Slashdot Mirror

← Back to Stories (view on slashdot.org)

Another Dutch CA Hacked

Posted by timothy on from the need-more-fingers-in-these-holes dept.

An anonymous reader writes "After the fiasco involving DigiNotar, another Dutch CA (Gemnet, a daughter of KPN-Telecom) has been hacked and databases were accessed, webwereld.nl reports (Dutch original). The hack was possible because the website was managed using PHP-MyAdmin, and this application allowed database access without a password. The site has been shut down and security checks were ordered."

5 of 152 comments (clear)

  1. Lets play 'Pass The Blame!....' by EasyTarget · · Score: 4, Informative

    this application allowed database access without a password

    Nope, it doesn't.. not unless configured by a really clueless person, or (this being Holland) by someone who really couldn't give a f**k while being mis-managed by someone determined to spend as little as possible, or hopefully less.

    (disclaimer; I'm a sysadmin who runs, amongst many other things, a MySQL server + PHPmyadmin for my company in the Netherlands, I do it properly but that's only because I care, nobody has ever checked..)

    --
    "Oops, I always forget the purpose of competition is to divide people into winners and losers." - Hobbes
    1. Re:Lets play 'Pass The Blame!....' by johnkoer · · Score: 3, Informative

      not unless configured by a really clueless person

      I think that is what was being implied by the summary. When I read it, I didn't assume that that was how PHPmyadmin came out of the box. They probably should have used better wording like "nd this application was configured to allow database access without a password", to ensure they got the correct point across.

      --
      Johnkoerner.com
  2. Re:Web Admin of the Year by ledow · · Score: 4, Informative

    Ignoring that - they had internal documents that were accessible from their web/database server. Everything else defies belief too but really wouldn't have mattered that much if it had been ONLY their web db that was accessed.

  3. Summary is misleading by Barefoot+Monkey · · Score: 4, Informative

    The hack was possible because the website was managed using PHP-MyAdmin, and this application allowed database access without a password.

    That's a bit misleading. From what I gather the hack was possible because the database was configured to allow access without a password. Considering that, whether or not PHPMyAdmin is appropriate is a tiny matter by comparison. The summary makes it sound like PHPMyAdmin is to blame.

  4. KPN revokes certificates by lbalbalba · · Score: 1, Informative

    In response to the news, Gemnet's parent company KPN, has revoked a thousand certificates. Dutch original