Slashdot Mirror

← Back to Stories (view on slashdot.org)

Another Dutch CA Hacked

Posted by timothy on Thursday December 8, 2011 @02:13AM from the need-more-fingers-in-these-holes dept.

An anonymous reader writes "After the fiasco involving DigiNotar, another Dutch CA (Gemnet, a daughter of KPN-Telecom) has been hacked and databases were accessed, webwereld.nl reports (Dutch original). The hack was possible because the website was managed using PHP-MyAdmin, and this application allowed database access without a password. The site has been shut down and security checks were ordered."

1 of 152 comments (clear)

Min score:

Reason:

Sort:

CA System - Has Never Worked As Intended. by VortexCortex · 2011-12-08 02:37 · Score: 3, Funny

So, any CA can create a cert for any site (or even EVERY site via *.* -- WHO THOUGHT THIS WAS A GOOD IDEA?!). This means EVERY SINGLE CA must remain 100% secure all the time in order for us to be able to trust the CA system.
Now, this was pointed out from the beginning. "There is not a single point of failure -- No! There are MANY points of failure, any of which means a complete breakdown!"
A web of trust is the only real competing system, and still here we are, not even trying that out on a large scale. Say what you will, but know that all trust tree hierarchies are doomed to fail.
Come at me CA apologists. All your certs aren't belong to you.