On Thu, Dec 8, 2011 at 11:07 PM, Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote: > Ralph Holz <h...@net.in.tum.de> writes: > >>As I said, at this rate we shall have statistically meaningful large >>numbers of CA hacks by 2013: > > KPN is claiming there's nothing to worry about, please move along: > > http://translate.google.com/translate?hl=en&sl=auto&tl=en&u=http%3A%2F%2Fforum.kpn.com%2Ft5%2FNews-stream%2FUPDATE-11-30-KPN-sluit-tijdelijk-website-Gemnet%2Fba-p%2F8477
http://www.h-online.com/security/news/item/Dutch-PKI-provider-s-web-site-security-breach-under-investigation-1392605.html: The web site of Gemnet, subsidiary of KPN and provider of PKI certificates to the Dutch government, succumbed to a hacker's attack according to Webwereld reports. It appears that the attackers gained access to a database on the server managed by a PHPMyAdmin instance which was not protected by a password. The attacker then used this web access to get to the database without a password. The company was informed that it was leaking information on Wednesday night and has been taken off the air by parent company KPN, who then launched an investigation... It also added that Gemnet does not issue digital certificates. Gemnet CSP, a separate company that does issue certificates for the Dutch government was also taken offline following the discovery of the attack... Its interesting that Gemnet CSP was taken offline. It raises suspicion. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography