011 at 10:57 AM, Ken Schaefer <[email protected]<mailto:[email protected]>> wrote: And yet people ask: “why should I pay $x * 100 for a Verisign/etc. cert vs $x for a DigiNotar/etc. cert”. Yet, I suppose this is capitalism in action. There is not guarantee that Verisign is non-hackable, yet they have a profitable business model to protect. Each of us has to make a tradeoff to decide whether a cheaper price is worth the risk that too cheap a price is compromising due diligence on behalf of the CA From: Ziots, Edward [mailto:[email protected]<mailto:[email protected]>] Sent: Wednesday, 7 September 2011 10:30 PM To: NT System Admin Issues Subject: RE: DigiNotar compromise Honestly, It doesn’t surprise me on this one, I am sure there are others that are just as bad or worse, that will get owned at sometime in the future and the same kind of stuff will be un-earthed. Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:[email protected]<mailto:email%[email protected]> Cell:401-639-3505<tel:401-639-3505> [CISSP_logo] From: Tim Evans [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Tuesday, September 06, 2011 4:02 PM To: NT System Admin Issues Subject: DigiNotar compromise If this is true, I find this absolutely unacceptable that a commercial CA would run a system like this. Incredible http://computer-forensics.sans.org/blog/2011/09/06/diginotar-incident-response-report-no-logging-weak-password-no-protected-network Tim Evans Associate, Information Technology Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England Registered in England and Wales No. 402570 VAT Registration GB 100 1464 84 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
<<inline: image001.jpg>>
